The posture, in plain language.
This page documents JustineAI™’s data, security, and accessibility posture as it stands today. We list only what we can verify against code or against the Microsoft Azure platform attestations we inherit. HIPAA, BAA, SOC 2, and additional product-level attestations are tracked separately under outside counsel and CISO review; they’ll surface here once finalized.
The verified posture, plainly stated.
- Data discipline
No customer data used for training.
Eve-Genesis (Law Edition) — the dataset that fine-tunes the legal reasoner inside Eve-Legal F5/reasoner — is 100% synthetic by construction. Your firm’s data stays in your tenant.
Reference: CANONICAL-LATTICE.md §Eve-Genesis (Law Edition)
- Privilege posture
Attorney-client privilege is preserved by design.
JustineAI™ is structured to operate under the supervision of the attorney of record. Outputs are work product. Audit logs record the actions taken — actor, timestamp, and matter reference — and document revisions.
Reference: MARKETING-CLAIMS-BOOK.md GREEN row
- Cloud foundation
Deployed on Eve-Grid™ — Microsoft Azure.
JustineAI™ runs on Eve-Grid™, our proprietary cloud architecture on Microsoft Azure. The marketing site is hosted on Azure Static Web Apps; the PI application runs on Azure Container Apps with PostgreSQL, Blob Storage, and Key Vault. ISO 27001, ISO 27018, SOC 1/2/3, PCI DSS, and HITRUST attestations are inherited at the platform layer from Microsoft Azure.
Reference: MARKETING-CLAIMS-BOOK.md GREEN row · docs/ARCHITECTURE.md §4
- Access control
Role-based access control on every action.
Every endpoint enforces token-based authentication and role-based, matter-scoped authorization. Multi-tenant isolation is enforced at the data layer via database row-level security. Access is auditable per user, per matter.
- Encryption
Encryption at rest and in transit.
All matter data is encrypted at rest with Azure-managed keys; customer-managed keys are on the enterprise roadmap. Transit uses TLS 1.2+ end-to-end. Primary matter data is stored in the customer’s Azure region of record; encrypted backups may replicate to the Azure paired US region for disaster recovery.
- Audit trail
Audit logging of every action.
User actions are written to a structured tenant audit log with actor identity, timestamp, and action type — then signed and moved to long-term storage after 90 days. Logs record actions, not matter content, and are retained for the agreed contractual period and exportable (JSON) for litigation discovery and ethics audits.
- Accessibility
WCAG 2.1 AA conformance posture.
Every shipping surface targets WCAG 2.1 AA from day one. Accessibility is a launch criterion, not a roadmap item — keyboard navigation, screen-reader semantics, contrast ratios, focus indicators, and reduced-motion preferences are all built in.
- Privacy law
CCPA / CPRA aligned.
JustineAI™ collects only the data needed for legal practice management. We support California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) consumer rights — access, deletion, correction, and portability — with in-product tooling a firm uses to fulfil its clients’ requests: a data-subject locator, export, anonymization, correction, and a request ledger, all subject to legal-hold and statutory-retention limits. We do not sell personal information, so no opt-out of sale is required.
- Jurisdiction
50 states plus DC.
PI jurisdiction rules are hand-curated for every US state plus DC. Ten top-PI states carry curated case-law citation packs anchored to CourtListener — no hallucinated case law.
Reference: shared/config/state-pi-rules.ts
- Architecture
A compositional fabric, not a stack.
Eve-Legal F5/reasoner is a five-model compositional fabric — Microsoft Phi-3 classifier, Microsoft Phi-4-derived SRM fine-tuned on Eve-Genesis (Law Edition), one to three frontier models, and a 10M-token long-context model for long-context reasoning. Frontier models compose dynamically per request, never as a fixed ensemble.
Reference: docs/ARCHITECTURE.md §3
- The moat
10M-token single-context reasoning.
The long-context model in the long-context slot reads the entire case file — every record, every deposition, every motion — in a single context. Patterns like full-case-file review and multi-deposition synthesis become one-shot queries.
Reference: docs/ARCHITECTURE.md §3
- Distinct architecture
Supervisor over stage-specialized sub-agents.
JustineAI™ adds a portfolio-distinctive supervisor pattern: Justine coordinates stage-specialized sub-agents — intake, medical, valuation, strategy — across the case lifecycle. The sub-agents are not separately branded; Justine remains the sole named Digital Employee. This is the architectural foundation that makes Mass Tort, Class Action, and Mass Arbitration editions possible.
Reference: CANONICAL-LATTICE.md §Compound reasoning model
- Operating entity
Eve-Legal, LLC — operated transparently.
The product line is operated by Eve-Legal, LLC, a wholly-owned subsidiary of MindHYVE.ai, Inc. (Nevada C-Corp). Per-vertical LLCs are the MindHYVE portfolio pattern — your DPA, MSA, and BAA counterparty is the relevant operating entity, not the parent corporation.
Reference: docs/CANONICAL-LATTICE.md §Corporate structure
Inherited at the platform layer.
JustineAI™ runs on Microsoft Azure. The Azure platform layer holds the following attestations, which are inherited as the substrate for every JustineAI™ service:
- ISO/IEC 27001 — Information Security Management
- ISO/IEC 27018 — Protection of Personally Identifiable Information in Public Clouds
- SOC 1 Type II · SOC 2 Type II · SOC 3 — Service Organization Controls
- PCI DSS — Payment Card Industry Data Security Standard
- HITRUST CSF — Common Security Framework (US healthcare data)
- FedRAMP High — for US-government Azure regions
These attestations cover the underlying Azure infrastructure (compute, storage, network, identity). JustineAI™’s own product-level attestations are tracked separately. We don’t claim Azure’s certifications as if they were our own —they’re the floor, not the ceiling.
