Confidentiality and AI: How We Protect Client Data on a Legal Platform

Lawyers cannot use ChatGPT for client matters — data ends up on OpenAI servers. We built a platform where every matter is isolated, every action is in an audit trail, legal holds block deletion, and GDPR is not a checkbox — it is architecture.

Confidentiality and AI: How We Protect Client Data on a Legal Platform

Lawyers cannot use ChatGPT for client matters. We built a platform where they can.

The Problem: AI and Attorney-Client Privilege

A lawyer wants to use AI for case analysis. But:

• Uploading documents to ChatGPT = transferring data to a third party
• OpenAI may use data for model training
• No control over where data is physically stored
• Impossible to recall or delete transmitted data
• Violation of attorney-client privilege (Art. 22 of the Law "On the Bar")

The result: lawyers either do not use AI, or use it at risk.

Our Protection Architecture

1. Matter Segregation

Every matter is a separate container:

• Documents from matter A are inaccessible when working on matter B
• Search is limited to documents of the current matter
• Even the AI assistant sees only documents of the active matter

2. Audit Trail with Hash Chain

Every action is recorded:

• Who viewed a document
• Who uploaded / deleted / modified
• Who searched and what was found
• Each record is secured by the hash of the previous one — tampering with the chain is impossible

3. Legal Holds

When a matter is under legal hold:

• No document can be deleted
• Even an admin cannot bypass the restriction
• SQL function can_delete_document() checks holds before every deletion
• A hold is lifted only by an explicit action of an authorized person

4. GDPR as Architecture

• Right to erasure — complete deletion of personal data from all systems
• Right to portability — data export in a structured format
• Privacy by design — protection is built into the architecture, not bolted on
• Data minimization — we store only what is necessary

5. Infrastructure Protection

• AWS EU (Frankfurt) — data within the EU
• Encryption at rest and in transit
• IAM roles instead of API keys where possible
• Vault for secrets
• Regular security audits

What This Means for a Lawyer

You can upload a client's contract, ask AI to analyze risks, find relevant practice — and be confident that:

1. Client data does not leave your infrastructure
2. Other users cannot see your documents
3. Every action is recorded for audit
4. Documents under legal hold are protected from deletion
5. The client can request deletion of their data at any time

Confidentiality is not a feature. It is a prerequisite for any legal AI platform to exist.