Where data lives
In the UK and EU only
- Database hosted in the EU (Frankfurt)
- Application server in the UK (or EU fallback)
- File storage in the EU
- Encrypted at rest, encrypted in transit
- Daily encrypted backups
The single most important rule
No client information ever leaves your firm to any AI service.
AI tools are everywhere in 2026, and many of them require sending client information to companies like OpenAI or Google. That is incompatible with the duty of confidentiality. So this system is built differently.
Where AI is used
Three narrow places, no client data
- Improving the template library (no case data)
- Generating generic skeletons by application type (no case data)
- Grammar polish on paragraphs you select (no PII)
Where AI is never used
The whole rest of the system
- No drafting of case-specific narrative
- No composing of legal arguments
- No reading of client documents
- No summarising of client emails
- No analysing of facts
How you can verify this is true
The system routes every external request through a single component called the "AI gateway". Every request — what was sent, what came back, who triggered it, when — is logged.
- ✓ Audit log viewable by the owner at any time
- ✓ Outgoing network traffic from the server can be inspected independently
- ✓ The relevant code is open for review on request