Security & confidentiality
Your data, handled like it matters.
This page answers the questions firms ask us before opening their systems. It’s the same setup we run for every client, built around the professional duties you already carry.
Who runs what
We host and run the systems, so nothing new lands on your team’s plate: no servers to stand up, no vendor accounts to manage, no API keys to babysit. We connect into the systems your firm already uses (practice management, phones, email) only where a build actually needs it, and you grant only those specific connections.
Inside our infrastructure, your data is kept separate from every other client’s and encrypted in transit and at rest. When an engagement ends you get a full export of it, then we delete what we hold. The custom work we build for you is yours on payment, and if you ever want to bring it in-house, we hand over the code and help you move it.
No training on your data
None of your client data is used to train or improve any AI model, ours or anyone’s. The AI services we configure are set to their business tiers, where the vendor’s published terms exclude customer data from model training and cap retention to what processing requires. We put this in writing in our services agreement, not just on this page.
A person stays on the judgment calls
The systems do the reading, sorting, drafting, and routing. Anything that requires legal judgment gets surfaced to your staff with full context instead of being acted on automatically, and every run is logged, so if something looks off later you can go back and see exactly what happened and when. During rollout, anything deadline-sensitive runs alongside your existing manual process until the logs prove it’s right. Only then do we cut over.
Privilege
Our agreements treat your case files as privileged material and say so explicitly. We access only what the build requires, we’re bound as your agent, and if anyone ever subpoenas us for your data, you hear about it immediately so your firm can assert privilege. Nothing about the engagement is intended to waive privilege or work-product protection, and we’ll sign an NDA before we ever see a matter.
What the bar opinions ask
ABA Formal Opinion 512 (July 2024) and Texas Ethics Opinion 705 (February 2025) both land on the same requirements for a lawyer using generative AI: protect confidentiality before putting client information into a tool, understand the technology enough to supervise it, and supervise it like you’d supervise nonlawyer staff.
That maps to this engagement cleanly. Confidentiality: isolated and encrypted data handling, no model training, written confidentiality terms with privilege protections. Competence and supervision: we document every system in plain English, your staff reviews the outputs that matter, and the logs give you a full audit trail. Under Rule 5.03, we’re the nonlawyer assistance you’re supervising, and the whole build is designed to make that supervision easy rather than a burden.
The basics
Unique credentials, multi-factor authentication wherever your platforms support it, secrets kept in an access-controlled store rather than in code or documents. If we ever became aware of unauthorized access to anything of yours we handle, you’d hear from us within 72 hours, contractually.
Questions your ethics counsel wants answered that aren’t here?
Ask. We’d rather cover it before the engagement than after. You can also read who builds this and how it runs in production.
Book a free call