Our Commitment to Zero Data Retention
We designed Draftwise around a simple principle: your data should never be stored by any external model provider.
How Draftwise Enforces Zero Data Retention
We designed Draftwise around a simple principle: your data should never be stored by any external model provider. Law firms trust us with their most valuable asset—their institutional knowledge and work product. That means zero data retention can't be an aspiration or a best practice. It has to be a technical reality, built into every layer of the platform. Here's how we make that real.
Contractual Zero Data Retention with Every LLM Provider
Every LLM provider we work with is bound by explicit zero-data-retention agreements. Not just default API terms. We’ve committed to enterprise contracts that specify:
- Inputs and outputs are not stored beyond the immediate processing window
- Data is not used for model training or fine-tuning
- Prompt and response content is not logged
- Only minimal operational metadata, such as latency or error rates, may be retained
We negotiate these terms directly and verify compliance on an ongoing basis. Provider default retention windows are irrelevant to us because our agreements require zero retention from the start.
Multi-Provider Architecture with Enforcement at the Infrastructure Layer
We built Draftwise with abstraction layers that treat LLM providers as interchangeable execution components. Requests can be routed across providers based on performance, reliability, and compliance without changing application logic.
This matters for security. We are never locked into a single provider’s data handling practices. If a provider changes their policies or posture in a way that does not meet our standards, we can reroute immediately.
No Client Data Is Ever at Rest in External Systems
Here’s how Draftwise processes a document through an LLM: Content is extracted in our secure environment, transmitted over encrypted channels, processed in memory, and returned. At no point does client data persist on external provider systems. It exists only for the duration of the request.
Within Draftwise, firm data is encrypted at rest using AES-256 and encrypted in transit using TLS. We deploy in isolated environments, and firms retain control over access, auditing, and network restrictions.
Continuous Verification and Monitoring
Contracts are meaningless without enforcement. We treat verification as an ongoing engineering discipline.
Our team continuously monitors data flows and system behavior to ensure that zero data-retention commitments are honored. This includes automated testing, security logging, anomaly detection, and regular internal and third-party evaluations as part of our SOC 2 Type II and ISO 27001 programs.
Our Ongoing Commitment
Draftwise is SOC 2 Type II and ISO 27001 certified, ISO 42001 aligned, and GDPR compliant. We mirror firm DMS permissions and maintain strict control over access. You retain full ownership and control of your data at all times.
We do not share, disclose, or reuse firm data in any form, including trained intelligence or aggregates. Your precedent is your most valuable asset, and we treat it accordingly.
Draftwise is trusted by over half the Vault 10, dozens of Am Law 100 firms, and Fortune 500 organizations because we engineer for the highest bar. That trust is earned through disciplined engineering and a security posture that does not compromise.
