Why Your Legal AI Tool's Privacy Policy Isn't Enough

Every legal AI tool has a privacy policy. Most are well-intentioned. Some are even well-written. None of them are proof.

A privacy policy is a statement of intent. It says "we will handle your data this way." It doesn't prove the data was actually handled that way for any specific request. If you're an attorney with a duty of competence under Model Rule 1.1 and a duty of confidentiality under Rule 1.6(c), intent is not the standard — reasonable steps is.

The Gap Between Policy and Proof

Consider what happens when you upload a contract to a typical legal AI tool:

1. The document leaves your browser, in cleartext, over TLS.
2. It arrives at the vendor's server, where it's stored (at least temporarily) for processing.
3. The vendor's AI model processes it — possibly on shared infrastructure, possibly with logging enabled.
4. The response comes back. The document may or may not be deleted from the vendor's storage.

The privacy policy covers step 4. It says "we delete your data within 30 days" or "we don't use your data for training." But for steps 1–3, you have no visibility. You're trusting the architecture sight-unseen.

What Proof Looks Like

At BarZero, every AI request produces a Destruction Attestation Certificate — a signed, downloadable JSON artifact that records:

• What model was used (e.g., Claude Opus 4.6)
• Whether Zero Data Retention was active (boolean — honest even when it's false, like when MCP tools are used for research)
• Which external tools were touched (empty array when ZDR is true; listed explicitly when it's not)
• A SHA-256 session hash binding the certificate to the specific request
• An Ed25519 signature from BarZero's server, verifiable against our published public key
• An RFC-3161 timestamp from a third-party Timestamp Authority, so the time isn't something you have to take our word for

This isn't a promise. It's a receipt. You can download it, store it in your matter file, hand it to your malpractice insurer, or present it to a disciplinary board. It says "this is what happened to your data for this specific request," and the signature proves it hasn't been altered.

The Practical Difference

Imagine a scenario: a client asks whether you used AI to draft their contract. With a typical tool, you can say "yes, and here's their privacy policy." With BarZero, you can say "yes, and here's the cryptographic certificate proving their system never retained the document, timestamped by an independent authority."

One is a vendor promise. The other is evidence.

What to Ask Your Current Provider

If you're evaluating legal AI tools, here are three questions that separate architectural privacy from policy-based privacy:

1. Can I download a per-request proof of what happened to my data? Not a general audit report — a certificate for this specific document, this specific request.

2. Can a third party verify that proof without trusting you? If verification requires calling your API, you're the attestor and the verifier. That's not independence.

3. What happens when your privacy infrastructure fails? Does the system fail-open (process the document anyway without privacy guarantees) or fail-closed (refuse to process until the guarantee can be maintained)?

Most vendors can't answer all three. That's not because they're dishonest — it's because their architecture wasn't designed to produce per-request proof. It was designed for throughput, then wrapped in a privacy policy after the fact.

---

BarZero's open-source verifier script (scripts/verify-certificate.mjs) lets anyone — your client, your insurer, a regulator — validate a certificate using only Node.js built-ins. No BarZero account needed. The proof stands on its own.