TL;DR: A legal AI vendor is asking you to hand over the most sensitive thing your firm holds: client documents. Before you do, get written answers on five fronts — whether your data trains models (it must not), how long it is retained and how it is encrypted, which independent certifications back the security claims, where the data lives and which subprocessors touch it, and what access controls and audit trails you get. Good vendors answer all of this quickly and put it in the contract. Evasive answers on any of it are the answer.
Legal teams evaluating AI in 2026 face a strange asymmetry: the product demos take an hour, but the confidentiality consequences last as long as the engagement. Professional duties do not pause because a tool is impressive — a lawyer who uploads client material to a system they have not vetted is making a confidentiality decision on the client's behalf, often without realising it. This guide collects the questions that surface real posture, organised so you can run them as a procurement checklist, with notes on what a good answer looks like.
Why vendor diligence is a professional duty
Bar guidance across jurisdictions has converged on the same position: lawyers may use AI, but the duties of confidentiality and competence follow the data. The American Bar Association's Formal Opinion 512 and a wave of state and national guidance treat evaluating a tool's data practices as part of the lawyer's existing obligations — the same way choosing a document management system or a cloud email provider always was. In practice that means someone at the firm must be able to explain, in plain terms, where client data goes when it enters the tool, who can access it, and what it is used for. If nobody can, the firm has a gap regardless of how good the tool is. Our overview of privilege and AI explains how these duties map onto AI workflows specifically.
Data handling: training, retention, encryption
Start with the questions that decide whether the platform is even eligible:
- Are customer documents or prompts ever used to train AI models? The only acceptable answer is no — contractually, not just by current policy. Training on client data means fragments of confidential matters can influence outputs served to strangers.
- How long is customer data retained, and what happens on deletion? Look for a defined retention window and a real deletion process, including backups. Indefinite retention "for quality purposes" is a red flag.
- Is data encrypted at rest and in transit? Industry-standard encryption at rest and TLS in transit are table stakes; the interesting follow-up is whether any staff can read customer content, under what controls, and with what logging.
- Is my data segregated from other customers'? Understand the isolation model — logical separation at minimum, with clear tenancy boundaries.
Certifications and independent audits
Claims are cheap; audits are not. Certifications tell you an independent party has tested the vendor's controls against a recognised standard.
| Certification | What it actually tells you |
|---|---|
| SOC 2 | Controls for security, availability, and confidentiality have been independently audited. |
| ISO/IEC 27001 | The vendor runs a certified information-security management system, not just point controls. |
| GDPR / UK GDPR alignment | The vendor is set up for EU and UK data-protection requirements — processing terms, rights handling, transfers. |
| India DPDPA readiness | For India-connected work: alignment with the Digital Personal Data Protection Act 2023 framework. |
Ask three follow-ups: Can we see the current reports under NDA? Is there a public trust portal where statuses stay current? And which certifications are certified versus "in progress" — a distinction sales decks tend to blur.
Data residency and subprocessors
Where data lives determines which laws reach it and what your clients can mandate. Ask which regions are available for storage and processing, whether residency covers processing or only storage at rest, and what is contractually guaranteed. Then map the supply chain: every AI platform sits on other providers — cloud hosting, model APIs, support tooling — and your data may flow through them. Ask for the current subprocessor list, the regions where each operates, the terms that bind them (including no-training commitments passed through to model providers), and how you are notified when the list changes. Our companion piece on data residency for legal teams goes deeper on when residency genuinely matters and when it is theatre.
Access controls and audit trails
Confidentiality inside the firm matters as much as confidentiality against outsiders. A legal-grade platform should offer:
- Role-based access control — project-level permissions (Owner, Editor, Viewer) inside organisation-level admin and member roles, so lateral hires do not inherit every matter.
- A complete audit trail — who ran what, on which files, and when, searchable by an administrator. This is what lets you answer a client's "who accessed our documents?" with evidence rather than assurance.
- Sensible session and account controls — organisation management, clean member offboarding, and a pending-invite state you can see and revoke.
These features double as ethics infrastructure: screening walls, matter confidentiality, and client audit rights are all easier to honour when the platform enforces and records access. See data security for law firms for the firm-side controls that pair with them.
AI-specific questions most checklists miss
Generic vendor questionnaires were written for SaaS, not AI. Add these:
- Are outputs grounded in retrieved sources with citations to page and passage? Verifiability is a security property: it is your defence against acting on fabricated content.
- Are citation labels deterministic or model-written? Deterministic labels — copied from the source — prevent a real authority from being mangled into a fake-looking one.
- What is the human-in-the-loop posture? The tool should be built for lawyer review — tracked changes, accept/reject controls, confidence flags — not silent automation.
- Which model providers sit underneath, and do no-training terms bind them too? A vendor's promise means little if the model API behind it keeps prompts.
- What does the system do when it is unsure? Good answers: asks a clarifying question, flags low confidence, says "not addressed". Bad answer: it always answers.
Commercial questions with security consequences
Three commercial terms quietly shape your risk. Pricing transparency: opaque usage pricing pushes teams toward unapproved free tools — exactly the shadow-AI behaviour that causes breaches; a stated subscription with clear usage credits keeps everyone on the governed platform. Data on exit: confirm you can export your work product (and its citations) in standard formats, and that deletion follows termination on a defined schedule. Plan gating: if security features like audit trails or access roles are locked to enterprise tiers, smaller teams end up less protected — prefer vendors whose security posture applies to every plan.
Red-flag answers that should end the conversation
- "We may use customer data to improve our models" — in any form, however hedged.
- "We're SOC 2 ready" or "certification is on our roadmap" with nothing independently audited today.
- No subprocessor list, or refusal to name model providers.
- "Zero hallucinations" or "100% accurate" — measurable overclaim that tells you how the vendor treats truth generally.
- No audit trail, or access roles that exist only in the top tier.
- Verbal assurances the vendor will not put in the contract.
How Judicio answers these questions
We built Judicio to pass this questionnaire, and we publish the posture rather than asserting it. Customer documents and prompts are never used to train AI models; data is encrypted at rest and protected with TLS in transit; a defined 90-day retention window applies; and role-based access with project-level Owner/Editor/Viewer permissions and a full, searchable audit trail is part of the platform — see Collaboration. Judicio runs on Google Cloud Platform, with data residency options in the United States, European Union, and India on enterprise plans. Certifications — SOC 2, ISO/IEC 27001, GDPR, UK GDPR, and India's DPDPA 2023 — are listed with live status on our Trust Centre, and outputs are grounded with page-and-passage citations and deterministic labels as documented on our methodology page. Pricing is stated up front with a 7-day free trial (500 credits, no credit card), and every plan includes every feature. If your security team has questions beyond this page, talk to us — that is what the diligence process is for.
This checklist is general information, not legal advice. Confirm the requirements that apply to your firm, clients, and jurisdictions before selecting any vendor.
