Built for attorneys who take privilege seriously

TwinCounsel is privilege-safe by design. Every agent sandboxed. Every fact cited. Every output auditable.

๐Ÿ”’

Read-only access

TwinCounsel only reads your emails. We never send messages, modify content, or take actions on your behalf. You remain in complete control.

๐Ÿ›๏ธ

US data centers

All data is stored and processed exclusively in US-based data centers operated by AWS. Your client information never leaves the country.

๐Ÿ›ก๏ธ

Privilege-Safe Architecture

Every agent runs in an isolated sandbox. SOC 2 Type II certification in progress. ISO 27001 certification in progress. Regular third-party security audits conducted. We will notify customers upon certification completion.

๐Ÿ”

Data Protection

AES-256 at rest, TLS 1.3 in transit. No training on your data. TwinCounsel maintains executed Zero Data Retention (ZDR) agreements with all upstream AI providers โ€” OpenAI, Google, and Anthropic. Your data is never retained beyond a single request.

How We Protect Your Data

Email access

  • Read-only OAuth access to Gmail/Google Workspace and Microsoft 365
  • We cannot send emails on your behalf
  • We cannot delete or modify your emails
  • Access can be revoked instantly from your email provider settings

Data handling

  • Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Processed and stored exclusively in US data centers
  • Regular third-party security audits
  • Automatic data deletion upon account cancellation
  • See our full sub-processor list, including ZDR status for all AI providers, at twincounsel.com/subprocessors

Employee access

  • No review of client content by design. TwinCounsel processes your email and matter data through automated AI pipelines โ€” no employee reads your client communications or documents in the ordinary course of operations.
  • Exception protocol: Employee access to matter content requires your explicit written consent, is scoped to the minimum data necessary, is logged with identity, timestamp, scope, and purpose, and triggers a written notification to you within five business days.
  • All employees individually bound by written confidentiality agreements consistent with attorney-client privilege protections. See Section 10.2 of the Terms of Service for the full contractual commitment.

Ethics & Compliance

We've consulted with legal ethics experts to ensure TwinCounsel can be used responsibly within professional conduct rules, including guidance from ABA Formal Opinion 512 on generative AI.

Attorney-client privilege: The attorney is the editor, not the author. TwinCounsel operates as an AI colleague under the attorney's supervision. Every output comes back for review with source citations. Information processed by TwinCounsel maintains its privileged status.

Duty of competence: Using AI appropriately can actually help attorneys meet their duty of competence by enabling more thorough case preparation and reducing the risk of missed deadlines. ABA Formal Opinion 512 affirms that lawyers must understand the capabilities and limitations of AI colleagues they use.

Duty of confidentiality: Our security measures are designed to protect client confidentiality to the same or higher standard as other legal technology. Per ABA Formal Opinion 512, we do not use your data to train AI models.

We recommend attorneys review their state bar's guidance on technology use and make informed decisions about AI in their practice.

Your Rights

Data portability

Export all your data at any time in standard formats.

Right to deletion

Request complete deletion of your data within 30 days.

Access control

Revoke our email access instantly through your email provider settings.

Transparency

Review our privacy policy and data practices anytime.

Security FAQ

Can your employees see my client emails?

No. Our systems process your emails automatically, but human employees do not have routine access to email content. The rare exceptions (debugging with explicit permission) are logged and audited.

What happens if TwinCounsel is breached?

In the unlikely event of a security incident, we maintain incident response procedures including prompt notification to affected users, investigation, and remediation. We conduct regular security testing and maintain comprehensive incident response planning.

How do I delete my data?

You'll be able to request data deletion at any time through your account settings or by contacting support@twincounsel.com. We will delete all your data within 30 days of your request.

Do you sell my data to third parties?

Absolutely not. We do not sell, share, or monetize your data in any way. Your information is used solely to provide the TwinCounsel service.

Is using TwinCounsel ethically permissible?

Yes, when used appropriately. AI colleagues like TwinCounsel work under the attorney's supervision โ€” you're the editor, not the author, and you remain responsible for everything that goes out the door. We recommend reviewing your state bar's guidance on technology use.

Ready to learn more?

See how your legal twin works โ€” privilege-safe from day one.