Privileged ESI deserves a hard boundary, and the platform is architected around one. These are structural properties of the deployment, not promises in a policy PDF.
One Boundary, One Tenant
Each matter runs in a dedicated, single-tenant AWS environment. Documents are processed by AI models inside that same environment - content is not retained by the model provider and is never used to train anyone's model. Evidence does not wander between vendors to get processed.
Access Under Your Control
- Named, allowlisted reviewers only - no shared logins, no open signup.
- Passwordless sign-in; sessions expire.
- Every page and every API call independently verify identity - defense in depth.
- Access is logged, giving a defensible record of who viewed what and when.
Your Account, Your Keys
The architecture is portable by design. The platform can be deployed into a client's own cloud account, under the client's own encryption keys - so the client, not the vendor, holds the data and can revoke access at any time. For firms and corporate clients with strict data-governance requirements, that turns a vendor-trust question into a configuration detail.
Works Together With
- Chain of CustodyImmutable originals, content hashing, full lineage, inventory sign-off, and append-only audit trails throughout.
- Bates ProductionReview decisions to a served, Bates-numbered package with a fail-closed privilege gate and a verifiable manifest.
- Intake & OperationsSecure browser uploads, automatic ingestion of new arrivals, a missing-records register, and live pipeline monitoring.
Frequently Asked Questions
Is my client data used to train AI models?
No. Documents are processed by AI models inside the same single-tenant cloud environment where the evidence lives. Content is not retained by the model provider and is never used to train anyone’s model.
Who can access the review platform?
Named, allowlisted reviewers only, signing in with passwordless login. Every page and every API call independently verify identity, sessions expire, and access is logged - giving a defensible record of who viewed what and when.
Can we run the platform inside our own cloud account?
Yes. The architecture is portable by design: it can be deployed into a client’s own AWS account, under the client’s own encryption keys, so the client - not the vendor - holds the data and can revoke access at any time.
Is the data encrypted?
Yes - in transit and at rest, throughout the environment. Combined with access logging and a single-tenant boundary, that gives privileged ESI the protection a court would expect.
