Compliance disclosures.

JustineAI™ is operated by Eve-Legal, LLC, a Nevada-domiciled limited liability company and a wholly-owned subsidiary of MindHYVE.ai, Inc. (Nevada C-Corporation). The legal counterparty for the JustineAI™ product line is Eve-Legal, LLC. The corporate parent is MindHYVE.ai, Inc. Both are identified on every executed agreement.

Registered address. 1501 Quail Street, Suite 130, Newport Beach, CA 92660, USA.

The following claims are verified against code, against contracted Azure platform attestations, or both. They are safe for procurement review without further qualification.

• No customer data used for training. — Eve-Genesis (Law Edition) — the dataset that fine-tunes the legal reasoner inside Eve-Legal F5/reasoner — is 100% synthetic by construction. Your firm’s data stays in your tenant.
• Attorney-client privilege is preserved by design. — JustineAI™ is structured to operate under the supervision of the attorney of record. Outputs are work product. Audit logs record every reasoning step, decision, and revision.
• Deployed on Eve-Grid™ — Microsoft Azure. — JustineAI™ runs on Eve-Grid™, our proprietary cloud architecture on Microsoft Azure. The marketing site is hosted on Azure Static Web Apps; the PI application runs on Azure Container Apps, Functions, Cosmos DB, Storage, and Key Vault. ISO 27001, ISO 27018, SOC 1/2/3, PCI DSS, and HITRUST attestations are inherited at the platform layer from Microsoft Azure.
• Role-based access control on every action. — Every endpoint enforces authentication via Microsoft Entra ID and authorization via Azure RBAC. Multi-tenant isolation is enforced at the data, network, and identity layers. Access is auditable per user, per matter.
• Encryption at rest and in transit. — All matter data is encrypted at rest with Azure-managed keys (customer-managed keys available on enterprise plans). Transit uses TLS 1.2+ end-to-end. No data is stored outside the customer’s Azure region of record.
• Tamper-evident audit logs. — Every reasoning step, every output, every user action is logged to Azure Monitor with actor identity, timestamp, and action. Logs are retained for the agreed contractual period and exportable for litigation discovery and ethics audits.
• WCAG 2.1 AA conformance posture. — Every shipping surface targets WCAG 2.1 AA from day one. Accessibility is a launch criterion, not a roadmap item — keyboard navigation, screen-reader semantics, contrast ratios, focus indicators, and reduced-motion preferences are all built in.
• CCPA / CPRA aligned. — JustineAI™ collects only the data needed for legal practice management. California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) consumer rights — access, deletion, correction, portability, opt-out of sale — are supported in product.
• 50 states plus DC. — PI jurisdiction rules are hand-curated for every US state plus DC. Ten top-PI states carry curated case-law citation packs anchored to CourtListener — no hallucinated case law.
• A compositional fabric, not a stack. — Eve-Legal F5/reasoner is a five-model compositional fabric — Microsoft Phi-3 classifier, Microsoft Phi-4-derived SRM fine-tuned on Eve-Genesis (Law Edition), one to three frontier models, and Meta Llama 4 Scout for 10M-token long-context reasoning. Frontier models compose dynamically per request, never as a fixed ensemble.
• 10M-token single-context reasoning. — Meta Llama 4 Scout in the long-context slot reads the entire case file — every record, every deposition, every motion — in a single context. Patterns like full-case-file review and multi-deposition synthesis become one-shot queries.
• Supervisor over stage-specialized sub-agents. — JustineAI™ adds a portfolio-distinctive supervisor pattern: Justine coordinates stage-specialized sub-agents — intake, medical, valuation, strategy — across the case lifecycle. The sub-agents are not separately branded; Justine remains the sole named Digital Employee. This is the architectural foundation that makes Mass Tort, Class Action, and Mass Arbitration editions possible.
• Eve-Legal, LLC — operated transparently. — The product line is operated by Eve-Legal, LLC, a wholly-owned subsidiary of MindHYVE.ai, Inc. (Nevada C-Corp). Per-vertical LLCs are the MindHYVE portfolio pattern — your DPA, MSA, and BAA counterparty is the relevant operating entity, not the parent corporation.

JustineAI™ runs on Microsoft Azure. The Azure platform layer holds the following attestations, inherited as the substrate for every JustineAI™ service:

• ISO/IEC 27001 (Information Security Management).
• ISO/IEC 27018 (PII Protection in Public Clouds).
• SOC 1 Type II · SOC 2 Type II · SOC 3.
• PCI DSS.
• HITRUST CSF.
• FedRAMP High (for US-government Azure regions).

These cover the Azure infrastructure (compute, storage, network, identity). JustineAI™’s own product-level attestations are tracked separately. We do not claim Azure’s certifications as if they were our own — they are the platform floor.

The following are tracked but NOT YET surfaced as JustineAI™ commitments. They will move to GREEN once outside counsel and CISO have signed off on the wording.

• HIPAA covered-entity posture and BAA template.
• JustineAI™ product-level SOC 2 Type II attestation.
• Strong-form equalization marketing language (pending CEO sign-off for press use).
• Multi-state geographic posture finalization.
• Per-firm aggregate KPIs (currently framed as projections, not measured outcomes).

We use the following subprocessors under contract. Each is bound by a written agreement that requires data-protection commitments at least as protective as our agreement with you:

• Microsoft Azure — infrastructure (compute, storage, database, identity, monitoring).
• Microsoft 365 (Graph API) — email delivery for the marketing contact form; OneDrive / Outlook integration when authorized.
• Azure Communication Services — SMS for the Platform; email transport fallback for the marketing contact form.
• ElevenLabs — conversational AI phone intake, when authorized by the firm.
• CourtListener (Free Law Project) — public citation verification only; no matter content is transmitted, only the public citation string.
• Stripe / Square — billing and payments (PCI-compliant card processors).
• DocuSign — engagement-letter and consent-form e-signature, when used.
• Telnyx — telephony for outbound intake calls, when used.

Eve-Legal, LLC will enter into a Data Processing Agreement (DPA) with customers where required, including for residents of states with comprehensive consumer-privacy laws. The DPA includes processor obligations, security commitments, and breach-notification timelines aligned to applicable US state requirements. Contact legal@justineai.com to request the current template.

JustineAI™ is engineered to support attorneys in meeting their obligations under ABA Model Rules 1.1 (competence), 1.6 (confidential information), 3.3 (candor toward the tribunal), and 5.3 (supervision of nonlawyer assistants), as well as their state-bar equivalents. The product structures every reasoning step as attorney-attested work product. The attorney of record retains sole decision authority.

Customers are notified of security incidents affecting their data in accordance with applicable US state breach-notification laws. Notification timelines align to the most-protective applicable standard across the customer’s region. The JustineAI™ incident-response runbook is available under NDA for procurement review.

For compliance, procurement, and DPA inquiries: legal@justineai.com. For security incident reports: security@justineai.com.