Secure by Design

The Real Question Isn't Whether — It's How

Every law firm technology committee is having the same conversation right now. The anxiety is real: generative AI touches client data, and client data implicates confidentiality obligations that predate the internet by centuries. But the conversation too often stalls at a binary — adopt or prohibit — without a structured way to evaluate the actual risks.

Recent legal scholarship offers a more productive framework. In Client Confidentiality and Generative AI, Georgetown Law professor Jonah Perlin breaks confidentiality into three distinct professional duties, each with a corresponding AI-specific risk. This is how Clevermore approaches the problem.

Three Duties, Three Risks

Client confidentiality in the legal profession isn't one obligation — it's three:

1. Secrecy — Don't reveal client information. (Risk: AI disclosing data in outputs)
2. Security — Protect client information from unauthorized access. (Risk: AI providers storing or exposing data)
3. Loyalty — Don't use one client's information to benefit another. (Risk: AI cross-contaminating between clients)

Most firms fixate on the first. The second is where the real exposure lies. The third is the one almost nobody is thinking about yet. Here's how each maps to Clevermore's architecture.

The diagram above shows how data flows through the system. At every step, zero-retention policies are enforced. For complete details, see our Privacy Policy.

Secrecy: Preventing Disclosure

The duty of secrecy is the most intuitive — don't let client information leak out. With AI, the disclosure risk takes a specific form: could the model incorporate your client's data into responses served to others?

AI processing in Clevermore is stateless and zero-retention by design. When your email content is sent to an AI provider for task extraction, wiki updates, or draft generation, the provider processes it and discards it immediately. No prompts, inputs, or outputs are logged or retained on the provider's side. No human at the AI provider reviews your data at any stage.

• Zero data retention — All AI providers are configured with zero-retention policies. Your data is processed and discarded. It is never stored on provider infrastructure after the response is returned.
• No model training on inputs — Client data is never used to train, fine-tune, or improve AI models. What goes in does not become part of what comes out for anyone else.
• Stateless processing — Each AI interaction is independent. There is no session memory, no conversation history retained by the provider, no accumulated context that could surface in a subsequent query.
• Provider-agnostic architecture — Clevermore is not locked to a single AI vendor. Firms can choose the provider that fits their existing policies, and bring-your-own-key configurations give full control over the API relationship.

Security: Controlling Access

The duty of security — safeguarding client information from unauthorized access — maps to what the framework identifies as the most significant real-world risk with AI adoption. The concern isn't hypothetical model leakage; it's concrete questions about who can access the data while it's being processed and stored.

This is where architecture matters most. A multi-tenant SaaS platform that routes your data through shared infrastructure creates access vectors that don't exist in a single-tenant deployment.

Every Clevermore deployment is single-tenant: each firm runs on its own dedicated Azure infrastructure. There are no shared databases, no shared compute instances, and no commingled data between organizations. This isn't logical separation within a multi-tenant system — it's physical isolation at the infrastructure level.

Each deployment provisions its own PostgreSQL, Redis, and Web PubSub instances, all within the firm's Azure environment. Authentication flows through the Microsoft identity platform using the on-behalf-of token pattern, meaning credentials never leave the firm's tenant boundary. Email content flows directly from Microsoft Graph to AI processing and back — Clevermore acts as an orchestration layer, not a data warehouse.

• AES-256 encryption at rest — All stored data (tasks, contacts, knowledge base entries) is encrypted using AES-256, the standard used by financial institutions and government agencies.
• TLS 1.3 in transit — All data transmission between components uses current-generation transport encryption.
• OAuth2 via Microsoft identity — Authentication uses the firm's existing Microsoft identity infrastructure with the on-behalf-of (OBO) token flow. No separate passwords, no additional credential stores, no intermediary authentication systems.
• Dedicated infrastructure per firm — Each deployment provisions its own PostgreSQL, Redis, and Web PubSub instances, all within the firm's Azure environment.

Loyalty: Preventing Cross-Contamination

The duty of loyalty requires that a lawyer not use information gained from one client's representation to the disadvantage of that client or to the advantage of another. In AI terms, this means preventing cross-client contamination — ensuring that Client A's data never influences outputs generated for Client B.

This risk is subtle and largely unaddressed by most AI tools. Clevermore handles it structurally. Within each deployment, user data is isolated at the database level through per-user partition keys. One user's wiki entries, contact profiles, and extracted insights are completely invisible to other users in the same organization. There is no shared pool of cross-user data that could create inadvertent conflicts or information leakage.

Combined with zero-retention AI, this creates true isolation at every layer: no context carries over between AI sessions, no data crosses between users within a firm, and no information crosses between firms. The separation is physical — not just logical.

• Per-user data isolation — All user-generated data (wiki entries, contact profiles, extracted insights) is partitioned by user identity at the database level. There is no shared pool of "firm knowledge" that could create inadvertent conflicts.
• Zero-retention AI eliminates context carryover — Because the AI provider retains nothing between sessions, there is no mechanism for one client's information to leak into another client's processing. Each interaction starts clean.
• Single-tenant architecture prevents cross-firm leakage — Even at the infrastructure level, one firm's data cannot interact with another's. The isolation is physical, not just logical.

Regulatory Compliance

Clevermore's architecture aligns with the data protection standards that professional services firms are held to. The single-tenant deployment model, zero-retention AI processing, and per-user data isolation are designed to satisfy requirements across major regulatory frameworks — not as a compliance overlay, but as inherent properties of the system.

• GDPR (General Data Protection Regulation)
• CCPA (California Consumer Privacy Act)
• Microsoft Graph API Terms of Service compliance

Enabling Practice, Not Prohibiting Technology

The firms that will thrive are not the ones that ban AI tools — they're the ones that adopt AI within a structured risk framework. The three-duty analysis provides that structure: evaluate every tool against secrecy, security, and loyalty, and you can make informed decisions rather than anxious ones.

Clevermore was built around this framework from the ground up. Not because we read about it after the fact, but because these are the constraints that matter when you're building technology for a profession where confidentiality is non-negotiable.

If you have questions about our security architecture or need documentation for your firm's vendor review process, reach out at security@clevermore.ai.

For complete details on data handling, processing, and your rights, see our Privacy Policy.