Skip to main content

We have rebranded from Iqidis — meet Irys. A new identity for the future of legal work.

Irys
Security

Zero Data Retention

Definition

Zero data retention is a security policy in which an AI platform does not store user queries, uploaded documents, or generated outputs on its servers after processing is complete. For law firms, this policy ensures that confidential client information is not retained in third-party systems where it could be exposed through data breaches or used to train AI models.

When lawyers use AI tools, they inevitably share confidential information: client facts, legal strategies, draft documents, and privileged communications. If the AI platform retains this data, it creates a risk vector. Retained data could be exposed in a breach, subpoenaed in litigation against the platform provider, or, in the worst case, used to train models that might surface one client's information in responses to another user.

Zero data retention policies address these risks by ensuring that data exists on the platform's servers only for the duration of processing. Once the AI generates its response, all input data and output data are purged. No copies are retained for training, analytics, or any other purpose. This is distinct from data encryption, which protects data in storage but still involves retention.

For lawyers, zero data retention is particularly important because of attorney-client privilege obligations. If confidential client information is stored on a third-party server, it may be argued that the privilege has been waived by disclosure to a third party. While the law on this point is still developing, zero data retention eliminates the issue entirely: data that is not retained cannot be disclosed.

How Irys approaches this

Irys enforces zero data retention on all AI model interactions, ensuring that client queries and documents are never stored on model provider servers or used for training.

Related terms

Security

Attorney-Client Privilege and AI

Attorney-client privilege protects confidential communications between a lawyer and client made for the purpose of seeking or providing legal advice. When lawyers use AI tools, privilege concerns arise because sharing privileged information with a third-party technology provider could be construed as a waiver of the privilege if adequate confidentiality protections are not in place.

Security

Tenant Isolation

Tenant isolation is a security architecture in which each customer's data is logically or physically separated from every other customer's data within a multi-tenant platform. In legal AI, tenant isolation ensures that one firm's confidential information, work product, and AI interactions are completely inaccessible to other firms using the same platform.

Security

SOC 2 for Legal AI

SOC 2 (System and Organization Controls 2) is an auditing framework developed by the AICPA that evaluates a service provider's controls for security, availability, processing integrity, confidentiality, and privacy. For legal AI platforms, SOC 2 compliance demonstrates that the vendor has implemented and maintained the security controls necessary to protect sensitive legal data.

Security

End-to-End Encryption in Legal

End-to-end encryption is a security method in which data is encrypted on the sender's device and can only be decrypted by the intended recipient, remaining encrypted throughout transmission and storage. In legal AI, end-to-end encryption protects confidential client data, privileged communications, and work product at every stage of processing.

Back to glossary

See Zero Data Retention in action

Irys One brings research, drafting, and document intelligence together in one platform. Try it free for 14 days.

Try Irys free