Confidentiality & Ethics · Nevada

You held off on legal AI because of RPC 1.6. You were right to.

Every legal AI demo you have seen works by sending your client's files to someone else's cloud, and you know that runs straight into your confidentiality duty. So you have waited, watching the time savings go to firms with a looser reading of the rule. DilloLex is built so you don't have to make that trade: the hours back, without the client file ever leaving your office.

General information for Nevada legal professionals. This is not legal advice. Read the full disclaimer.

Here is the problem. Legal AI would give you hours back on document review, on drafting, on the assembly work that consumes your staff's week. But the tools that do it want your client's deposition, the medical file, the financial records, uploaded to their servers. RPC 1.6 protects all of that, and the prevailing standard asks you to make reasonable efforts to prevent its unauthorized disclosure. Handing a client file to a third party is a disclosure. So the careful firm, your firm, stays on the sidelines, and the cost of caution is real: time savings you can't responsibly take.

You do not actually have a confidentiality problem with AI. You have a problem with where cloud tools send your data. Those are different problems, and the second is solvable by architecture.

Why cloud legal AI is the part that worries you

The worry is well-founded, because once a client's documents leave your control, you inherit a stack of questions you can't fully answer:

  • Is my data training their model, or being read by a human reviewer?
  • How long is it kept, and where, exposed to whose breaches, subpoenas, and access requests?
  • What do the actual terms say, as opposed to the marketing page?
  • If they're breached, whose client confidences just leaked, and whose obligation is it to respond?

None of this makes cloud tools categorically improper. The reasonableness standard is fact-specific and stops short of a ban. The diligence is real, though, and it lands on you, which is exactly why "just try the free tool" never sat right.

What running it in your office changes

Running it in your office means the software runs on hardware your firm owns, on your network, away from a vendor's cloud. That flips the default from "everything leaves by design" to "nothing leaves unless you decide it does." In practice, it gives you the time savings while shrinking the confidentiality surface:

  • The raw files stay in your office. The high-volume work (organizing, OCR, stamping, redaction, assembly) runs on the appliance, on documents that never leave it.
  • The AI is built to run on the box too. DilloLex is built so the drafting and analysis models run on the appliance itself, so no client or confidential content is sent to any outside AI service. There is no minimized extract going anywhere, because nothing goes to an outside model at all.
  • You own it all. The hardware, the data, and the AI that runs on it are in your firm's name and under your control. There is no separate AI account to manage.
  • The honest scope. The appliance still connects to your own cloud storage and the tools you choose, so it stays networked to those paths. The scope is specific: no outside AI service is in the loop.

You get the hours back without making the trade RPC 1.6 wouldn't let you make.

The honest part: it reduces risk, it doesn't erase the duty

We would rather tell you the truth than sell you a slogan, because the truth is what lets you sleep once you deploy:

  • The duty stays with you. No architecture discharges RPC 1.6. Keeping the AI on the box keeps client content out of outside AI services; the judgment about what's reasonable for a given matter remains yours.
  • Running on the box reduces risk while the box stays networked. Running the model locally means no client or confidential content goes to an outside AI service. It does not make the box isolated from the internet or offline: the appliance still reaches your own cloud storage and the tools you connect, and those paths carry their own diligence.
  • The AI runs on the box. DilloLex's drafting and analysis run on the appliance your firm owns, not on an outside service. We document the exact data flow with you before go-live.

National guidance has started mapping this terrain. ABA Formal Opinion 512 (2024) addresses generative AI; Opinions 477R and 483 cover securing electronic information and responding to breaches. All three are persuasive in Nevada and stop short of binding authority, yet they describe the diligence a careful firm is expected to have done. A tool that runs on hardware you own makes that diligence tractable instead of theoretical.

Questions to ask any legal AI vendor

Cloud or on hardware you own, these questions separate a confidentiality-safe choice from a leap of faith. Before a client file touches any product, get plain answers:

  • Where, physically and logically, does my client's data go when I use this?
  • Is my data, or anything derived from it, used to train or improve a model?
  • Is it retained, for how long, and can I delete it on demand?
  • Can a human at the vendor read it, and under what circumstances?
  • What do the actual contract terms say, versus the marketing page?
  • Can I run sensitive matters with less data leaving, or none at all?
  • Whose hardware runs the AI, mine or the vendor's, and is any outside AI service in the path at all?

A vendor who answers these plainly is one you can evaluate. One who won't has answered the most important question already.

How DilloLex is built for this

DilloLex is the answer that runs in your own office: an appliance your firm owns that keeps your raw documents and the identities in them on your network, designed so the AI reasoning runs on the box itself, with no client or confidential content ever sent to any outside AI service. We document the exact data flow with your firm, in writing, before you go live, and we'll walk your team (and your malpractice carrier) through it, residual risk included. We're honest about what this changes and what it doesn't: running the AI on the box does not by itself discharge your RPC 1.6 duty. That candor is the point. It's how a careful firm finally gets the time back without compromising the duty that made it careful. See the security page for the architecture, or talk to us directly.

Common questions

Can Nevada lawyers use ChatGPT or cloud AI for client work?

There is no blanket ban, but RPC 1.6 protects all information relating to a representation, and the prevailing standard asks for reasonable efforts to prevent unauthorized disclosure. Sending client material to an outside service triggers a fact-specific analysis of the tool, its terms, and the sensitivity of the matter. Consult the State Bar of Nevada's current guidance.

What is ABA Formal Opinion 512?

It is the ABA's first formal ethics guidance on generative AI, issued July 29, 2024, addressing competence, confidentiality, client communication, candor, supervision, and fees. It is persuasive in Nevada and stops short of binding authority, yet it maps the duties a careful firm is expected to consider.

Does using AI require client consent?

It depends on the matter and the tool. For sufficiently sensitive information, the confidentiality and communication duties can call for discussing the tool with the client and obtaining informed consent. The analysis is fact-specific; confirm current Nevada authority.

Is AI that runs in your office more confidential than cloud AI?

Running it in your office keeps raw files on hardware your firm controls, which reduces the confidentiality surface. DilloLex goes further: it is designed so the AI reasoning runs on the appliance itself, so no client or confidential content is sent to any outside AI service at all. That does not discharge RPC 1.6, and the appliance is still networked to your own cloud storage and chosen tools, so it remains connected to the internet. It changes the default from "everything leaves" to "nothing goes to an outside AI."

What should I ask a legal AI vendor before using it?

Where the data goes, whether it trains a model, how long it is retained, whether a human can read it, what the actual contract terms say, whether any outside AI service is in the path at all, and whose hardware runs the AI.

A note on accuracy

This guide is general information for Nevada legal professionals. It is not legal advice, it is not an ethics opinion, and it does not create an attorney-client relationship. The application of RPC 1.6 and the related duties to any specific tool or matter is fact-specific and belongs to the supervising lawyer. The Rules of Professional Conduct and the relevant ethics guidance are revised over time; confirm the current text of the Nevada Rules of Professional Conduct and consult the State Bar of Nevada's current guidance before relying on anything described here.

Talk through your confidentiality requirements