How privilege holds
This page covers the privilege, security, and privacy posture of Legal Intelligence: how privilege is preserved, the attorney-client exchange channel, cross-client isolation, cloud-AI handling, local data, matter lifecycle, what we do not claim, and a path to talk with the founder and request the Data Processing Addendum (DPA).
The framing is structural. Privilege preservation rests on architecture and contract together, not on a stated assurance.
ABA Formal Opinion 477R sets the standard: lawyers must take reasonable steps to maintain client confidentiality when using technology to communicate or store client information. The platform's architecture and contractual posture are designed as a structural input to the firm's reasonable-steps analysis under that standard.
Security and privilege are different concerns. Security asks whether the data is safe in transit and at rest. Privilege asks whether the firm has waived privilege by sending case materials to a third party. This page addresses both, separately.
Rule references use the ABA Model Rules as the lingua franca; state adoption varies, and the firm's jurisdictional analysis remains the firm's. Privilege survival is itself a tribunal determination; the platform's role is to make the firm's reasonable-care answer load-bearing.
The attorney-client channel
Legal Intelligence carries the attorney-client leg over a platform-operated transient exchange channel. This is the only server-side component the platform admits. Four committed sub-invariants govern the channel.
End-to-end content protection
Message and file content is end-to-end protected on the attorney-client leg. The channel operator cannot read content and cannot be compelled to produce content it does not hold.
Zero-retention contractual guarantee
The operator retains no content after delivery. Routing metadata necessary for delivery is bound by the same guarantee.
Protocol-layer metadata minimization
Identifiers visible to the operator are opaque per-engagement handles. Filenames and document titles are encrypted with content, not exposed alongside metadata.
Bounded subpoena producibility
If the channel operator is served, producible records are limited to opaque routing handles, delivery timestamps, and padded sizes. No firm, client, matter, content, or filename is recoverable from operator records. This is the platform's articulation of Rule 1.6(c) "reasonable efforts."
ABA Formal Opinion 477R cautions that contractual zero-retention without structural minimization is insufficient: a vendor's promise not to keep your data is not enough if the vendor architecturally could read or expose it. The platform commits to both.
The content carried on the channel is part of the firm's attorney-client workflow on an active engagement and falls within the scope of the privilege the firm asserts on its client's behalf. The transport posture is engineered so that any compelled production from the channel operator yields nothing of privileged substance; the privileged content itself lives on firm and client machines.
Cross-client isolation
Cross-client isolation is a commitment under Rule 1.6(a) (confidentiality) and Rule 1.6(c) (reasonable efforts to prevent inadvertent disclosure), with potential Rule 5.3 supervisory exposure for vendor-mediated breach. The invariant is stated here; the specific mechanisms that satisfy it are downstream design decisions.
No client actor on any platform surface observes the existence, metadata, or content of any matter other than the engagements that actor is a party to. No client install renders, indexes, caches, or can be subpoena-compelled to reveal data from another firm's engagement or from another client of the same firm.
Clients also do not observe firm-internal routing, paralegal annotations, intra-firm matter-team threads, or operator-visible metadata about other clients of the firm.
Prospective-client material (Rule 1.18) is isolated from converted-client material at the same firm to support the firm's obligations on information from prospective-client consultations.
Cloud-AI handling
Cloud language-model calls are used only to organize inbound material into the matter — for example, attaching a received document to the right matter and extracting routing metadata such as sender and date. They are not used to analyze, evaluate, or reason about case content.
Every call traverses one platform-level privilege gate before any content leaves the local environment. The gate is enforced by construction. No code path can transmit privileged content to a cloud provider without traversing it.
The platform calls Mistral AI Studio from the application running on the firm's computer. The Mistral API is governed by Mistral's commercial terms and an automatically-incorporated Data Processing Addendum (effective March 12, 2026; EU Standard Contractual Clauses Module 4 for restricted-country transfers). A copy is available on request.
Zero Data Retention
Zero Data Retention (ZDR) is enabled on the platform's Mistral account. Under Mistral's DPA §2.3, abuse-monitoring processing of the platform's API calls is contractually excluded when ZDR is active. Operationally, Mistral does not store or log inputs and outputs beyond what is strictly necessary to generate the output.
Training opt-out
Training of Mistral models on customer content is disabled on the platform's account.
Stateless endpoints only
The platform uses Mistral's stateless endpoints (chat completion, embeddings, classifiers, OCR) for case content. The platform does not use Mistral's stateful products (Agents, Conversations, Batch, Le Chat), which are outside ZDR scope.
The privilege gate is the architectural constraint; the DPA, ZDR, and training opt-out are the contractual instruments. The two together support the firm's reasonable-care answer under the Heppner analysis.
Local data and matter lifecycle
Local data
Local case files
Case files stay where the firm and the client put them — local drive, OneDrive, Google Drive, Dropbox, or a managed-device equivalent. Their protection follows the firm's existing endpoint and storage controls. The application does not re-encrypt case files.
Application-internal files
Application-internal files, including the local case-model database, inherit the operating system's file-system protections in v1. Firms running Legal Intelligence on devices with full-disk encryption enabled (BitLocker on Windows, FileVault on Mac, MDM-enforced equivalents) get encryption at rest through the OS. Application-managed encryption for the local case-model database is a roadmap enhancement.
Access control
Access follows the operating system's sign-in model. Firms with stricter access requirements apply their existing endpoint controls; the application coexists with them rather than introducing a parallel access-control system.
Matter lifecycle
End-of-matter
The case model, drafts, and prep notes remain in the case folder structure where the firm chose to keep them. Removal follows the firm's retention policy. There is no Kacti AI cloud copy to delete or retain.
Application uninstall
Removes the application files. The case files and case model in the firm's chosen folders are not touched.
Export
The case model is portable. The firm can take it with them.
What we do not claim
Privilege is not a status conferred by software. The lawyer's conduct of the matter (whom they communicate with, on what terms, with what supervision) determines privilege. The platform is one part of the reasonable-steps analysis, not a substitute for it.
The platform does not claim tribunal-binding privilege guarantees. Privilege survival is a tribunal determination; the platform supplies the engineering and the record.
The platform does not claim malpractice-carrier underwriting clearance. The transport posture is engineered to be answerable on standard carrier questionnaires, not to substitute for the carrier's review.
Application-managed encryption at rest for the local case-model database is a roadmap enhancement; v1 inherits operating-system-level full-disk encryption (see §5).
Kacti AI does not itself hold SOC 2, ISO, or HIPAA certifications. Mistral publishes its own attestations (SOC 2 Type II, ISO 27001 / 27701) through its Trust Center; Kacti AI is in the process of requesting those reports for our records and does not yet hold copies in hand.
Talk to the founder and request the Data Processing Addendum (DPA)
If your IT, privacy, or ethics review needs a closer look at the privilege and security posture, the founder is open to walking through it with the firm's reviewers and providing the supporting documents. The conversation can include the Mistral DPA, the ZDR approval evidence, and any specific firm-policy questions.