How We Use AI
We use AI on your matters the way you wish every firm did: on our own hardware, under a named lawyer's signature, with every citation machine-verified — and we can prove all three.
Where your information lives
Privileged matter work runs on computers we own. Our AI stack is self-hosted open-source software (LQ.AI, Apache-2.0 — yes, you can read the code) running open-weight models on firm hardware. For privileged work, nothing leaves our perimeter: no cloud AI provider receives your documents, and there is nothing to “opt out” of because no third party is involved.
A hard technical floor, not a policy promise. Our gateway enforces a per-matter confidentiality tier: work marked privileged is refused routing to any external service — HTTP 403, logged. Policy is what we promise; architecture is what we can't accidentally break.
Consumer AI tools are banned for client work — by that same architecture and by written protocol. (Independent research found 17 of 20 consumer chatbots leaking data to third parties; we treat that as disqualifying, not as a settings problem.)
Where we use advanced cloud AI at all (abstract legal research, never client facts), it runs under a written Clean-Room Protocol: no client identifiers or identifying fact patterns, ever.
Confidentiality decides the compute
Every piece of work in the firm carries a confidentiality tier, and the tier — not convenience — decides where it is allowed to run. The most sensitive work gets the most controlled hardware; the most abstract work gets the biggest models.
Tier 1 · Privileged matter work
Your documents, your facts, anything covered by privilege
Local open-weight models on firm hardware
Never cloud. The gateway refuses external routing for this tier — HTTP 403, logged — so the confidentiality is structural, not procedural.
Tier 2 · Abstract research & public materials
Legal research on public law — no client identifiers, no identifying fact patterns, ever
Controlled cloud lanes
Frontier models, but only inside written protocols (our Clean-Room Protocol): scoped, logged, and revocable lane by lane.
Structural confidentiality
Privileged work cannot reach a cloud vendor, because no route to one exists at that tier. You do not have to trust our discipline — the architecture refuses on our behalf.
Full cost control
Machine time on our own hardware is a fixed cost of production we control completely; we buy cloud compute only for the narrow lanes where it is safe and worth it. Neither shows up on your invoice as hours.
How we keep the AI honest
Every citation is verified character-for-character against the source document before a human ever relies on it; unverified citations are flagged red, not smoothed over. Your deliverables can include the verification log.
We benchmark before we trust. Our review tooling is tested against a 50-document gold corpus with known defects; we know its measured recall and its failure modes, and our lawyer review is calibrated to them. When we upgrade models, we re-run the benchmark first — upgrades are measured, not assumed.
A licensed lawyer signs everything. AI does first-pass work; accountability never moves. This is also our regulatory posture under California's emerging AI ethics rules — our verification logs are built to satisfy them.
What this means for you
Fixed prices, faster turnarounds
AI efficiency shows up in your invoice, not just our margin.
EU/Spain matters
The same architecture satisfies GDPR residency and professional-secrecy duties structurally — your data can be processed entirely within our EU footprint on request.
Auditable on request
Engagement clients may request our AI-use summary for a matter — which systems touched it, at which confidentiality tier, with the citation-verification record.
When your agents call ours
Engagement clients may connect their own AI agents to our Agent Gateway (MCP and REST), using API keys they issue and revoke from their client portal. Gateway traffic runs inside the client's privileged workspace on firm hardware, under the same tier gateway as our own work — privileged content is refused external routing for client agents exactly as it is for us, and each key is scoped to its own matter only.
Gateway tools are split in two. Self-serve tools (Class S) return status information, document-intake confirmations, and machine-produced drafts watermarked “DRAFT — work-product tooling; attorney review pending; not legal advice” — they carry no attorney signature and are not legal advice. Attorney-signed tools (Class A) queue the request for a licensed attorney, who reviews and signs the deliverable before it is released back to the client's agent. Every gateway call, including refusals, is written to an append-only audit log that feeds the per-matter AI-use summary clients can request. Machine time consumed by client agents is included in the flat plan and accounted as our cost — never billed per call.
The disclosure you should expect from any firm
Ask your law firms these four questions. Our answers:
1. Which AI vendors receive our documents?
For privileged work: none.
2. Can you prove it?
Yes — routing logs, per matter.
3. How do you catch AI errors?
Machine-verified citations + benchmarked recall + lawyer sign-off.
4. Who is accountable?
The signing attorney. Always.
Our AI stack's open-source foundation, LQ.AI (Apache-2.0), is authored by Kevin Keller and the LegalQuants community; we contribute back. Related: engagement terms (our standard letter is provided in full before you sign anything).