Home / Privilege Isolation

RS-211 · Privilege-isolation attestation

Prove privileged data never reached the model.

RankShield Legal privilege isolation is a cryptographic attestation that privileged client material was withheld, redacted, tokenized, or kept on a local model — never transmitted to a third-party AI in retrievable form. Each attestation binds the interaction, the approved tool, the governing policy, and the client's informed consent into one independently verifiable record.

Why is zero data retention not enough?

Zero-retention contracts are a promise about what a vendor did with your data after it arrived. They presume the data reached the model, and they ask everyone to trust that the term was honored. An attestation inverts that: it proves privileged material never left the approved boundary in retrievable form. One is a representation; the other is evidence you can produce when a client, regulator, or opposing party asks.

What does the attestation bind?

What it proves — and what it does not

The attestation proves architecture and consent: that isolation functioned as designed and consent was captured, signed with post-quantum cryptography and sealed to a tamper-evident log anyone can verify. It does not — and cannot — guarantee a court will find privilege preserved or unwaived. Privilege is a legal conclusion; the attestation is the strongest evidence that reasonable, verifiable steps were taken. ABA Opinion 512 addresses the ethical confidentiality duty under Model Rule 1.6, which is distinct from evidentiary privilege — we keep that distinction explicit.

Frequently asked questions

What are the four isolation methods?

Withholding (privileged content is never sent), redaction (privileged passages are removed before transmission), tokenization (sensitive values are replaced with non-reversible tokens), and local-model processing (the material never leaves your controlled environment). The attestation records which method was used for each interaction, so the decision is auditable rather than taken on faith.

Does this prevent privilege waiver?

No, and no vendor can honestly claim that. Waiver is a legal determination courts make case by case. What the attestation provides is independently verifiable evidence of the technical steps and the consent process — a record that privileged material was architecturally isolated — which supports your position without overstating what technology can promise.

Why are the attestations post-quantum signed?

Because privilege never expires. An attestation may need to remain verifiable for decades, and signatures based on RSA or ECDSA are scheduled for deprecation after 2030 under NIST's transition guidance. Signing with ML-DSA and SLH-DSA (NIST FIPS 204/205) means the proof survives the quantum transition — quantum-safe, not quantum-proof.

Promise less. Prove more.

If your firm handles privileged material in AI tools, replace representations with attestations. We are onboarding design-partner firms now.

Request early access