HomeThe Review PlatformSecurity & Confidentiality

Security and Confidentiality

A single-tenant cloud boundary where privileged ESI is processed in-account and never trains any model.

Privileged ESI deserves a hard boundary, and the platform is architected around one. These are structural properties of the deployment, not promises in a policy PDF.

One Boundary, One Tenant

Each matter runs in a dedicated, single-tenant AWS environment. Documents are processed by AI models inside that same environment - content is not retained by the model provider and is never used to train anyone's model. Evidence does not wander between vendors to get processed.

Access Under Your Control

  • Named, allowlisted reviewers only - no shared logins, no open signup.
  • Passwordless sign-in; sessions expire.
  • Every page and every API call independently verify identity - defense in depth.
  • Access is logged, giving a defensible record of who viewed what and when.

Your Account, Your Keys

The architecture is portable by design. The platform can be deployed into a client's own cloud account, under the client's own encryption keys - so the client, not the vendor, holds the data and can revoke access at any time. For firms and corporate clients with strict data-governance requirements, that turns a vendor-trust question into a configuration detail.

Works Together With

Frequently Asked Questions

Is my client data used to train AI models?

No. Documents are processed by AI models inside the same single-tenant cloud environment where the evidence lives. Content is not retained by the model provider and is never used to train anyone’s model.

Who can access the review platform?

Named, allowlisted reviewers only, signing in with passwordless login. Every page and every API call independently verify identity, sessions expire, and access is logged - giving a defensible record of who viewed what and when.

Can we run the platform inside our own cloud account?

Yes. The architecture is portable by design: it can be deployed into a client’s own AWS account, under the client’s own encryption keys, so the client - not the vendor - holds the data and can revoke access at any time.

Is the data encrypted?

Yes - in transit and at rest, throughout the environment. Combined with access logging and a single-tenant boundary, that gives privileged ESI the protection a court would expect.

See it on your matter

Bring us a messy collection - mailboxes, scans, phones, recordings - and watch it become one searchable, defensible record.