How to read this page
This page covers the privilege, security, and privacy posture of Legal Intelligence in depth.
The system shape (where data lives, what crosses the boundary, the two-module architecture) is on the Architecture page. Read that first if you have not.
The framing here is structural. Privilege preservation depends on the architecture and the contract, not on a stated assurance.
Some specifics are under active design at the time of writing. Items in that state are flagged inline. The page is updated when each locks.
Privilege preservation
ABA Formal Opinion 477R sets the standard: lawyers must take reasonable steps to maintain client confidentiality when using technology to communicate or store client information. Local-first storage plus Anthropic's API under enforceable contractual terms is a structural input to the firm's reasonable-steps analysis under that standard. Privilege still depends on the lawyer's conduct of the matter (see §9 What we do not claim).
Privilege and security are different concerns. Security asks: is the data safe in transit and at rest? Privilege asks: have I waived privilege by sending case materials to a third party? This page addresses both, separately.
The third-party exposure surface for Legal Intelligence is one well-defined boundary: the AI processing request to Anthropic, governed by Anthropic's commercial terms. Everything else stays on the firm's computers.
Attorneys evaluate risk through contracts, not through architectural claims alone. The contractual terms named in §4 are the verifiable instrument.
Privilege vs security: what each covers
The security checklist (covered in §5 through §8) answers: encryption in transit, content handling, local data protection at rest, access controls, matter lifecycle.
The privilege checklist (covered in §2 and §4) answers: third-party exposure surface, contractual retention bounds, no training on customer content, ABA 477R alignment.
Both apply. Neither substitutes for the other.
AI provider and contractual terms
Legal Intelligence calls Anthropic's API directly from the application running on the firm's computer. Trust documentation lives at trust.anthropic.com. Privacy documentation lives at privacy.claude.com.
The direct API is not consumer Claude.ai.
This direct connection to Anthropic's API is governed by Anthropic's Commercial Terms of Service and an automatically-incorporated Data Processing Addendum with Standard Contractual Clauses. The consumer Claude.ai products (Free, Pro, Max) operate under different terms that do not apply here. Anthropic itself maintains separate privacy articles for the two tracks; we link both for verifiability.
Retention.
Under Anthropic's Commercial Terms, the default policy is to "automatically delete inputs and outputs on our backend within 30 days of receipt or generation" (Anthropic privacy hub, retrieved 2026-04-25). Kacti AI operates on this 30-day default. Zero data retention is available on eligible Anthropic APIs by a separately-executed agreement; Kacti AI is evaluating that path for a future revision but has not signed a ZDR agreement at the time of writing.
A separate trust-and-safety exception applies: Anthropic retains classification metadata (not raw content) for up to seven years on requests flagged by Anthropic's automated systems. This applies to scoring metadata, not to the case content itself.
No training on Customer Content.
Anthropic Commercial Terms § B (Customer Content): "Anthropic may not train models on Customer Content from Services."
DPA and SCCs in force.
Anthropic's Data Processing Addendum with Standard Contractual Clauses is automatically incorporated into the Commercial Terms; no separate signing is required. The firm may request a copy. The DPA is published at anthropic.com/legal/data-processing-addendum. The SCCs satisfy the GDPR Article 46 transfer mechanism for AI processing requests crossing into Anthropic's US infrastructure.
Compliance attestations.
Anthropic publishes the following on the commercial side:
- SOC 2 Type I and Type II
- ISO 27001:2022 (Information Security Management)
- ISO/IEC 42001:2023 (AI Management Systems)
For firms with healthcare matters, Anthropic publishes a HIPAA-ready configuration; a BAA is available from Anthropic on request. Kacti AI does not itself sign BAAs: case data does not pass through Kacti AI servers, so a Kacti AI BAA would be without object. Where a BAA is needed, it is between the firm and Anthropic directly.
The underlying reports are requested under NDA at trust.anthropic.com/resources.
The contract is the verifiable instrument. The architecture is the structural reinforcement.
Encryption in transit
All API calls to Anthropic use TLS over HTTPS. Anthropic's published minimum is TLS 1.2 with TLS 1.3 supported. From Anthropic's Claude Code Data Usage documentation (docs.anthropic.com, retrieved 2026-04-25): "encrypted in transit via TLS 1.2+". The full SOC 2 audit language is available on request through the Trust Portal at trust.anthropic.com under NDA.
