Confidential AI intake

Every other AI intake tool sends your client’s name to the model.
Ours never does.

Law firms are cautious about AI for one reason above all others: confidentiality. ABA Model Rule 1.6 requires reasonable measures to prevent unauthorised disclosure of client information — yet most AI intake tools send the full conversation, names and addresses and case details, straight to a third-party model.

Request a demo See how it works

For firms that care about privilege, that’s a real compliance concern — and the reason so many have held back from AI at intake. We built PROVEAiBLE so you don’t have to make that trade-off.

How we’re different

The AI never sees who the client is.

Before any data reaches a model, personal identifiers are stripped on our server and replaced with neutral tags. The AI only ever works on the redacted version — every single call.

What the client writes
“Hi, my name is Maria Alvarez. I was hit by a delivery van on 3 March outside 22 Bridge Road. The driver, Tom Becker, gave me his number, 0412 998 221. My hospital reference is MRN-48217.”
What the AI processes
“Hi, my name is [CLIENT]. I was hit by a delivery van on 3 March outside [ADDRESS]. The driver, [OTHER_PARTY], gave me his number, [PHONE]. My hospital reference is [DOC_ID].”

This isn’t an optional setting or a policy commitment. It’s a technical step that runs in the architecture before every AI call. The mapping between the tags and the real values is held separately and never transmitted to the model.

What this means in practice

Three guarantees, built into the product.

The model never sees client names

[CLIENT] and [OTHER_PARTY] are what the AI processes. The mapping between those tags and the real names is held separately and never transmitted — so identifying information simply never reaches the third-party model.

Your data runs on your key

BYOK means the AI call is made under your organisation’s own API account. Your provider’s terms govern that call — not ours. We never hold your API key and never have visibility into your AI account. What is BYOK? →

Nothing stays on our servers

Client matter data is processed transiently and permanently deleted the moment the case file is delivered to your inbox. The only thing we store is your organisation’s configuration — widget settings, branding, delivery address.

The same redaction architecture applies in every language the client might use — identifiers are stripped before the model runs, whether the intake is in English, Arabic or any of 60+ languages.

The compliance record

Proof, not just a promise.

Delivered with every case file

Every redaction is logged with a timestamp.

When the case file arrives in your inbox, it comes with a record of what was redacted and when — showing that the AI only ever processed the protected version.

It’s a consent record you can keep on file. This is not a claim about how the product behaves. It is a deliverable, in your hands, every time.

ABA Model Rule 1.6

Reasonable measures, built in — not bolted on.

Rule 1.6 requires reasonable measures to prevent unauthorised disclosure of client information, and recent court rulings have found that uploading client data to public AI tools can waive privilege. Pre-LLM redaction, BYOK and zero retention aren’t policy commitments here — they are technical constraints built into how the product works, so the identifying information never reaches the third-party model in the first place. See the full architecture and jurisdiction notes →

Who this matters for

For firms that wouldn’t touch AI intake until now.

Immigration attorneysHighly sensitive status, family and safety details — processed without the model ever seeing who the client is.
PI firms handling medical informationInjuries, treatment and medical references are tagged out before any AI call.
CLCs serving domestic violence survivorsNames and addresses are stripped server-side — the safety case for redaction-first is not abstract.
Any firm that has hesitated to adopt AIIf confidentiality was the thing holding you back, this is the architecture that removes it.

Use AI at intake without the compliance risk.

Pre-LLM redaction. BYOK. Zero retention. Nothing to install.

Request a demo
Questions

Confidentiality, answered.

Does the AI ever see our client’s name or contact details?
No. Personal identifiers — names, addresses, document IDs, phone numbers, email addresses — are stripped on our server and replaced with neutral tags like [CLIENT] and [OTHER_PARTY] before any AI call. The model only ever processes the redacted version. The mapping between the tags and the real values is held separately and never transmitted to the AI.
What happens to client data after the case file is delivered?
It’s permanently deleted the moment the case file is delivered to your inbox. Client matter data is processed transiently — it is not retained on our servers. The only thing we store is your organisation’s configuration: widget settings, branding and the delivery address.
Who controls the AI account — you or us?
You do. The product runs on your organisation’s own API key (BYOK), so every AI call is made under your account and governed by your provider’s terms — not ours. We never hold your API key and have no visibility into your AI account.
How does this satisfy ABA Model Rule 1.6?
Rule 1.6 requires reasonable measures to prevent unauthorised disclosure of client information. Pre-LLM redaction, BYOK and zero retention are not policy commitments — they are technical constraints built into how the product works. The identifying information never reaches the third-party model in the first place. See the full compliance architecture →
Can we see what was redacted?
Yes. Every redaction is logged with a timestamp as a consent record. The case file is delivered with a record of what was redacted and when — showing that the AI only ever processed the protected version. It’s a deliverable, not a claim.
Request a demo