Trust & security

Built for the profession where confidentiality isn’t a feature — it’s a duty.

Most vendors treat compliance as a paragraph in the FAQ. For a legal intake system, it’s the product. Here is exactly how Sophura handles the rules your license depends on.

Confidentiality

The duty attaches at intake. So does our architecture.

Under ABA Model Rule 1.6, confidentiality begins the moment a prospective client shares information — before anyone signs anything. Our systems are built on that assumption from the first word of the first call.

  • All intake data encrypted in transit and at rest
  • Least-privilege access controls and full audit logs on every record
  • NDAs signed as a matter of course; BAAs wherever health information is involved
  • Documented data handling per firm: what is stored, where, and who can touch it
  • Conflict-check-ready records — the adverse party is captured on every call

No legal advice — by architecture

The agent captures and books. It never advises.

The unauthorized practice of law isn’t a line we tiptoe along — it’s a boundary we engineered out of reach. The agent gathers facts, schedules consultations, sends reminders, and routes. It does not evaluate cases, quote settlement values, or tell anyone what their rights are. Anything resembling a request for advice escalates to a human.

Every deployment carries the disclaimer, verbatim:

“I’m an AI assistant for the firm. I can’t give legal advice — an attorney will review your information.”
  • Fact-gathering and scheduling only; no case valuations, ever
  • Advice-shaped questions escalate to your attorneys with full context
  • Your firm’s lawyers are the decision-makers of record on every legal output
  • Constrained prompts and guardrails tested before every go-live

Disclosure & recording

Disclosure in the first sentence. Every call. Every deployment.

AI disclosure stopped being a courtesy in 2026 — it’s statute. California SB 243 gives consumers a private right of action against undisclosed bots. Utah SB 452 requires disclosure for generative AI in legal-services interactions, at the start. The EU AI Act’s transparency obligations apply from August 2026. We didn’t retrofit for these laws; disclosure-first is how Sophura was designed.

  • AI disclosure and recording disclosure in the opening sentence — never an optional toggle
  • Inbound-first design, so consent for the conversation is inherent to the call
  • Two-party-consent recording states handled as the default posture, not the exception
  • SMS opt-outs honored automatically; consent scope never silently expands into marketing
  • Statutes we design against: CA SB 243 · CA AB 489 · Utah SB 452 · TCPA · EU AI Act Art. 50

Your data

Your intake never trains anyone’s model.

We run AI providers on zero-data-retention and enterprise tiers: caller information is processed to run your intake and is not retained by the model provider or used for training. For firms with stricter requirements, we deploy self-hosted — your infrastructure, your keys, your perimeter.

  • Zero-data-retention AI tiers, verifiable in writing
  • Your firm owns its transcripts, recordings, and intake records outright
  • Self-hosted deployment available for data-sensitive firms
  • Data deleted on termination, with written confirmation

Business standing

A real company, insured and papered like one.

You’re routing privileged intake through a vendor — you should expect the vendor to hold itself to a law firm’s standard of paperwork.

  • US limited liability company (Sophura LLC)
  • Errors & omissions and cyber liability insurance
  • MSA + statement of work with clear scope, IP ownership, and data-processing terms
  • Liability posture stated plainly: the AI is assistive; humans decide
  • US banking and payments — no cross-border friction in the engagement

Bring your compliance counsel to the call — we’ll walk them through all of it, statute by statute. Offering to do that is usually the moment a nervous partner stops being nervous.

Nothing on this page is legal advice; it describes how our systems are designed. Your firm should confirm compliance specifics with its own licensed counsel — and we’ll gladly support that review.

The safe choice, provably.

Book the audit and put our compliance posture in front of your counsel. We built for that conversation.

  • US company
  • E&O + cyber insured
  • NDA / BAA on request
  • Zero-retention AI