Anthropic's privacy hub additionally states (retrieved 2026-04-25): "Your data is automatically encrypted both while in transit, and stored (at rest)." The at-rest portion of that statement applies to data while it is in Anthropic's systems during the bounded retention window described in §4; protections for data at rest on the firm's computers are addressed in §7.
No unencrypted data crosses the public network.
How case content reaches Anthropic
Intent.
Case files are never transferred as files. The application does not upload a document to Anthropic. Anthropic has no file object it could store independently of a request.
What we send.
Only the content the current prompt requires: the prompt itself, plus the relevant excerpts from the case model needed to answer it. Unrelated case material is not bundled in.
Acknowledged reality.
For some prompts, the relevant content may be the full text of a single document. That content travels as part of the request, not as a stored file. It is processed for the answer and discarded under the API terms (per §4).
Encrypted in transit.
The transfer is over an encrypted channel (per §5).
Retention on Anthropic's side.
Bounded by Anthropic's Commercial Terms (per §4): 30-day deletion of inputs and outputs (the default policy that applies to Kacti AI today), with no training on customer content. A Zero Data Retention agreement is available on eligible Anthropic APIs and is on Kacti AI's evaluation list for a future revision.
The default policy in v1: send only what the current prompt requires.
This is the load-bearing rule, applied for both privilege/security and operational-efficiency reasons. The Assistant constructs each prompt to include exactly the relevant excerpts from the case model; unrelated case material is not bundled in. The default policy holds regardless of any further classification.
Privilege-class flags and a firm-configurable content classifier are on the roadmap, not in v1. Future revisions will let firms mark content as privilege-sensitive and define additional handling rules. The page is updated when those features ship.
Local data protection
Case files
Stay where the firm puts them: local drive, OneDrive, Google Drive, or Dropbox. Their protection follows the firm's existing endpoint and storage controls (full-disk encryption mandates, MDM, and so on). The application does not re-encrypt case files.
Application-internal files
Include the local case-model database, prep notes, and drafts. In v1, these inherit the operating system's file-system protections rather than carrying an application-managed encryption layer of their own.
In practice this means firms running Legal Intelligence on devices with full-disk encryption enabled (BitLocker on Windows, FileVault on Mac, or MDM-enforced equivalents — MDM is mobile device management) get encryption at rest through the OS. We recommend enforcing full-disk encryption on managed devices as a baseline endpoint control. Most firms already do; for those that don't, this is the place to start.
Application-managed encryption for the local case-model database is a roadmap enhancement for a future revision. The page is updated when it ships.
Access control
Is the operating system's sign-in model: whoever can sign in to the machine and reach the case folders can reach the case data.
Firms with stricter access requirements apply their existing endpoint controls. The application coexists with them rather than introducing a parallel access-control system.
Matter lifecycle
End-of-matter.
The case model, drafts, and prep notes remain in the case folder structure where the firm chose to keep them. Removal follows the firm's own retention policy.
Application uninstall.
Removes the application files. The case files and case model in the firm's chosen folders are not touched.
Export.
The case model is portable. The firm can take it with them.
There is no Kacti AI cloud copy to delete or retain. End-of-matter cleanup is firm-controlled because the data lives in the firm's folders to begin with.
What we do not claim
Privilege is not a status conferred by software. The lawyer's conduct of the matter (whom they communicate with, on what terms, with what supervision) determines privilege. The system is one part of the reasonable steps analysis, not a substitute for it.
The architecture and the contract reduce specific risks: third-party data retention beyond a bounded window, third-party subpoena exposure of case data, case content being used to train AI models. They do not eliminate every risk.
Encryption at rest for application-internal files inherits the operating system's full-disk encryption in v1; an application-managed layer is a roadmap enhancement (per §7).
Talk to the founder and request the Data Processing Addendum (DPA)
If your IT, privacy, or ethics review needs a closer look at the privilege and security posture, the founder is open to walking through it with the firm's reviewers and providing the supporting documents. The conversation can include the Anthropic DPA, Anthropic's published trust documentation, and any specific firm-policy questions.