The posture, in plain language.
This page documents JustineAI™’s data, security, and accessibility posture as it stands today. We list only what we can verify against code or against the Microsoft Azure platform attestations we inherit. HIPAA, BAA, SOC 2, and additional product-level attestations are tracked separately under outside counsel and CISO review; they’ll surface here once finalized.
The verified posture, plainly stated.
- Data discipline
No customer data used for training.
Eve-Genesis (Law Edition) — the dataset that fine-tunes the legal reasoner inside Eve-Legal F5/reasoner — is 100% synthetic by construction. Your firm’s data stays in your tenant.
Reference: CANONICAL-LATTICE.md §Eve-Genesis (Law Edition)
- Privilege posture
Attorney-client privilege is preserved by design.
JustineAI™ is structured to operate under the supervision of the attorney of record. Outputs are work product. Audit logs record every reasoning step, decision, and revision.
Reference: MARKETING-CLAIMS-BOOK.md GREEN row
- Cloud foundation
Deployed on Eve-Grid™ — Microsoft Azure.
JustineAI™ runs on Eve-Grid™, our proprietary cloud architecture on Microsoft Azure. The marketing site is hosted on Azure Static Web Apps; the PI application runs on Azure Container Apps, Functions, Cosmos DB, Storage, and Key Vault. ISO 27001, ISO 27018, SOC 1/2/3, PCI DSS, and HITRUST attestations are inherited at the platform layer from Microsoft Azure.
Reference: MARKETING-CLAIMS-BOOK.md GREEN row · docs/ARCHITECTURE.md §4
- Access control
Role-based access control on every action.
Every endpoint enforces authentication via Microsoft Entra ID and authorization via Azure RBAC. Multi-tenant isolation is enforced at the data, network, and identity layers. Access is auditable per user, per matter.
- Encryption
Encryption at rest and in transit.
All matter data is encrypted at rest with Azure-managed keys (customer-managed keys available on enterprise plans). Transit uses TLS 1.2+ end-to-end. No data is stored outside the customer’s Azure region of record.
- Audit trail
Tamper-evident audit logs.
Every reasoning step, every output, every user action is logged to Azure Monitor with actor identity, timestamp, and action. Logs are retained for the agreed contractual period and exportable for litigation discovery and ethics audits.
- Accessibility
WCAG 2.1 AA conformance posture.
Every shipping surface targets WCAG 2.1 AA from day one. Accessibility is a launch criterion, not a roadmap item — keyboard navigation, screen-reader semantics, contrast ratios, focus indicators, and reduced-motion preferences are all built in.
- Privacy law
CCPA / CPRA aligned.
JustineAI™ collects only the data needed for legal practice management. California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) consumer rights — access, deletion, correction, portability, opt-out of sale — are supported in product.
- Jurisdiction
50 states plus DC.
PI jurisdiction rules are hand-curated for every US state plus DC. Ten top-PI states carry curated case-law citation packs anchored to CourtListener — no hallucinated case law.
Reference: shared/config/state-pi-rules.ts
- Architecture
A compositional fabric, not a stack.
Eve-Legal F5/reasoner is a five-model compositional fabric — Microsoft Phi-3 classifier, Microsoft Phi-4-derived SRM fine-tuned on Eve-Genesis (Law Edition), one to three frontier models, and Meta Llama 4 Scout for 10M-token long-context reasoning. Frontier models compose dynamically per request, never as a fixed ensemble.
Reference: docs/ARCHITECTURE.md §3
- The moat
10M-token single-context reasoning.
Meta Llama 4 Scout in the long-context slot reads the entire case file — every record, every deposition, every motion — in a single context. Patterns like full-case-file review and multi-deposition synthesis become one-shot queries.
Reference: docs/ARCHITECTURE.md §3
- Distinct architecture
Supervisor over stage-specialized sub-agents.
JustineAI™ adds a portfolio-distinctive supervisor pattern: Justine coordinates stage-specialized sub-agents — intake, medical, valuation, strategy — across the case lifecycle. The sub-agents are not separately branded; Justine remains the sole named Digital Employee. This is the architectural foundation that makes Mass Tort, Class Action, and Mass Arbitration editions possible.
Reference: CANONICAL-LATTICE.md §Compound reasoning model
- Operating entity
Eve-Legal, LLC — operated transparently.
The product line is operated by Eve-Legal, LLC, a wholly-owned subsidiary of MindHYVE.ai, Inc. (Nevada C-Corp). Per-vertical LLCs are the MindHYVE portfolio pattern — your DPA, MSA, and BAA counterparty is the relevant operating entity, not the parent corporation.
Reference: docs/CANONICAL-LATTICE.md §Corporate structure
Inherited at the platform layer.
JustineAI™ runs on Microsoft Azure. The Azure platform layer holds the following attestations, which are inherited as the substrate for every JustineAI™ service:
- ISO/IEC 27001 — Information Security Management
- ISO/IEC 27018 — Protection of Personally Identifiable Information in Public Clouds
- SOC 1 Type II · SOC 2 Type II · SOC 3 — Service Organization Controls
- PCI DSS — Payment Card Industry Data Security Standard
- HITRUST CSF — Common Security Framework (US healthcare data)
- FedRAMP High — for US-government Azure regions
These attestations cover the underlying Azure infrastructure (compute, storage, network, identity). JustineAI™’s own product-level attestations are tracked separately. We don’t claim Azure’s certifications as if they were our own —they’re the floor, not the ceiling.
What we do with your firm’s data.
We process it to deliver the service. Matter data — intake records, medical records, correspondence, demand letters — is processed inside the customer’s tenant to generate the work product the firm requests. That’s the contract.
We do not train on it. Eve-Genesis (Law Edition) — the dataset that fine-tunes the Phi-4 legal reasoner — is 100% synthetic by construction. Your firm’s matter data is never used to train any model, foundation or fine-tuned, ours or anyone else’s.
We do not share it. Matter data does not leave the customer’s tenant except through workflows the firm explicitly authorizes (e.g., a CourtListener citation verification call uses only the public-citation string, not matter content). Frontier-model inference happens with provider terms that prohibit the provider from retaining or training on the inference content.
We log access to it. Every reasoning step, every output generated, every user action — logged in Azure Monitor, exportable on request, retained for the contractual period.
We delete it on request. CCPA / CPRA / state-law deletion requests are honored within the contractual response window. Tenant deletion is final and cryptographically verifiable.
Five procurement-grade pages.
- Data handling
How matter data is processed. →
Processing, training discipline, sharing posture, access logging, deletion. The procurement-grade long-form companion to this page.
- Audit + monitoring
Seven layers of audit + monitoring. →
Action logging, structured audit-event taxonomy, case auditor, behavioral auditor, compliance alerts engine, retention policies, archival job. The procurement-grade unpacking of the audit-log claim.
- Subprocessors
The current subprocessor list. →
Each subprocessor, the service it provides, the data category it processes, the region, and its materiality (core, conditional, optional).
- Security FAQ
Procurement-grade Q&A. →
Identity, encryption, tenant isolation, networking, incident response, attestation posture — answered the way we’d answer them on a call.
- DPA template
The Data Processing Agreement. →
Summary of the DPA Eve-Legal, LLC executes with customers. Includes the contracting counterparty, breach notification windows, subprocessor notification mechanism.
- Incident response
The structured response posture. →
Classification, notification windows, customer obligations, runbook scope. Full runbook available under NDA for procurement review.
See JustineAI™ in your practice.
For PI principals, managing partners, and litigation operators evaluating reasoning-grade AI for their firm. Self-serve trial available for solo and small practices; sales-assisted for mid-size and enterprise.