FAQ

Matterkeep is a document request and review workspace for small law firms. It gives firms a structured way to request specific documents from clients, track uploads by matter, and record review decisions — approvals, rejections, and replacement requests — with notes attached.

It is not case management software. It is not a client communication platform. It is focused specifically on the document collection and review workflow.

No. Matterkeep handles the upload and review workflow. Clients receive a secure link by email and upload documents through a dedicated portal. The aim is to remove files and approval decisions from back-and-forth email threads. Email communication between the firm and client continues outside Matterkeep.

In production, uploaded files are stored in Cloudflare R2 using the application's API credentials. Matterkeep serves all file access through application routes — not through direct object links. Every download is authenticated by either the firm user's session or a scoped portal token in a request header.

Each file is stored under a randomly generated UUID. The original filename is kept separately in the database and is not used as the storage key.

No. Each client portal link is tied to a single request. The application validates the token against that specific request before returning any data. A token issued for one request does not grant access to other requests, other clients' uploads, or records from other firms. Matterkeep scopes all data queries to the authenticated firm and checks access before serving any content.

Yes. Firm administrators can disable a portal link immediately from the request detail page. A disabled link blocks portal page access, file uploads, and file downloads. Disabling a link is logged in the activity record.

Once a request is marked Complete, it no longer accepts uploads even if the link is still active and unexpired.

PDF, PNG, JPG, and JPEG. Matterkeep validates both the file extension and the actual binary content (magic bytes) before accepting an upload. A file claiming to be a PDF but containing different binary content will be rejected. Maximum file size is 10MB.

Not currently. Matterkeep validates file type and content format, but does not run antivirus or malware scanning. Uploaded files are labeled as unscanned until a staff member reviews and accepts or rejects them. Staff review is the primary safeguard before a document is marked accepted.

If your firm handles particularly sensitive file types or has compliance requirements around malware scanning, consider this a current limitation.

Self-serve export is not currently available in the product interface. Contact support@getmatterkeep.com to request an export of your firm's data. We will process the request manually.

Self-serve deletion is not currently available. Contact support@getmatterkeep.com to request deletion of specific files, an entire matter, or your firm's account. Deletion is permanent and includes all stored files and records.

No. The activity log is a standard database record. It records what happened in your firm's workspace — who uploaded what, which decisions were made, when portal links were changed — and it is useful for operational review. It is not cryptographically signed, not append-only enforced, and does not constitute legally certifiable evidence.

No. Matterkeep is a pilot-stage product and is not certified under any compliance framework. It has practical security controls in place — private file storage, scoped access, validated uploads, activity logging, and header-based security — but it has not undergone a formal compliance audit.

Firms with specific regulatory requirements should evaluate Matterkeep against those requirements independently before onboarding client documents.

General support and product questions: support@getmatterkeep.com

Security issues: security@getmatterkeep.com