Confidentiality by design

Your client files never leave for an outside AI.

Most legal AI tools ship your client files to a vendor's cloud. DilloLex runs differently: the document pipeline runs on an appliance in your office, and no client or confidential content is ever sent to any outside AI service. The pipeline is live now, running real Nevada matters. The appliance delivers the AI to your office, and we document the exact data flow with you before go-live.

Stays on your network

The appliance accepts no inbound connections from the internet. The disk is encrypted at rest, so a lost or stolen unit reveals nothing. Raw documents are processed locally.

The AI is on the box

The whole pipeline, including drafting and analysis, runs on the appliance itself. No outside AI service is in the loop.

No outside AI account

Because the model runs on the box, there is no API key, no per-token bill, and no outside AI vendor in your data path. The reasoning lives on hardware your firm owns.

Where the reasoning happens

The AI is built for the box. No outside service is in the design.

The point of an appliance in your office is simple: the model that reads, drafts, and analyzes runs on the hardware in your office. By design, no client or confidential content is ever sent to any outside AI service.

Documents

Local pipeline

OCR, organizing, Bates stamping, redaction detection, and assembly already run on our document engine today, on real Nevada matters.

Reasoning

AI on the appliance

The drafting and analysis models run on the appliance itself. No outside AI service is in the loop.

Accounts

No outside AI key

By design, there is no API key, no per-token meter, and no outside AI bill. The reasoning is on hardware your firm owns.

Honest limit

Still networked

The box still reaches your own cloud storage and the tools you connect. The scope is specific: no outside AI. The box stays connected to your own network.

The local document pipeline runs on our engine today. Running the AI on the appliance reduces the confidentiality surface but does not by itself discharge your RPC 1.6 duty.

Under the hood

The appliance is hardened by default.

No inbound access

The firewall denies all inbound traffic from the internet. There is no public endpoint and no remote login exposed to the outside. See how the pipeline works →

Encrypted at rest

Full-disk encryption keyed to the appliance's secure hardware, so the drive is useless if the unit is removed from your office.

Automatic security updates

The operating system is kept patched automatically on a long term support track, so the appliance stays current without a visit.

Local network only

Your staff reach the appliance over your office network. It can be placed on its own isolated network segment for client data. See how the pipeline works →

Backed up & recoverable

Your matter data is backed up to the cloud storage you already control; a replacement appliance can be rebuilt and restored from your own backup if hardware fails.

You own everything

The hardware, the data on it, and the AI that runs on it are all yours, in your firm's name. There is no outside AI account, and no data is held hostage.

Your ethical duty

Built around RPC 1.6 from the start.

Nevada Rule of Professional Conduct 1.6 protects all information relating to a representation, and the prevailing standard asks lawyers to make reasonable efforts to prevent its unauthorized disclosure. Most legal AI tools work against that duty by default: they ship your client's documents to a vendor's cloud to do anything at all. DilloLex is built the other way. The raw files, the identities in them, and the AI reasoning itself stay on the appliance in your office, so by design no client or confidential content reaches an outside model at all. That does not discharge your duty (no architecture can, and the appliance still connects to the storage and tools you choose), but it changes the default from "everything leaves" to "nothing goes to an outside AI," which is the posture the reasonableness analysis rewards. We document the exact data flow with you before go-live.

Questions worth asking any legal AI vendor

Whether a tool is cloud-based or runs in your office, the same questions separate a confidentiality-safe choice from a leap of faith. Before a client file touches any product, get plain answers to these:

  • Where does my client's data physically go when I use this?
  • Is my data, or anything derived from it, used to train or improve a model?
  • Is it retained, for how long, and can I delete it on demand?
  • Can a human at the vendor read it, and under what circumstances?
  • What do the actual contract terms say, as opposed to the marketing page?
  • Whose hardware runs the AI, mine or the vendor's, and is any outside AI service in the path at all?

We answer all of these in writing before you go live, and we walk through exactly where your data goes. DilloLex is designed so the AI runs on the appliance you own, with no outside AI service in the loop. For the full analysis, see our guide to on premises vs. cloud legal AI under RPC 1.6.

These are not abstract commitments. DilloLex is co-owned by a Nevada- and Washington-licensed attorney bound by the same Rule 1.6, who designed the confidentiality model for active practice first.

Want this in writing for your malpractice carrier?

Book a demo and we will walk the data flow
Vendor access & backups

Once it's set up, the box is yours.

A fair question for any vendor with software in your data path is what they can access, and where your data goes when it is backed up. The answers bear directly on your RPC 5.3 duty to supervise non-lawyer assistants. Ours are deliberately narrow.

  • No standing remote access. We install and configure the appliance, hand it over, and we are done. DilloLex does not keep a standing connection into your box or hold credentials to it. It runs on your network whether or not we exist.
  • Backups go to storage you already control. The appliance runs scheduled backups to the cloud storage your firm already uses (OneDrive, Google Drive, or Dropbox), under your own account and encryption. Your backups live in your own storage; you own the service and the keys.
  • Security updates run on the box itself. The appliance applies its own operating-system security updates locally. It stays current without needing to reach us.

This is the posture the reasonableness analysis rewards: there is no non-lawyer vendor sitting inside your client files between matters, because after setup there is no standing vendor connection at all.

Straight talk

What this is, and what it isn't.

The truth first. No slogans.

What DilloLex does

  • Keeps your raw documents and the identities in them on the appliance in your office.
  • Runs the AI reasoning on the appliance itself, so no client or confidential content is sent to an outside AI service.
  • Documents the exact data flow with you, in writing, before you go live.

What DilloLex does not do

  • It does not change your professional duty to protect client confidences. The tool helps you keep client content out of outside AI services; the ethical obligation remains yours.
  • The box is NOT isolated from the internet. The appliance still reaches your own cloud storage and the tools you connect, so it is networked. The scope is specific: no client or confidential content goes to any outside AI service. The box still reaches the internet for your own storage and tools.
  • It is not a cloud service. The appliance is how DilloLex is delivered: the AI runs locally in your office, on hardware your firm owns. We walk each firm through the exact data flow before go-live.

If client confidentiality is why you have held off on legal AI, this is the architecture built for you. We'll walk your firm and, if you like, your malpractice carrier through exactly how it works.

Walk us through your requirements.

We'll document the exact data flow and answer anything your firm or malpractice carrier needs before you commit to anything.

Book a demo