// Trust & Security Report

    Fastcase Inc. (subsidiary of Clio) logo

    Fastcase Inc. (subsidiary of Clio)

    Cloud-based legal research platform with AI-powered research assistant (Vincent). Now integrated into Clio's legal operating system following Clio's November 2025 acquisition of vLex/Fastcase. Serves law firms, solo practitioners, and 80+ bar associations with comprehensive primary law research across US jurisdictions.

    Certifications held

    0

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 8 unconfirmed / not-held certifications
    SOC 2 Type 2
    NOT CONFIRMED

    No vendor-domain (fastcase.com) evidence. Parent company Clio publishes on trust.clio.com: 'Clio successfully completes annual SOC 2 Type II and SOC 1 Type II examinations', with a '2025 SOC 2 Type II report ... issued for the period of June 1st, 2024 to May 31st, 2025'. However, neither Clio's security page nor its trust center mentions Fastcase, so coverage of the Fastcase product is unconfirmed. The previously cited quote 'Clio Work is built on Clio's secure, cloud-based infrastructure and adheres to SOC 2 Type 2, ISO 27001, GDPR, and HIPAA standards' does not appear on clio.com/security.

    source: trust.clio.com
    ISO 27001
    NOT CONFIRMED

    No public evidence on any vendor-domain source. ISO 27001 is not referenced on clio.com/security and is not listed on the Clio trust center, and Fastcase's own domain publishes no certifications. The prior proof quote asserting Clio 'adheres to ... ISO 27001' does not appear on Clio's security page and is unsubstantiated.

    GDPR
    NOT CONFIRMED

    No vendor-domain (fastcase.com) confirmation. Parent Clio states on trust.clio.com: 'Clio is compliant with the terms found in the GDPR guidelines.' Clio's docs do not mention Fastcase, and Fastcase's own privacy policy has not been updated to reference this posture, so Fastcase product coverage is unconfirmed. The prior 'Clio Work is built ... adheres to ... GDPR' quote does not appear on clio.com/security.

    source: trust.clio.com
    HIPAA
    NOT CONFIRMED

    No vendor-domain (fastcase.com) evidence. Parent Clio states on clio.com/security: 'Clio also supports your HIPAA obligations, ensuring ePHI is stored and processed according to the HIPAA security standards' (a support posture, not a certification). Clio's docs do not mention Fastcase, so Fastcase product coverage is unconfirmed. The prior 'Clio Work ... adheres to ... HIPAA standards' quote does not appear on clio.com/security.

    source: clio.com
    SOC 1 Type 2
    NOT CONFIRMED

    No vendor-domain (fastcase.com) evidence. Parent Clio states on trust.clio.com: 'Clio successfully completes annual SOC 2 Type II and SOC 1 Type II examinations.' Clio's docs do not mention Fastcase, so Fastcase product coverage is unconfirmed.

    source: trust.clio.com
    PCI DSS
    NOT CONFIRMED

    No vendor-domain (fastcase.com) evidence. Parent Clio states on clio.com/security: 'Clio Payments is built to ensure all payments are PCI compliant' (scoped to Clio Payments). PCI DSS is not listed on the Clio trust center, and no Fastcase coverage is stated.

    source: clio.com
    PIPEDA
    NOT CONFIRMED

    No vendor-domain (fastcase.com) evidence. Parent Clio states on clio.com/security: 'Clio meets the requirements of PIPEDA, Canada's federal privacy law.' Clio's docs do not mention Fastcase, so Fastcase product coverage is unconfirmed.

    source: clio.com
    TX-RAMP
    NOT CONFIRMED

    No vendor-domain (fastcase.com) evidence. Parent Clio's trust center lists TX-RAMP as a certification tile. Clio's docs do not mention Fastcase, so Fastcase product coverage is unconfirmed. (TX-RAMP is the Texas Risk and Authorization Management Program.)

    source: trust.clio.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Primary: United States (AWS). Optional: Canada or European Union via Clio infrastructure with geographic redundancy and real-time replication.

    Clio's integration documentation explicitly states: 'Clio Work never trains AI models on a firm's data' with 'Zero Data Retention' agreements. Fastcase/Vincent AI respects this posture post-acquisition.

    // Security controls

    Encryption in transit

    TLS/SSL encryption (Qualys SSL Labs grade A+ across all regions)

    trust.clio.com

    Multi-factor authentication

    Available; inherited from Clio security architecture

    clio.com

    Audit logging

    Comprehensive audit trails and activity logging

    trust.clio.com

    Penetration testing

    Annual penetration testing by leading cybersecurity firms

    clio.com

    Access controls

    Role-based access controls and permission inheritance from Clio Manage

    clio.com

    Responsible disclosure

    Responsible disclosure program in place

    trust.clio.com

    // Products & data scope

    Fastcase Legal ResearchLegal Research / AI

    data: Case law, statutes, regulations, legal commentary across US jurisdictions

    Core research product; now integrated into Clio suite. Serves solo practitioners and law firms. Free access through 80+ bar association member benefits.

    Vincent AIAI-Powered Research Assistant

    data: Provides AI-driven legal research, document analysis, and drafting assistance

    Acquired with vLex; integrated into Clio post-November 2025. Does not train on customer data.

    Clio Library (formerly Fastcase/vLex database)Legal Content

    data: 1+ billion primary law documents, comprehensive legal research library

    Unified legal database serving entire Clio platform post-acquisition. Available through Clio Work and standalone research.

    // What to watch

    • Recent acquisition: Clio completed acquisition of vLex/Fastcase on November 10, 2025. As of July 2026, Fastcase operates under Clio's infrastructure and compliance framework, but Fastcase's own domain documentation (privacy policy, terms) has not been fully updated to explicitly cross-reference Clio's certifications.
    • No independent trust center: Fastcase does not maintain a dedicated trust center. All compliance certifications are inherited from parent company Clio. Formal documentation of Fastcase customer coverage should be requested from Clio directly.
    • Legal entity structure: Fastcase's terms of service still identify 'Fastcase, Inc.' with DC offices; Clio branding is present but formal consolidation status unclear. Recommend verifying with sales whether Fastcase customers are explicitly covered under Clio's SOC 2, ISO 27001, GDPR, HIPAA certifications.
    • Documentation currency: Privacy policy and terms on fastcase.com appear not yet updated post-acquisition to reference Clio compliance or security infrastructure. Post-acquisition integration still in progress (8 months post-close as of assessment date).
    • AI data handling claim verification: Multiple sources state Fastcase/Clio never trains on customer data, but this commitment is stated in Clio marketing materials, not in Fastcase's own policies. Recommend explicit DPA or data processing addendum confirmation.

    // At a glance

    Pricing model

    Subscription-based SaaS; tiered by usage and feature set. Free tier via bar association membership; paid tiers for individuals and firms.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Fastcase Inc. (subsidiary of Clio)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    fastcase.com

    > Browse all vendor trust reports