Trust & transparency

How our AI works.

In plain English: which AI runs, where your clients’ data goes, and what we will never do with it. We tell you the vendors, the boundary, and the commitments, not a model version we might swap next quarter. You carry your own confidentiality duty; this is built to help you meet it.

For your clients’ data: open-weight, inside our boundary

Anything touching your clients’ data runs on open-weight models (Llama-, Qwen-, and Mistral-class) hosted entirely inside our secure boundary. Your clients’ data never leaves it, is never retained by the model, and is never used to train anything.

For frontier work: Anthropic’s Claude, only if you opt in

For the most demanding non-client work (or work you explicitly choose to send), we offer Anthropic’s Claude as an optional frontier brain, under a zero-data-retention, BAA-backed contract. You decide what, if anything, is ever routed to Claude. By default, client data isn’t: it’s off until you turn it on.

You’re always in control.

The AI proposes; you approve. Anything legal, client-facing, billed, or deadline-related waits for your one-click sign-off. You choose your plan (which sets your AI’s power and capacity) and your routing (what stays in-boundary vs. what may use Claude), and you set a spend cap. The AI is sized to your plan, and we’ll always warn you before any limit — never cut you off mid-work. You never have to pick or manage a model; the system selects the right one for each task.

What we never do

Send your clients’ data to a public AI without your explicit, contracted opt-in.

Retain or train on your clients’ data.

Move money, file, or contact a client without your approval.

Where each kind of work runs

The data boundary, by the kind of work. “In-boundary” means inside the controlled environment (your isolated tenant plus our no-retention model pool), not your firm’s own hardware. Cloud-first; your data region is set when you sign up and stays fixed.

The work	The brain	Where it runs	Data leaves the boundary?
Your clients’ / privileged data	Open-weight, in-boundary	Our shared, no-retention model pool, in your data region (US firms in the US, Canadian firms in Canada)	No
Product help, general chat, marketing / SEO / content (non-client)	Open-weight, or Claude if you allow it	In-boundary pool, or Anthropic only for non-client work you’ve allowed	Only if Claude, and only non-client
Work you explicitly route to Claude	Anthropic’s Claude (opt-in)	Anthropic, under a zero-data-retention, BAA-backed contract	Yes: opt-in, ZDR + BAA, metered

Your clients' data never leaves the boundary.

Confidentiality isn't a setting — it's the architecture. What this means in practice:

In-boundary by default

Your clients' privileged data runs on AI inside our secure boundary and is never sent to an outside model unless you explicitly turn that on, for the specific work you choose. Off by default. Your choice, every time.

Built for your confidentiality duty

Built for the confidentiality and privilege standards your practice is held to. The same wall that runs legal work in-boundary also keeps client data out of the AI training loop, the AI vendor's logs, and our own eyes — by design, not policy.

Provable, with a report

Generate a confidentiality report for any matter: routing metadata, model used, opt-in log, and a signed boundary assertion. Defensible documentation that your clients' data stayed in-boundary, ready when you need it.

The licensed attorney of record remains responsible for all legal work product and for the privilege analysis. This boundary architecture is a tool to help you meet your duty — not a substitute for it.

Who holds the key

Your data is encrypted at the field level. Two postures, depending on your tier.

Every plan

Your own revocable key.

Each firm’s data is encrypted with a key unique to your firm, isolated from every other tenant and never sent to any third-party AI. Revoke it and the data is cryptographically unrecoverable (crypto-shred). Your data region is set at signup and stays fixed. We administer the key on your behalf so the system can run for you.

Sovereign · premium upgrade

You hold the key.

For firms with a hard data-sovereignty requirement, Sovereign adds bring-your-own-KMS: the key lives in your control, with dedicated in-boundary AI and Claude off for protected content. The result is true zero-knowledge: we become technically unable to read your protected content. Premium / contact us.

Talk to us about Sovereign

Your data is safe — even on your worst day.

Confidentiality is only half of trust. The other half is never losing the work. Your clients' data is backed up continuously and automatically — and engineered to come back fast, even from the bad days.

Always backing up. Continuous, automatic backups — if something ever goes wrong, we roll back to minutes before, not days. Nothing for you to remember or run.

Ransomware-resistant. At least one copy is immutable — it can't be altered or deleted, even by an attacker. Ransomware can't reach it.

In several independent places. Your data is kept in multiple locations, including one outside our main host — so no single failure, ours or a vendor's, can wipe it out.

Canadian data stays in Canada. Every copy. A Canadian firm's backups never leave Canada — residency holds all the way down to the backups.

Proven, not assumed. We don't just make backups — we automatically test that they restore. A backup we've never restored isn't a backup.

Always yours to take. Export everything, anytime — and schedule a copy to your own storage. Your data is yours; there's no lock-in.

No one can promise nothing will ever break. What we promise is that when it does, your data is recoverable — fast — because we built and rehearsed for exactly that.

Your clients’ data stays in-boundary, never sent to any outside AI, never retained, and never used to train a model.

Run my free AI audit Start free

LexSteward is a marketing-technology platform, not a law firm, and does not provide legal services or legal advice. Vendors and safeguards are disclosed by function and reviewed regularly; specific model versions are an implementation detail and may change without weakening these commitments.