An Issued Standard

Don't work with a vendor unless they have Clearance.

Every AI tool touching claimant data puts attorney-client privilege at risk. TT Clearance is the independent verification that makes vendors safe to work with — and flags the ones that are not.

Issued by Tort Terminal

Cleared for Legal Use

TTC

Verified

MMXXVI · No. I

§ I. The Problem

Law firms are adopting AI faster than they can evaluate it.

Privilege at risk

Client data routed through public AI endpoints is not protected by attorney-client privilege. It is discoverable. Subpoenable. Often stored indefinitely by the AI provider. Most firms using AI today do not know which of their vendors do this.

ii.

Vendor opacity

When a firm asks an AI vendor "is this private," the answer is almost always yes. The answer is almost always marketing. Verifying whether a vendor actually has zero-data-retention agreements and proper BAAs requires technical expertise most firms lack.

iii.

No accepted standard

SOC 2 certifies process. HIPAA certifies healthcare compliance. Neither speaks to the requirements of AI in a litigation context — privilege preservation, claimant PII handling, training data segregation, or audit trail integrity for privileged communications.

§ II. What We Verify

Six domains of verification.

Each domain assessed independently. A vendor is either Cleared in full or not cleared at all. Partial certifications undermine the standard — and undermine the firms that rely on it.

01 / DATA Data residency and retention Where data is stored, for how long, under what legal jurisdictions, and under what contractual terms with the underlying AI provider. Verified
02 / MODEL Model hosting architecture Whether queries route to public endpoints, private tenants, or zero-data-retention arrangements. Verified against vendor contracts, not vendor claims. Verified
03 / PII PII handling at boundaries How personally identifiable information is tokenized, scrubbed, or segregated before reaching any AI model. Tested against real claimant data patterns. Verified
04 / CHAIN Underlying provider agreements Whether the vendor holds direct ZDR or BAA agreements with Anthropic, OpenAI, or other providers. Subcontractor terms traced end to end. Verified
05 / ACCESS Audit and access controls Who at the vendor can access claimant data, under what conditions, with what logging, and with what breach notification obligations to the law firm. Verified
06 / LEGAL Privilege preservation Whether AI-generated outputs and conversation histories are structured to maintain attorney-client privilege under current legal standards. Verified

§ III. Methodology

Clearance is not a survey.

Infrastructure review

Direct examination of the vendor's production architecture. Code review where necessary. Contract review of every agreement with underlying AI providers and subprocessors.

ii.

Data flow audit

Trace a claimant record from intake through every system that touches it. Map every transmission, storage, or processing point to its corresponding legal or contractual protection.

iii.

Penetration test

Attempt to extract claimant data through adversarial prompts, context overflow, and boundary testing. Document every path that exposes data. Require remediation before Clearance.

iv.

Legal review

Independent counsel reviews whether the documented architecture preserves attorney-client privilege under applicable jurisdictions. The only step where the standard is legal, not technical.

Issuance

Cleared vendors receive a dated, verifiable Clearance published in the TT Clearance registry. Annual recertification required. Material architecture changes trigger immediate review.

TTC

A seal. Not a badge.

When a law firm sees TT Clearance next to a vendor's name, it means independent verification — not marketing, not self-certification, not a trust-me affidavit. A seal, earned through rigorous audit and renewed annually.

Request Verification