Security Overview

This page describes Stern Bench's current public security posture for Stern Bench Research. It is intended as an informational overview only. It is not a contractual security addendum and does not replace any written security schedule, DPA, or other negotiated customer terms.

1. Product Boundary

Stern Bench Research is currently framed as a gated or approved-user legal research product with:

• no document uploads;
• no private customer document workspace;
• session-scoped research interactions; and
• no durable user-visible research history by default.

Prompts and outputs may remain visible within an active browser session and may be used for follow-up interactions during that session. Limited browser-side local storage and operational metadata may still exist separately from session-visible content.

2. Access and Authentication

Stern Bench uses route protection, approved-user or invite-based access controls where enabled, and related measures designed to restrict access to the Service.

Internal access to production systems or customer-associated data is intended to be limited to authorized personnel or contractors who require access for support, operational, security, or legal-compliance purposes.

3. Data Handling Posture

For the current Research lane:

• uploads are off;
• prompts and outputs are not retained as durable user-visible account history by default;
• unsent draft text or related interface state may be cached locally in the user's browser; and
• Stern Bench may retain limited operational metadata for security, abuse prevention, debugging, attribution, reliability, and service operation.

4. Infrastructure and Providers

The current launch-shaped Research path may use providers and infrastructure including:

• Vercel for web application delivery;
• Microsoft Azure and Azure Container Apps for application and API infrastructure;
• Azure OpenAI Service for AI-assisted research processing;
• identity and access providers, such as Clerk, where enabled; and
• rate-limiting, bot-protection, and abuse-prevention infrastructure.

Provider arrangements may evolve over time as the Service changes.

5. Security Measures

Stern Bench maintains reasonable safeguards appropriate to the Service's current stage, including measures such as:

• encryption in transit over public networks;
• access controls intended to limit internal access to authorized personnel;
• rate limiting and abuse-prevention measures;
• application and infrastructure monitoring appropriate to the Service; and
• incident-response practices appropriate to the current product posture.

Stern Bench does not publicly claim a certification, audit, or control framework unless expressly stated in writing.

6. Retention and Deletion

Because the product is session-scoped by default, user-visible research history is not retained as a durable account feature unless Stern Bench later enables that feature.

That does not mean every related technical record disappears immediately. Certain operational metadata, security logs, local browser storage, and backup-related records may persist for limited periods.

7. Customer Diligence

For paid pilots or other serious customer discussions, Stern Bench may provide additional security diligence materials, answer reasonable security questionnaires, or discuss a negotiated security schedule, subject to confidentiality, proportionality, and actual operational readiness.

8. Contact

Security-related questions may be sent to founder@sternbench.com.