Q: Who has access to my firms external storage once connected?
LawY provides two main ways to use the platform:
Research: conducting legal research using external legal databases and resources.
Internal matter analysis: analysing files stored within your connected external storage (from cloud storage providers).
Internal Matter Analysis & storage access
Once you connect your external storage to LawY, access to your file content is rare, limited to a small number of authorised personnel, and governed by strict policy and technical controls
When may staff access file content?
Very limited staff may need to access file content only in specific circumstances:
When legally required.
When necessary to ensure systems and features work as designed (such as debugging, search relevance, or feature development).
To enforce our Terms of Service and Acceptable Use policies.
What controls are in place?
Multiple controls prevent arbitrary access, including:
Restricted production access.
Recorded approvals and justifications for certain types of access.
Limiting file storage environments to a small number of engineers responsible for core services.
These access policies are similar to those employed by major cloud storage providers and represent industry-standard practices.
For more detailed information about our infrastructure provider's security practices, visit the Corto Trust Centre:
Research Features
For information about how LawY handles data in Research, visit our Trust Centre:
What data do we access from your connected storage?
When you connect external storage to LawY, we do not access client details for legal research purposes. We only access matter names and practice area information to ensure research is appropriately targeted.
How are LLMs used and is my data protected?
LawY utilises large language models (LLMs) through corporate arrangements with providers such as OpenAI and Google Gemini. User prompts are sent in real time to the LLM via closed-loop, secure transmission, and responses are returned without being logged or reused for model training.
Key data protection commitments:
Zero Data Retention. (ZDR) our corporate accounts ensure that data submitted via the API is not used for training or fine-tuning, and we have Zero Data Retention policies in place with the foundation models we use.
Transactional processing only. data is processed transactionally and not retained after processing, preserving privacy and preventing data leakage. We do not automatically pull data from users or third-party systems.
Low risk profile our closed-loop model and absence of background data harvesting maintains a low risk profile.
User control users have complete control over what information is shared. When users add conversation or matter details, this data is scrubbed of any personally identifiable information (PII), with appropriate placeholders used. Users have full editing capabilities across all details.
Double-masked verification our verification service uses a double-masked system where verifiers cannot see user identity and users cannot see verifier identity. Verifications are only undertaken by qualified lawyers bound by professional duties of confidentiality.
Internal AI governance LawY operates under internal guidelines governing AI usage and data privacy.
Q: How to add staff members when your firm has separate CSP accounts
It's common for staff in the same firm to have separate Cloud Storage Provider (CSP) accounts. In most cases though, there's still a shared root folder structure controlled by IT or a managing partner and if your team shares an email domain, that structure almost certainly exists.
There are two ways to get everyone set up in LawY.
Option 1: Quick and simple
The first user to sign up invites all other staff members to LawY. Each staff member then shares their relevant matter folders with that first user via their CSP. That first user can then connect those folders to LawY either manually or automatically.
Option 2: Cleaner for larger teams
A user invites an admin or IT account that has access to the firm's root files. That admin then either selects which existing matter folders to add to LawY, or all staff share their relevant matter folders directly with the admin account. As new matters are added, staff share them with the admin account and LawY automatically detects and ingests them.
Q: What AI model does Matter AI use?
Matter AI currently runs on GPT-4.1. We are continuously evaluating the latest models from both Anthropic and OpenAI including reasoning and non-reasoning options. We plan to make model selection more transparent to users in an upcoming release.