Single-Tenant Security

Each site is deployed in a secure, isolated environment, providing dedicated resources and complete data separation.

Isolate Data> Control Resources > Secure Environment

blank

Advanced Protection Through Isolation

DiscoveryPartner stands alone in the legal technology world by deploying each site in its own isolated infrastructure. This architectural approach fundamentally transforms how security is implemented in discovery platforms, moving beyond traditional multi-tenant systems to provide true data isolation and resource dedication.

Innovative Architecture

At the heart of our security model lies a pioneering Virtual Private Cloud (VPC) implementation. Each matter operates within its own secure environment, protected by dedicated hardware and software resources. This isolation extends beyond simple data separation–it encompasses the entire computing infrastructure, from network pathways to storage systems.

Key architectural advantages include: 

  • Hardened gateways that make environments invisible to external threats
  • Matter-specific URLs with robust authentication protocols
  • Independent computing resources for each deployment 
  • Complete network isolation through VPCs and private subnets

Unique Data Protection

The significance of our architecture becomes clear in its implementation. Each matter’s data resides in its own separate datastore, eliminating any possibility of cross-contamination between cases. All server deployments operate within private networks, with no direct outbound internet access. When communication with cloud services is required, it occurs exclusively through secure, private network links, ensuring that sensitive discovery data never traverses public networks unprotected.

Dedicated Resources for Consistent Performance

Our commitment to isolation extends to computing resources. Each deployment receives dedicated processing power, memory, and storage allocations, ensuring consistent performance regardless of other matters’ demands. The architecture supports dynamic scaling, enabling environments to grow seamlessly as matter requirements evolve.

Critical performance benefits: 

  • Dedicated processing power for complex search operations 
  • Independent scaling without impacting other matters 
  • Optimized configurations for large document volumes 
  • Consistent performance across all workflow stages

Strategic Resource Management

Our architecture facilitates intelligent resource allocation based on matter size and complexity. Smaller matters can operate efficiently with appropriately sized resources, while larger matters can access expanded capabilities as needed. This flexibility doesn’t just optimize performance–it ensures cost-effectiveness across matters of all sizes. The ability to deploy environments in various geographic locations further supports compliance with data sovereignty requirements and local regulations.

This innovative approach to discovery platform security represents a fundamental advance in legal technology, providing legal teams with comprehensive control over their discovery environment while maintaining the highest standards of data protection and performance optimization.

Enhanced Security

Our single-tenant Virtual Private Cloud architecture provides greater security and data isolation.

Scalable Resources

Quickly scale servers and databases up or down as projects require with dedicated cloud resources.

Global Hosting

Meet data privacy, HIPAA and business requirements with local hosting that can be set up overnight.

The Power of Virtual Private Clouds

Merlin leverages the power of virtual private clouds (VPCs) to provide secure, isolated, and personalized environments for each matter we host. A VPC is a secure, isolated virtual network within the cloud, designed to offer an optimal level of security and control, similar to a traditional on-premise data center but without the associated physical infrastructure costs. A VPC is housed within a public cloud environment, yet maintains a distinct separation from other users of the cloud, providing a personalized, secure  computing environment. As such, a VPC serves as the backbone for secure and customizable cloud solutions, enabling Merlin to provide:
  • Additional isolation by secure subnets
  • Control over your environment for HIPAA and data privacy compliance
  • Enhanced access restrictions and individual monitoring
blank

Our VPCs have no direct connection to the Internet or outside world except through a highly secure firewall and load balancer that handles traffic to and from each site. Even though it sits in a public infrastructure, servers within the VPC are all but invisible to hackers or other bad actors.  

By leveraging VPCs, Merlin ensures that each client’s environment is completely isolated and tailored to their unique security and compliance needs, reinforcing our commitment to providing the highest level of data protection and control in the ediscovery process.

blank

Scalability for Optimal Performance

Merlin’s single-tenant VPC architecture offers unparalleled scalability, ensuring that your ediscovery environment can quickly adapt to your changing needs. With a VPC, you’re not confined to static physical infrastructure. Instead, you have a dynamic computing environment that can effortlessly scale up or down to meet the ebb and flow of your business requirements.

