Security & trust at Daymark.

Encryption, retention & deletion

• Encryption at rest
• Encryption in transit (TLS) across all services
• Zero data retention on the model-provider call path
• Never used to train any AI model
• Designed multi-system deletion with a completion certificate
• Tamper-evident, metadata-only deletion manifests

Isolation & access

• Each firm runs in its own dedicated instance and database
• Server-enforced firm and matter access
• Daymark staff don't access your matter content in routine operations; emergency access uses a break-glass process that is authorized, time-limited, and logged
• Multi-factor authentication required on administrative access
• Securely designed credential scoping per firm
• Role-based admin for seats, retention, and legal hold

Hosting & resilience

• US-hosted on enterprise cloud infrastructure
• Managed key vault for per-firm secrets
• Governed gateway in front of every model call
• Backups and point-in-time recovery
• Secrets injected from the environment, never logged

The model layer

• Every model call routes through a governed gateway
• No ungoverned model calls
• No-training and zero-retention enforced, with contractual flow-down to providers
• Answers are generated only from your firm's own documents, not the open web
• Pinpoint citations verified server-side before they're shown

The record

• Audit logs capture system and account activity across your workspace
• Your firm's workspace keeps its own encrypted history of queries and answers, isolated to your firm and under your retention, legal-hold, and export controls
• Records are exportable for your own file and reasonable-efforts record

Your data, your control

• Firm-configurable retention period (admin-set)
• Per-matter legal hold overrides automated deletion
• Your data is yours, and you can export it on request

• §Confidentiality: Rule 1.6 + ABA Opinion 512. No-training, zero-retention, and per-firm isolation address the "open, self-learning AI" risk that ABA 512 and 2026 state guidance flag. ABA Model Rule 1.6 · ABA Formal Op. 512 (2024)
• §Privilege: the Kovel agent-of-counsel doctrine. Daymark is enterprise-tier, under your firm's control, and used at the direction of counsel, with a record of how it was used. That is the posture courts have associated with privilege in the Kovel line. Whether privilege attaches is always your lawyers' call, and ultimately the court's. United States v. Kovel, 296 F.2d 918 (2d Cir. 1961) · United States v. Heppner, 2026 WL 436479 (S.D.N.Y. Feb. 17, 2026)
• §Work product: the litigation work-product doctrine. Private, governed, no-train use should not, by itself, waive work-product protection; waiver remains fact-specific. Warner v. Gilbarco, Inc., No. 2:24-cv-12333 (E.D. Mich. Feb. 10, 2026)
• §Competence: Rule 1.1 and the AI-hallucination cases. Pinpoint citations to source and page, verified server-side; each answer carries a Source Trail you can open and check, and you verify before you rely. Courts have sanctioned lawyers for filing AI-fabricated citations. ABA Model Rule 1.1 · Mata v. Avianca, Inc., 678 F. Supp. 3d 443 (S.D.N.Y. 2023)

Contracts & obligations

• Written data-processing commitments in your customer agreement: no-training, limited use, and subprocessor flow-down
• Security-incident notification protocols in place
• Data export and documented deletion on termination
• Open source under AGPL