When we work on large law firm projects, we use Basecamp, which is a very popular and highly trusted and secure collaborative platform, developed 11 years ago by 37 Signals.
Whenever your data is in transit between you and us, everything is encrypted, and sent using HTTPS.
Any file that you upload via Basecamp will be stored and encrypted at rest. However, project data, like messages, text documents, and to-dos aren’t encrypted at rest — they are active in Basecamp’s database. Basecamp backups are encrypted using GPG.
Basecamp’s server clusters are hosted and managed by Server Central. Servers are protected around the clock, with interior and exterior surveillance monitoring. Only authorized personnel have access to the data center. 24/7/365 onsite staff provides additional protection against unauthorized entry and security breaches. You can read a bit more about Server Central, and its security practices here.