// Trust & Security Report

    Logikcull (a Reveal Data company) logo

    Logikcull (a Reveal Data company)

    Legal eDiscovery, Legal Hold, AI-assisted Document Review, Public Records Request Management

    Certifications held

    6

    Maturity

    Enterprise

    Trains on your data

    Unknown

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    Logikcull is SOC 2 Type II certified and audited, and compliant with HIPAA, GDPR and ISO 27001.

    Verify on logikcull.com
    ISO 27001
    HELD

    ISO/IEC 27001 - Status: Current (2025). Recently renewed with 2025 audit completion announced. Covers: Reveal Enterprise, Logikcull, Onna, ZyLAB, Reveal Hold Classic, IPRO.

    Verify on security.revealdata.com
    HIPAA
    HELD

    Logikcull is SOC 2 Type II certified and audited, and compliant with HIPAA, GDPR and ISO 27001.

    Verify on logikcull.com
    GDPR
    HELD

    GDPR - Status: Current. Compliance documentation available. Logikcull acknowledges EU/EEA residents have additional rights and references a separate EU Resident Policy Notice.

    Verify on security.revealdata.com
    EU-US Data Privacy Framework (DPF)
    HELD

    Logikcull is committed to participate in and has certified its compliance with the principles of the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension, as well as the Swiss-U.S. DPF.

    Verify on revealdata.com
    CSA STAR Level 1
    HELD

    CSA STAR Certification - Status: Current. Level 1 also listed separately.

    Verify on security.revealdata.com
    > Show 1 unconfirmed / not-held certifications
    FedRAMP
    NOT CONFIRMED

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Not stated

    Data region

    US and EU (AWS data centers). US-primary. EU data center available. Logikcull EU privacy notice notes data 'may be accessed by us or transferred to us in the United States.'

    No explicit statement found in the privacy policy or Terms of Service stating that customer data (Hosted Data) is or is not used to train AI models. The ToS (Section 4.a) grants Logikcull a license to use Hosted Data for 'improving search and tagging functions,' language broad enough to encompass model training. Customer retains ownership of Hosted Data. The Privacy Policy explicitly states it 'does not apply to Hosted Data.' Logikcull offers GenAI features (Logikcull AI, ASK) but publishes no AI-specific data use policy. The DPA link (logikcull.com/policies/data-processing-addendum) redirects to revealdata.com/privacy-policy rather than a proper DPA document. Formal DPA must be requested from the vendor.

    // Security controls

    Encryption in transit

    TLS 1.2 or higher, continuously monitored

    logikcull.com

    Encryption at rest

    AES-256; keys managed via AWS KMS with regular rotation

    logikcull.com

    Data hosting infrastructure

    Amazon Web Services (AWS), US and EU data centers, multiple availability zones, daily backups

    logikcull.com

    Bug bounty program

    HackerOne private program. Quote: 'We run a bug bounty program to give us extra eyes hunting for vulnerabilities, improving our application security.' Researchers must be qualified via HackerOne.

    logikcull.com

    Penetration testing

    Internal pentests on infrastructure, containers, and systems. Third-party security tools scan continuously. Pentest report available in trust center (gated).

    logikcull.com

    Static and dynamic code analysis

    SCA (Software Composition Analysis), SAST (Static Application Security Testing), and real-time vulnerability scanning

    logikcull.com

    Access controls

    Granular role-based permissions, SSO support, 2FA

    logikcull.com

    Malware scanning

    All uploaded files are instantly scanned for viruses and malware in real time

    logikcull.com

    DDoS and perimeter protection

    WAF protecting all HTTPS traffic against DDoS attacks, zero-day exploits, and hacking attempts

    logikcull.com

    Status page

    24/7 system health monitoring at status.logikcull.com

    logikcull.com

    143 security standards

    AWS data centers compliant with 143 security standards and compliance certifications (AWS infrastructure-level claim)

    logikcull.com

    // Products & data scope

    Logikcull eDiscoveryeDiscovery / Legal Review Platform

    data: Uploads highly sensitive legal documents including privileged communications, ESI, evidence files, emails, and case materials. SOC 2 Type II, HIPAA, ISO 27001 apply. Full encryption in transit and at rest.

    Core product. Cloud-only SaaS. Processes 300+ file types. GenAI features (ASK, auto-tagging for privilege and PII) are add-ons. Used by corporate legal, law firms, and government.

    Logikcull HoldLegal Hold Management

    data: Custodian identity data, notice acknowledgments, hold audit trails. Lower sensitivity than full eDiscovery uploads but still handles confidential matter information. Integrates with Google Vault, MS 365, Slack, Box.

    Supports 'silent custodians' for sensitive investigations. Slack delivery integration. Full audit logs. Shares same security posture as eDiscovery platform.

    Logikcull AIAI-assisted Legal Review

    data: Applies GenAI (ASK, fact-finding, timeline synthesis) to uploaded case documents. AI processes the same Hosted Data covered by the ToS. No explicit AI data-use policy or model training restrictions published.

    Subscription plan feature. Auto-tagging for privilege and PII (claimed 99% accuracy). AI training data policy gap is a material concern for legal teams handling privileged data.

    OnnaData Collection and Management (sister platform)

    data: Connects to Zoom, Salesforce, Slack, Box and other sources for collection and retention. Separate platform, referenced as Logikcull's 'sister' for complex data sources.

    Covered under the same Reveal Data trust center umbrella (security.revealdata.com lists Onna alongside Logikcull under ISO 27001). Evaluated separately for procurement.

    Logikcull for Public RecordsFOIA / Public Records Request Management

    data: Handles government public records requests, FOIA workflows, bulk PII redaction. Targeted at state/local government and education.

    Newer product (announced 2025-2026 period). PII detection and redaction at 99% claimed accuracy. Bulk redaction with reusable templates.

    // What to watch

    • DPA URL (logikcull.com/policies/data-processing-addendum) redirects to Reveal Data's general privacy policy, not a formal DPA document. Enterprise buyers must request a DPA separately.
    • AI training policy gap: Terms of Service (Section 4.a) grants Logikcull a license to use Hosted Data for 'improving search and tagging functions.' No explicit 'we do not train AI on your data' commitment exists. For legal teams uploading privileged documents, this is a material concern requiring contractual clarification.
    • Logikcull was acquired by Reveal Data in August 2023. Policy URLs (privacy policy, responsible disclosure) now redirect to revealdata.com, which may create confusion for customers who relied on logikcull.com policy bookmarks.
    • Bug bounty is private (HackerOne-only, invite-based). Not a public program.

    // At a glance

    Pricing model

    Two tracks: (1) Pay-as-you-go, monthly, GB-based storage, no minimum commitment beyond 10 GB threshold, unlimited users and projects. (2) Annual subscription, fixed pricing, includes premium GenAI features (ASK, A/V transcription, PII detection). Free sample matter available on pay-as-you-go. No public per-GB rates listed.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Logikcull (a Reveal Data company)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    security.revealdata.com

    > Browse all vendor trust reports