Security & Trust

Security as serious as
the evidence it protects.

Longeye handles criminal case files, the most sensitive data an agency holds. Every file is isolated, encrypted, and never used to train a model. And every finding is grounded in the source, so you can verify it before you rely on it.

The foundations

How Longeye protects your evidence.

The controls under every Longeye case, the same whether you are a detective, a warden, or a deputy public defender.

CJIS 6.0.0

Built to the FBI's CJIS 6.0.0 Security Policy, the same standard the agencies themselves are held to for how criminal justice information is stored, transmitted, and accessed.

SOC 2 Type II

Independently audited every year, with continuous monitoring in between. The full report is available to your team under NDA.

Role-based access control

Access is gated by organization, user, and role, down to the individual case. RBAC is fully customizable to how your office is structured.

Encrypted at rest and in transit

FIPS 140-3 validated ciphers: AES-256 at rest, TLS 1.2 or higher in transit, with keys managed and rotated in AWS KMS, never stored alongside the data.

Never used to train

Longeye's models never train on your case data. Neither do our AI providers, under signed data-processing agreements.

SSO and MFA

Single sign-on with Okta or Microsoft Entra, and multi-factor authentication with hardware security keys.

Immutable audit trail

Every login, file opened, and question asked is logged and kept for a year to meet CJIS requirements. The logs are append-only and cannot be altered or deleted.

US data residency

All evidence is stored and processed in the United States. It never leaves the country.

Background-screened staff

Every Longeye employee with access to criminal justice information (CJI) undergoes an FBI fingerprint background check.

Patent-pending

Trust, and verify.

The biggest risk with AI is not the data. It is the answer. Longeye's citation engine, the subject of our first patent and now patent-pending, grounds every response in the actual evidence. The model works from cited source material, not from what it “remembers,” so it does not fabricate, and every finding traces back to the exact place it came from.

Grounded

The model answers from the evidence in front of it, not from training data.

Cited

Every claim links to its exact source: the page of the PDF, the second of the audio, the row of the spreadsheet.

Verified

A separate pass checks each citation against its source before you ever see it.

Reproducible

Exports carry the query, the sources, and file hashes that prove nothing was changed.

By role

What matters most for your office.

Law Enforcement

Defensible from the first finding.

Every finding is source-linked, and every report you export carries an AI-use disclosure, aligned with California SB 524.

For law enforcement
Corrections

Isolated, with a record of everything.

Facility data is isolated to your agency, with a complete log of who ran what query, when, and against which evidence.

For corrections
Public Defenders

A private workspace for your work product.

Your case work is isolated to your office. Nothing is shared across agencies or used to train a model.

For public defenders
Prosecutors

Ready for disclosure and the record.

A disclosure-ready audit trail, and citations that resolve to the original evidence so any finding holds up when it is questioned.

For prosecutors
Common questions

What teams ask us first.

Is Longeye CJIS compliant?

Longeye is built to the FBI's CJIS 6.0.0 Security Policy, the same standard your agency is held to, and we sign a CJIS Security Addendum when you onboard. Evidence is encrypted with FIPS 140-3 validated ciphers, every action is written to an immutable audit trail, and any Longeye staff who can touch criminal justice information pass an FBI fingerprint background check.

Do you use our case data to train AI?

No, automatically, with nothing to opt out of. Your evidence is processed by AI only to produce results for that case, the transcripts, summaries, and answers, in memory, and is never used to train or improve any model, ours or our providers'. Data-processing agreements with every AI provider prohibit both training and retention.

How is this different from ChatGPT or other AI tools?

ChatGPT is a public tool that can learn from what you type. Longeye is a closed system: it runs Claude through AWS Bedrock and open-source models hosted inside Longeye's own AWS, so your evidence never goes to an outside AI provider, nothing trains on it, and every answer links to the exact source it came from so you can verify it.

Who at Longeye can see our evidence?

By default, no one outside your office. Access is role-based, down to the individual case, and your administrators control it. Longeye staff can see your evidence only at your explicit invitation, and only US-based employees who have passed an FBI fingerprint background check may touch criminal justice information. Every access is written to the immutable audit trail.

Will Longeye's findings hold up in court?

Longeye surfaces evidence; it does not make decisions. Every answer cites the exact source, the page, the timestamp, the line, so your team can verify it, and exported reports carry an AI-use disclosure aligned with laws like California SB 524. What gets used in a proceeding stays your call.

What happens to our data if we stop using Longeye?

You own your data the whole time and can export or delete it on demand. After a contract ends, Longeye keeps it for up to one year to ease any transition, then permanently deletes it, or deletes it immediately if you ask.

Want the full trust center?

Reach out and we'll give your IT, legal, and command teams access to the full trust center: the SOC 2 Type II report, the subprocessor list, and our complete security documentation.

Request access