Where Does Your Data Exist During Processing?
Most AI vendors encrypt at rest but process in plaintext. SOC 2 audits storage, not inference. The question that matters is architectural.
Privacy Policies Are Promises. Architecture Is Physics.
Most "secure AI" products encrypt data at rest, require MFA, and hold SOC 2 certifications. These address storage. During inference, your content is plaintext in the vendor's compute environment—decrypted, loaded into GPU memory, and processed on infrastructure the vendor controls. Storage controls don't protect content during processing.
Contractual Controls: Necessary But Not Sufficient
Zero Data Retention agreements, DPAs, and no-training clauses matter. They set the contractual framework for how vendors handle your content. But contractual controls are promises—they don't survive a court order that compels production of data the vendor already has.
ZDR Agreements
AI providers contractually commit to process in memory and immediately discard. No logs, no caches, no training. Essential—but only addresses the provider, not the vendor routing your content to the provider.
DPA & Processing Roles
Data Processing Agreements assign controller/processor roles for GDPR compliance. But the Stored Communications Act doesn't care who the contract calls the custodian—if the vendor stores your data, law enforcement can compel production.
No-Training Clauses
Enterprise contracts prohibit training on your data. This prevents model contamination but does not address the window of exposure during which your content exists on the vendor's infrastructure in plaintext.
SOC 2 & Compliance
SOC 2 audits access controls, encryption at rest, and operational procedures. It does not audit what happens to your content during AI inference—the moment when privilege exposure actually occurs.
Architectural Controls: Survive Court Orders
inCamera removes itself from the content path entirely. This is not a better policy. It is a different architecture.
Local-Only Client
Documents, prompts, and chat history exist only on your device. A desktop application—not a web app—processes documents locally. No server-side storage of work product. Our server database has zero content fields because it was never designed to receive content.
Zero Data Retention
AI providers process queries in transient memory and immediately discard. No disk writes, no logs, no training. Contractual ZDR agreements with Google Vertex AI Enterprise and OpenAI ensure ephemeral processing.
Ephemeral Key Exchange
ECDH key agreement provisions AI access without inCamera ever touching user queries. The server generates credentials on-demand, encrypts them with the client's public key, and never stores them. We distribute keys; we never see payloads.
Direct-to-Provider
Your content goes from your device directly to the AI provider. We occupy the authentication plane only—never the data plane. If subpoenaed, we have nothing to produce because we never had it.
A note on SOC 2: We don't hold SOC 2 certification because we don't process customer data on our servers. Your prompts and documents flow directly from your device to AI providers; we only handle authentication.
Your Content Never Reaches Our Servers
Your prompts and documents flow directly from your device to AI providers. inCamera verifies your identity and provisions credentials. We never see, route, or store your content.
⟡ Passthrough Authentication
When you send a prompt, inCamera verifies your identity and provides credentials. The actual content—your documents and questions—travels directly from your device to the AI provider. We authenticate the user; we never touch the payload.
- Your account and profile information
- Email, bar credentials, firm name
- Authentication timestamps and session metadata
- Billing usage amounts
- That you requested AI access (not what you asked)
- Your prompts or questions
- Your documents or files
- AI responses you receive
- What matters you're working on
- Any of your work product
Security Through Verification
By limiting access to verified attorneys in good standing, we maintain the integrity of our service. This verification isn't just about compliance—it's about ensuring that our Zero Data Retention agreements are used for their intended purpose: protecting legitimate legal work.
"When every user is a verified attorney, we can make stronger commitments about how the platform is used. This gives us the standing to negotiate and maintain our Zero Data Retention agreements with AI providers. Your colleagues' verification protects your privacy as much as your own."
Zero Data Retention Agreements
Contractual ZDR agreements with our AI providers ensure ephemeral processing. This is Pillar 2 of the architectural controls—combined with the local-only client (Pillar 1) and ephemeral key exchange (Pillar 3), it means no entity retains your content after processing completes.
- Prompts are processed in memory and discarded immediately after the response is generated
- No logs, caches, or stored transcripts are created
- Your content is never used to train or improve AI models
- If compelled by legal process, no prompts, documents, or transcripts can be produced—they do not exist
- Because no logs or stored data exist, neither inCamera nor AI provider employees can retrieve or review your content
If Requested by Any Party
If requested by any party, the only information we can provide is that you have an account and your billing usage amounts. If compelled by legal process, no prompts, documents, or transcripts can be produced—they do not exist. This is not a policy choice. It is a consequence of the architecture.
Security Architecture
Detailed technical documentation for security professionals and compliance reviews.
LLM Privacy Tiers
Understanding the spectrum of privacy when using AI, from consumer chatbots to local deployments, and where inCamera's aggregated ZDR fits in.
API Key Distribution
Technical architecture for secure distribution of third-party API keys, including end-to-end encryption, cryptographic signatures, and forward secrecy over untrusted network channels.
Questions About Security?
We're happy to discuss our security architecture in detail or provide documentation for your firm's compliance review.