Security & data handling

Answers to your vendor security review.

These are your prospective clients' confidential communications. Here is what a 2026 law-firm security review usually asks, answered in order.

Who is accountable

Your calls are handled by Intake QA, and we're the single party accountable for them. Your recordings run through our own analysis and transcription models, encrypted in transit and at rest, and are never used to train our models. One person owns your data and your audit: Ali, the founder, ali@plaintiffops.com.

What we need

Recorded intake calls only. Redact names first if you want to.

What we don't need

No signed-client files. No matter documents. No case-management access.

Encryption

Data is encrypted in transit (TLS) and at rest (AES-256). Nothing about your calls travels or sits unencrypted.

Access controls

Firm data is isolated per firm. Access is limited to what's needed to run the service; your confidential audio and transcripts stay inside our systems and are never handed to anyone else.

Retention & deletion

Your audio is deleted the moment it is transcribed, and transcripts and reports are purged within 72 hours of your readout, or immediately if you ask in writing. If you move to a pilot, your data carries over under the pilot agreement, and the same 72-hour purge applies. Your calls are never used to train our models.

Our models

We analyze and transcribe your calls with our own models, over encrypted connections. We do not use your calls, transcripts, or the results to train our models, and we do not sell or share your data. Intake QA does not claim to be SOC 2 certified or HIPAA compliant as a company. We make plain-English commitments and put them in writing.

DPA & NDA

A data-processing agreement (DPA) is available on request, and we'll sign your NDA, or work from your firm's own paper.

Breach notification

If we become aware of a breach affecting your data, we will notify you within 72hours of becoming aware, with what we know and what we're doing about it.

Call recording & consent

Intake QA processes calls your firm already recorded. California is an all-party-consent state (Penal Code §632); your firm is responsible for its consent posture. The compliance page covers the recording and disclosure detail.

This is not legal advice. Your firm and its counsel make the final call on ethics and consent.

Intake QA

The independent recovery desk for personal-injury firms. See which signable cases didn't sign, and what they were worth.

Run your free Intake Quality Audit

Intake QA is a service of Plaintiff Ops LLC. Estimates and calibration figures are not legal advice; your firm and its counsel make the final call on ethics and consent. Texting features activate only after your A2P 10DLC registration is approved. © 2026 Plaintiff Ops LLC.