The SIFT AI Tools Suite is designed for the confidentiality requirements of forensic engineering and litigation workflows, including attorney–client privilege, expert work product, and controlled access for discovery.
The platform is built on enterprise cloud providers for compute, storage, authentication, and AI APIs. Provider certifications cover the underlying infrastructure; platform controls cover configuration, access enforcement, and data lifecycle management.
The platform uses a hub-and-spoke architecture designed to enforce firm boundaries at the cloud infrastructure level, not only in application logic.
Files are organized using case identifiers and scoped storage paths to prevent mixing between cases. Closing a case triggers a scoped deletion workflow.
Case access is enforced through case access mappings (row-level controls), independent of UI behavior.
Access is defined by firm membership, case assignment, and role permissions. Users cannot self-assign elevated roles.
Requests are validated against firm membership, assigned cases, and role permissions. Storage access is mediated by application services running under least-privilege service accounts.
Encryption is enforced for transport and storage. Optional key management models are available when required by your governance or regulatory environment.
For local uploads, optional client-side encryption can be applied using rclone crypt. Files are encrypted on the client before transmission. Encryption keys can be managed by the platform on your behalf.
A dedicated key management project and key ring can be used to isolate encryption administration and apply additional governance controls.
AI providers are integrated via enterprise APIs. Retrieved case content is passed as transient input for a request. Non-data retention policies are enabled where supported.
Identity is managed by Firebase Authentication. Backend services verify signed ID tokens and establish application sessions using secure, HTTP-only cookies.
Only firm admins and case admins can upload or import data. Transfers are executed over TLS and land directly in case-scoped storage paths.
Data residency is configured per firm through region selection and data boundary controls.
Backups are designed for cross-cloud resilience. Backup access is restricted to platform administrators with break-glass recovery roles.
Data lifecycle policies are aligned to case and firm boundaries. Deletion and retention exceptions are handled through documented approval workflows.
Pinecone is used for active retrieval. Long-term retention occurs in Google Cloud Storage. If retrieval is needed in the future, vector embeddings can be regenerated from retained source data.
System prompts are treated as security assets. They are versioned, access-controlled, and separated from source code and deployment artifacts.
Logging is minimized to reduce exposure. Production logs focus on operational metadata needed for reliability and security monitoring.
Common due-diligence questions, with direct answers.
No. The platform integrates with LLM providers via enterprise-grade API keys configured with non-data retention. Retrieved case context is passed as transient input for a request. Providers are not permitted to use this data for model training under these terms.
No. Access is enforced at multiple layers: Firebase Authentication at the identity layer, application authorization checks scoped by firm/case/role, Cloud SQL row-level access control for case scoping, and Google Cloud IAM permissions for storage access.
By default, no. The Query Tool’s chat history is disabled by default. The Mock Deposition Tool session context exists only in browser memory and is cleared on refresh. Server-side conversation history is not persisted unless explicitly enabled.
Data residency is configurable through Google Cloud region selection. Regional and regulatory data boundary configurations are supported when required (e.g., US-only residency, CJIS, FedRAMP, HIPAA, ITAR), subject to availability and agreed deployment configuration.
Case closure triggers deletion workflows for case data, derived artifacts, tool interaction history, and the case-specific Pinecone vector index. Firm off-boarding decommissions the firm’s dedicated cloud project and associated resources. Pre-deletion export and optional archival retention are available by request.
Yes. For long-term retention, Google Cloud Storage object retention policies and retention locks can be configured, including WORM-style controls and governance/compliance modes, depending on your retention requirements.
Prompts are stored as versioned, encrypted JSON in Google Cloud Secret Manager. They are not stored in source code repositories, and not embedded in container images or static assets. Access is restricted to service accounts under least-privilege IAM policies, with audit logging for secret access.