Privilege survives by architecture
AmLaw 200 firms, regional practices, and boutique M&A/IP shops use 1331 so attorneys can use AI on live matters without inviting a privilege waiver or an ethics complaint.
“A lawyer's competence requires understanding the benefits and risks of GenAI; the duty of confidentiality requires lawyers to evaluate the risks that client information will be disclosed to or accessed by others outside the firm before inputting that information into a GenAI tool.”
Every hosted-model call that touches a client matter is now an affirmative obligation: you must assess the tool's data handling before the prompt leaves the firm. NYC Bar Formal Opinion 2024-5 and at least nine state bar opinions reinforce this. No marketing-side BAA, ToS update, or 'we don't train on your data' page closes that gap on its own.
“My GC banned ChatGPT firm-wide after reading Op. 512 — but our partners are still doing it on personal devices, and clients are starting to ask in MSA renewals whether we use AI on their files.”
Firms standardize on either an appliance in the server room (Owned) or a dedicated VPC under the firm's cloud contract (Controlled). Both give a GC the same answer: client matter data never reaches a third-party model provider.
Compliance by architecture, not by contract footnote.
No third-party model provider in the path
Open-weight models (Llama, Qwen, Mistral) run on infrastructure you control. There is no OpenAI, Anthropic, or Google subprocessor to disclose on a client engagement letter.
Per-matter audit logs
Every prompt, completion, and routing decision is tagged with a matter ID and exported to your DMS or SIEM. Your GC has a defensible answer the day a partner is questioned about an AI-assisted work product.
BYO-key burst for non-privileged work
When a task is demonstrably non-privileged (recruiting copy, internal IT tickets), policy can route to your own GPT-5/Claude/Gemini keys with a hard budget cap. Privileged matters never leave the local model.
No training, no retention, no telemetry
1331 never trains on prompts. Conversation retention is configurable per matter, and the appliance can run with zero outbound connectivity — the only call home is a signed offline update bundle.
The decision is rarely one person.
We've built collateral for each seat at the table — from the GC reading the bulletin to the platform lead writing the diagram.
Your clients hired you. They didn't hire OpenAI.
1331 gives a Managing Partner a one-page answer for the client-MSA AI questionnaire, a CISO a network diagram with no outbound model traffic, and a GC the ABA Op. 512 assessment the firm can attach to its risk file.