Three layers. Named precisely.
Security responsibility sits in three distinct layers. Azure’s SOC 2 covers Azure; JustineAI’s own product-level SOC 2 Type II covers the JustineAI™ production system; the firm owns its in-firm controls. We’re explicit about which is which — conflating them is how vendors overstate.
- Layer 1 — Platform · Microsoft
The Azure platform.
Data-center physical security, hypervisor, and Microsoft’s own attestations (ISO 27001/27018, SOC 1/2/3, PCI DSS, HITRUST) for Azure services. Inherited at the infrastructure layer only.
- Layer 2 — Product · Eve-Legal, LLC
The JustineAI™ product.
The JustineAI™ application, its controls, people, and processes — tenant isolation, matter-scoped access, encryption, audit logging, retention, deletion, and AI governance. This is the subject of our own SOC 2 Type II examination — our attestation, not Azure’s.
- Layer 3 — Customer · The firm
Your in-firm controls.
User provisioning, matter uploads, internal permissions, attorney review of AI output, and export/retention practices within the firm.
SOC 2 Type II — examination in progress.
JustineAI™ is undergoing an independent SOC 2 Type II examination covering the production environment, security operations, confidentiality and access controls, change management, incident response, vendor management, and customer-data handling.
On completion, the report will be available to qualified customers under NDA. HIPAA / BAA posture is tracked under counsel where medical records are central to the workflow. Until the report issues, Azure’s platform attestations are the inherited floor — not a substitute for our own.
What we do with your firm’s data.
We process it to deliver the service. Matter data — intake records, medical records, correspondence, demand letters — is processed inside the customer’s tenant to generate the work product the firm requests. That’s the contract.
We do not train on it. Eve-Genesis (Law Edition) — the dataset that fine-tunes the Phi-4 legal reasoner — is 100% synthetic by construction. Your firm’s matter data is never used to train any model, foundation or fine-tuned, ours or anyone else’s.
We do not share it. Matter data does not leave the customer’s tenant except through workflows the firm explicitly authorizes (e.g., a CourtListener citation verification call uses only the public-citation string, not matter content). Frontier-model inference happens with provider terms that prohibit the provider from retaining or training on the inference content.
We log access to it. Every user action — logged to a structured, typed audit trail (actions, not matter content), exportable on request, retained for the contractual period.
We delete it on request. CCPA / CPRA / state-law deletion requests are honored within the contractual response window. Tenant deletion is final, with a deletion attestation; the audit trail is preserved for the contracted period.
Bias is an architecture problem. So we made it one you can audit.
You cannot train bias out of a model; you can only separate the reasoning from the knowledge from the jurisdiction, so the bias becomes something you can read, audit, and govern.
In a single model trained on a single corpus, three things are fused that should never be: how the system reasons, what it knows, and whose law governs. When all three live in the same weights, you cannot say where an unfair result entered. JustineAI keeps them apart.
The reasoning is trained on logic, not outcomes. The legal reasoner learns the modes of litigation — analogical, abductive, dialectical — from the structure of argument itself, never from a record of who tends to win. There is no demographic distribution to inherit, because there are no parties in the training set.
The knowledge is rented and bounded. Frontier models are consulted for narrow sub-questions — a citation, a holding — inside a fence the reasoner draws. They answer; they never frame the case. Whatever bias rides in their weights cannot set the terms, because it never sees the matter.
The jurisdiction is written down. The controlling law — the forum’s rule, the standard in force here and not there — is carried as a plain-language instruction, not baked into a model. Counsel can read it, argue with it, and change it for the next jurisdiction without retraining anything. The assumption is a sentence, not a secret.
We do not claim to have deleted bias from the world. We claim something a fused model cannot offer: when a result is wrong, you can point to the layer that produced it — reasoning, knowledge, or jurisdiction — and the attorney whose name signs the work can interrogate each one in the language of the law. Read the full argument →
Procurement-grade pages.
- Data handling
How matter data is processed. →
Processing, training discipline, sharing posture, access logging, deletion. The procurement-grade long-form companion to this page.
- Audit + monitoring
Seven layers of audit + monitoring. →
Action logging, structured audit-event taxonomy, case auditor, behavioral auditor, compliance alerts engine, retention policies, archival job. The procurement-grade unpacking of the audit-log claim.
- Subprocessors
The current subprocessor list. →
Each subprocessor, the service it provides, the data category it processes, the region, and its materiality (core, conditional, optional).
- Security FAQ
Procurement-grade Q&A. →
Identity, encryption, tenant isolation, networking, incident response, attestation posture — answered the way we’d answer them on a call.
- DPA template
The Data Processing Agreement. →
Summary of the DPA Eve-Legal, LLC executes with customers. Includes the contracting counterparty, breach notification windows, subprocessor notification mechanism.
- Incident response
The structured response posture. →
Classification, notification windows, customer obligations, runbook scope. Full runbook available under NDA for procurement review.
- Security whitepaper
The full security posture. →
Architecture, access, encryption, AI governance, audit, retention, incident response, and the three-layer compliance model — verified against the running product. Request the SOC 2 report under NDA.
- Retention & deletion
Retained, held, deleted on request. →
Retention periods, soft-delete, legal hold, right to erasure, and CCPA / CPRA handling.
- AI & data use
How AI uses your data. →
No training on customer data, in-tenant inference, citation grounding, human-in-the-loop, and auditability.
- Vulnerability disclosure
Report a vulnerability. →
How to report a security issue, our safe-harbor commitment, scope, and what to expect. Coordinated disclosure.
See JustineAI™ in your practice.
For PI principals, managing partners, and litigation operators evaluating reasoning-grade AI for their firm. Self-serve trial available for solo and small practices; sales-assisted for mid-size and enterprise.