Disponible
At rest
AES-256-GCM encryption
Each document is encrypted with the same algorithm used by international banking. Without the correct key, the file is unreadable even if someone gets physical disk access.
Your security is our priority. We use industry best practices and technologies to protect your personal data and transactions.
Cybersecurity
Security is not a surface layer; it is the design of the system. Bank-grade server-side encryption, password-derived keys with PBKDF2, and every action recorded in a tamper-evident audit log.
At rest
Each document is encrypted with the same algorithm used by international banking. Without the correct key, the file is unreadable even if someone gets physical disk access.
In transit
All communication between user and servers travels encrypted with the most recent secure-transport protocol. Man-in-the-middle is not viable.
Client encrypts before upload
Q2 2026 roadmap: the client encrypts documents before sending them to the server, so the server never sees plaintext. Today we operate with server-side AES-256-GCM encryption (see Encryption pillar). Tracked in docs/ROADMAP.md #25.
Hash chain
Every access, modification or signature produces an event whose hash includes the previous one. Tampering with any record breaks the entire chain, making it impossible to erase the trail.
Certifications and compliance
NOM-151
criticalNOM-151-SCFI-2016
Norma Oficial Mexicana de conservación de mensajes de datos. Vía Mifiel.
LFPDPPP 2025
criticalLey Federal de Protección de Datos Personales en Posesión de los Particulares (vigente desde 21-mar-2025)
Nueva ley que sustituye a la versión 2010. Cumplimiento integrado con avisos de privacidad y derechos ARCO. Autoridad: Secretaría Anticorrupción y Buen Gobierno (sustituye al extinto INAI).
Código de Comercio
Artículos 89-114 sobre comercio electrónico
Validez legal plena de firma electrónica y mensajes de datos.
Security Headers A+
securityheaders.com grade A+
CSP, HSTS, X-Frame-Options, Referrer-Policy y Permissions-Policy configurados. Verificable públicamente.
SSL Labs A+
TLS 1.3 con configuración A+
Cifrado en tránsito con TLS 1.3, perfect forward secrecy, OCSP stapling.
Pen Testing
Pruebas de penetración por firma independiente
Auditoría externa por firma certificada. Reporte ejecutivo compartido bajo NDA.
📅 Q2 2026
SOC 2 Type I
Service Organization Control 2 · Type I
Auditoría de controles de seguridad, disponibilidad y confidencialidad. Estándar internacional.
📅 Q3 2026
ISO 27001
criticalISO/IEC 27001:2022
Sistema de Gestión de Seguridad de la Información. Requerido para clientes enterprise y proyectos gubernamentales.
📅 Q1 2027
All roadmap dates are commitments with an internal schedule. At the close of each phase, a copy of the certificate issued by the auditor is shared under NDA.
We work with world-class providers and apply bank-grade encryption standards
Provider: Vercel
All communications are encrypted with SSL/TLS protocol. Your information travels securely between your browser and our servers.
Provider: Stripe
Payments are processed by Stripe, certified PCI DSS Level 1, the highest security standard for card payments.
Provider: Mifiel
Electronic signatures are made through Mifiel, complying with NOM-151 which guarantees legal validity in Mexico.
All Vault documents are encrypted with AES-256-GCM, the standard used by banks and governments. Keys are derived with PBKDF2 (100,000 iterations).
We comply with Mexico's Federal Law for the Protection of Personal Data. We respect your ARCO rights.
Technical detail · Lexify Vault
AES-256-GCM
DisponibleCifrado autenticado de grado bancario · estándar de facto
PBKDF2-SHA256 para llaves de password
DisponibleDerivación de llave desde password del usuario · 100,000 iteraciones
ChaCha20-Poly1305
IntegrableAlternativa moderna · eficiente en dispositivos sin aceleración AES
RSA-4096 key wrapping
IntegrableEnvelope encryption · protege la llave de sesión con llave asimétrica
Cifrado a nivel de campo (FLE)
IntegrableCURP, RFC y datos sensibles cifrados individualmente · invisibles para DBAs
ML-KEM-768 · Post-quantum
Q1 2027Cifrado resistente a computadoras cuánticas · FIPS 203 publicado ago-2024
Every layer is real technology with legal validity in Mexico. Items marked Available are integrated in LegalStock. Integrable items are activated by configuring the provider. Roadmap items are scheduled.
We partner with industry leaders to bring you the best service
Hosting platform with global CDN, automatic SSL certificates, and included DDoS protection.
World-leading payment processor with PCI DSS Level 1 certification and advanced fraud prevention.
Mexican electronic signature platform certified under NOM-151 with legal validity.
Managed PostgreSQL database with encryption at rest and automatic backups.
How we handle your personal information
We only collect information strictly necessary to provide our services.
All your sensitive information is encrypted both in transit (SSL/TLS) and at rest (AES-256).
We implement strict access controls. Only authorized personnel can access sensitive data.
We delete personal data when it is no longer needed for the original purpose.
Tu bóveda de documentos usa las mismas tecnologías que protegen a bancos y gobiernos
You have control over your personal information
You can request information about what personal data we have about you.
You have the right to correct inaccurate or incomplete personal data.
You can request the deletion of your personal data from our systems.
You can oppose the processing of your data for certain specific purposes.
To exercise your ARCO rights, contact us at:
privacidad@legalstock.mxInfraestructura protegida por
Procesador de pagos con el nivel más alto de certificación de seguridad en la industria
Hosting con CDN global, certificados SSL automáticos y protección DDoS
Firma electrónica con validez legal en México conforme a la NOM-151
Tecnología de seguridad implementada
Encriptación de grado militar para la Bóveda
100,000 iteraciones para derivar llaves
Verificación de integridad de documentos
Cifrado de datos en tránsito