When demand spikes, whether due to sudden influxes of data during large-scale litigation or increased review activity, we can scale up the computing resources within your dedicated VPC by:

  • Adding more servers, whether to accommodate a heavier review load or to handle unexpected increases in document or data load; or 
  • Increasing the computing power of existing servers with a few simple clicks, ensuring uninterrupted, high-performance operation, even under heavy loads.


When demand recedes, we can easily scale down resources to prevent unnecessary expenditure. This flexibility offers not just an optimal operational environment but also a cost-effective solution. Our goal is to adapt swiftly to your changing needs, ensuring that you have the right resources at the right time, without overpaying for unused capacity.

Application Security

Layered security protocols protect discovery data throughout its lifecycle, combining continuous monitoring with active threat management for comprehensive data protection.

Single Tenant

Our site run in dedicated environments without data commingling. Each matter runs in separate database, search and storage servers that can be protected from inside and outside intervention.

Multi-Party

We provide private fields and shared folders as standard issue. User groups get private tag sets and shared searches so they can work together while protecting group work products.

Audit Logs

Extensive auditing and logging capabilities let administrators track each person's use of the site. Document views, tags, searches and other actions are tracked throughout.

End to End Encryption

Data is encrypted in transit and at rest to ensure maximum security using industry leading protocols including TLS and AES-256. This ensures that data is protected at all times on the Merlin platform and between Merlin and its users.

Document Lockdown

Requests to view a document must be accompanied by a time-limited Authorization Ticket before access is granted. This keeps users from improperly sharing files and hackers from traversing file servers.

Permission-Based Roles

Merlin provides granular Role-based Access Control (RBAC) in which every function in the Merlin software platform is available as a permission that can be assigned to a role. Administrators can limit available fields and actions.

Through these integrated security measures, DiscoveryPartner delivers comprehensive protection, ensuring data integrity from ingestion through final disposition.

Customizable Security

In the world of digital data, the need for robust security and privacy cannot be overstated. Particularly when dealing with PII or data subject to HIPAA, a customized approach to data hosting is not just a nice-to-have, it’s a necessity. Merlin understands this critical requirement and leverages the flexibility of single-tenant architecture to offer highly customizable solutions for each client.

Each VPC acts as an independent fortress, providing a secure environment where data is not only stored but also transmitted and processed under the highest standards of security and privacy. Whether it’s enabling enhanced access restrictions, implementing additional encryption methods, providing special monitoring or securing data transmission channels, we can fine-tune each component of your cloud environment to ensure compliance with GDPR, HIPAA and other data protection regulations.

blank
blank

Global Hosting for Data Privacy

Merlin’s single-tenant VPC architecture offers the flexibility to choose your preferred hosting location, ensuring compliance with data sovereignty requirements. This is particularly crucial in an era of increasing focus on data privacy and security, with regulations like GDPR, CCPA, and HIPAA setting strict standards for how data must be handled.

With Merlin, you can:

  • Comply with data privacy regulations: Ensure that your data is subject to the laws and regulations of the country or region where it is hosted, giving you greater control over how your data is handled and helping you meet the requirements of various data privacy regulations.
  • Leverage private or government-approved environments: Host your VPC in a client’s private AWS environment or a government-approved FedRAMP environment, depending on your specific compliance and security needs, such as those outlined in HIPAA or other industry-specific regulations.
  • Adapt to changing regulatory landscapes: Quickly and easily adjust your hosting location as data privacy and security regulations evolve, ensuring ongoing compliance with new or updated standards like the CPRA.

By providing the freedom to choose your hosting location, Merlin empowers you to meet your unique data sovereignty requirements, no matter where your ediscovery needs take you. Whether you’re navigating GDPR, CCPA, HIPAA, or other data privacy regulations, Merlin’s global hosting options ensure that you can maintain compliance and keep your data secure.

Scroll to Top