Security & confidentiality
SophieScribe is built around how legal work actually moves: scoped to the matter, classification aware, attorney controlled, and provable end to end. Below is the posture in plain language.
Meeting capture
The audio path depends on which client your firm uses. On either path, audio and video are streamed live and discarded; only the transcript exists, briefly.
SophieScribe opens the meeting in a managed browser tab. Audio is captured locally from that tab via the W3C MediaStream API and streamed direct to our transcription service over an encrypted channel. No third-party participant joins the meeting; no SophieScribe presence is visible to other attendees. Works with Google Meet, Microsoft Teams (web client), and Zoom Web Client.
When the firm uses the Zoom / Teams desktop or mobile app — or any client where browser-tab capture is not possible — a named SophieScribe Assistant joins the meeting as a participant. The bot is visible in the participant list, runs in stream-only mode (no recording on our side or the bot subprocessor's side), and is configured to discard audio as it transcribes.
See How it works → Capture model for the full per-provider matrix and the consent posture recommendations by jurisdiction.
Confidentiality posture
Six load-bearing controls. Each is implemented at the architecture level, not bolted on as policy.
By default the system runs in a streaming mode where audio is transcribed in transit and discarded. Only the transcript and structured outputs persist, scoped to the matter.
Firms may opt in to a recorded mode for specific matter types. Recordings are encrypted at rest with keys you control. Retention is configurable and auditable.
Per-matter retention windows for transcripts, analysis outputs, agent task records, and audit trails. Defaults err on the side of less.
Per tenant data boundaries enforced at the database, API, and worker layers, with row level security and access checks scoped to the matter on every query.
Encryption in transit and at rest, segmented network paths, scoped credentials per worker, least-privilege service accounts, and ethical-wall enforcement at the access layer.
Privileged, confidential, and work product classifications are core data attributes that propagate to every output, surface, and downstream sync.
Provenance and auditability
From transcript span to extracted output to attorney approval to downstream sync, the lineage is preserved end to end and verifiable on demand.
Output lineage · acceleration clause issue
trail #ab27f1c0Transcript captured
Strategy review · seg #142 · 02:14
Ephemeral audio · transcript only
Issue extracted by agent
agent: issue-extractor · model v2.3 · conf 0.86
Source span: seg #142 to #144
Attorney approved
M. Park · 14 Mar 09:42 EST
Approval recorded · digest ab27…f1c0
Synced to matter timeline
Smith v. Jones · open issue #38
Lineage preserved · audit row #4421
Retention controls
Retention is set per matter, per artifact type, and overridable for sensitive work. Defaults are conservative. The system surfaces what it is keeping at all times.
Retention by artifact
Live audio (streaming mode)
Discarded in transit
n/a
Live audio (recorded mode)
Encrypted at rest
Per-matter retention window
Transcripts
Matter-scoped, retained
Customer-defined window
Analysis outputs
Linked to source span
Per-matter override
Audit & approval records
Immutable, retained
Compliance-driven
Standards & deployment
Compliance language stays honest. Designed for, built to support, ready for audit. Never claims of certification we don't yet hold.
SOC 2 program
Designed against SOC 2 Trust Services Criteria; controls and evidence under active development. Certification status communicated transparently and not implied otherwise.
GDPR & CCPA posture
Built to support GDPR / CCPA-aligned subject rights, data export, and erasure workflows. Deployment-specific commitments covered in the contract.
ABA Model Rules
Built to support the duties of confidentiality and supervision (Rules 1.6 and 5.3): attorney approval gates, audit attributed actions, and access scoped to the matter.
Sovereign deployment
Architected for single tenant and customer controlled deployments, including bring your own cloud arrangements where required.
Security and confidentiality
A confidentiality first architecture, designed around how legal work actually moves: matters, classifications, retention, and provable audit.
Streaming mode produces a transcript only. Audio passes through transcription and is discarded. Never written to disk, never persisted.
Firms can opt in to a recording mode for specific matters. Audio is encrypted at rest with customer controlled keys and retention policy.
Per-tenant data boundaries enforced at the database, API, and worker layers. Backed by row-level security and matter-scoped access checks.
Customer controlled retention windows for transcripts, analysis outputs, and audit records. Defaults err on the side of less.
Encryption in transit and at rest, segmented network paths, scoped credentials per worker, and least privilege service accounts throughout.
Privilege and confidentiality are core data classifications, propagated to every output and surfaced in the UI as the system handles the data.
Bring SophieScribe to your firm
Tell us a little about how your firm runs and we'll set up a walk through against your own meeting types. No recordings required, deployment options reviewed up front.
Confidentiality preserved · designed for privileged work