Longeye handles criminal case files, the most sensitive data an agency holds. Every file is isolated, encrypted, and never used to train a model. And every finding is grounded in the source, so you can verify it before you rely on it.
The controls under every Longeye case, the same whether you are a detective, a warden, or a deputy public defender.
Built to the FBI's CJIS 6.0.0 Security Policy, the same standard the agencies themselves are held to for how criminal justice information is stored, transmitted, and accessed.
Independently audited every year, with continuous monitoring in between. The full report is available to your team under NDA.
Access is gated by organization, user, and role, down to the individual case. RBAC is fully customizable to how your office is structured.
FIPS 140-3 validated ciphers: AES-256 at rest, TLS 1.2 or higher in transit, with keys managed and rotated in AWS KMS, never stored alongside the data.
Longeye's models never train on your case data. Neither do our AI providers, under signed data-processing agreements.
Single sign-on with Okta or Microsoft Entra, and multi-factor authentication with hardware security keys.
Every login, file opened, and question asked is logged and kept for a year to meet CJIS requirements. The logs are append-only and cannot be altered or deleted.
All evidence is stored and processed in the United States. It never leaves the country.
Every Longeye employee with access to criminal justice information (CJI) undergoes an FBI fingerprint background check.
The biggest risk with AI is not the data. It is the answer. Longeye's citation engine, the subject of our first patent and now patent-pending, grounds every response in the actual evidence. The model works from cited source material, not from what it “remembers,” so it does not fabricate, and every finding traces back to the exact place it came from.
The model answers from the evidence in front of it, not from training data.
Every claim links to its exact source: the page of the PDF, the second of the audio, the row of the spreadsheet.
A separate pass checks each citation against its source before you ever see it.
Exports carry the query, the sources, and file hashes that prove nothing was changed.
Every finding is source-linked, and every report you export carries an AI-use disclosure, aligned with California SB 524.
For law enforcement →Facility data is isolated to your agency, with a complete log of who ran what query, when, and against which evidence.
For corrections →Your case work is isolated to your office. Nothing is shared across agencies or used to train a model.
For public defenders →A disclosure-ready audit trail, and citations that resolve to the original evidence so any finding holds up when it is questioned.
For prosecutors →Longeye is built to the FBI's CJIS 6.0.0 Security Policy, the same standard your agency is held to, and we sign a CJIS Security Addendum when you onboard. Evidence is encrypted with FIPS 140-3 validated ciphers, every action is written to an immutable audit trail, and any Longeye staff who can touch criminal justice information pass an FBI fingerprint background check.
No, automatically, with nothing to opt out of. Your evidence is processed by AI only to produce results for that case, the transcripts, summaries, and answers, in memory, and is never used to train or improve any model, ours or our providers'. Data-processing agreements with every AI provider prohibit both training and retention.
ChatGPT is a public tool that can learn from what you type. Longeye is a closed system: it runs Claude through AWS Bedrock and open-source models hosted inside Longeye's own AWS, so your evidence never goes to an outside AI provider, nothing trains on it, and every answer links to the exact source it came from so you can verify it.
By default, no one outside your office. Access is role-based, down to the individual case, and your administrators control it. Longeye staff can see your evidence only at your explicit invitation, and only US-based employees who have passed an FBI fingerprint background check may touch criminal justice information. Every access is written to the immutable audit trail.
Longeye surfaces evidence; it does not make decisions. Every answer cites the exact source, the page, the timestamp, the line, so your team can verify it, and exported reports carry an AI-use disclosure aligned with laws like California SB 524. What gets used in a proceeding stays your call.
You own your data the whole time and can export or delete it on demand. After a contract ends, Longeye keeps it for up to one year to ease any transition, then permanently deletes it, or deletes it immediately if you ask.
Reach out and we'll give your IT, legal, and command teams access to the full trust center: the SOC 2 Type II report, the subprocessor list, and our complete security documentation.