We respect attorney-client confidentiality. No tracking pixels in our emails.
A deep dive into zero data retention claims in legal AI — what ZDR actually means technically, which vendors truly deliver it, and how to verify before you sign.
2026/04/01
"Zero data retention" has become one of the most frequently cited selling points in legal AI. When a vendor's sales deck says ZDR in large text on slide three, it signals: your client data is safe with us. Law firms and in-house legal teams have been trained to look for this claim as a prerequisite for adoption.
The problem is that "zero data retention" means different things to different vendors — and sometimes it means almost nothing at all. There is no industry-standard definition of ZDR, no independent certification body that verifies ZDR claims, and no regulatory framework that enforces them. Lawyers relying on a vendor's ZDR marketing language to satisfy their confidentiality obligations are, in many cases, relying on something they have not adequately investigated.
This guide cuts through the marketing to explain what ZDR actually means technically, how to distinguish genuine ZDR from marketing language, where the hidden risks live even when ZDR is real, and how to verify vendor claims before you trust them with your clients' most sensitive information.
Zero data retention, in its strictest technical sense, means that data you input into a system is not stored after the session ends. No logs, no training pipelines, no audit trails — the data passes through a processing layer and is gone.
In practice, vendors mean at least six different things when they say "zero data retention":
1. True ephemeral processing: The system processes your input in memory without writing to persistent storage. Data is not retained after the API call completes. This is genuine ZDR. It is technically demanding — logs, caches, and error recovery systems typically require some persistence — and rare in its pure form.
2. No training data retention: The vendor promises your data will not be used to train or fine-tune their AI models, but it may still be logged, stored temporarily, or retained for debugging purposes. This is the most common meaning of "ZDR" in vendor materials. It is important — you do not want your client data improving a competitor's model — but it is not the same as true ephemeral processing.
3. Short-term retention with deletion: Data is stored for a limited period (24 hours, 30 days) and then deleted. Useful for operational reasons but not zero retention. Some vendors describe this as "ZDR" because the long-term retention is zero.
4. ZDR with carve-outs: The main product has zero data retention, but specific features (fine-tuning, personalization, analytics dashboards, audit logs) retain data. Read the fine print carefully — ZDR may apply to the core model inference but not to the workflow layer wrapped around it.
5. ZDR by configuration, not by default: The vendor offers a ZDR tier or configuration option, but it must be specifically requested and is often only available on enterprise contracts. Default configurations may not be ZDR.
6. ZDR as marketing language without technical specificity: The vendor uses "zero data retention" in marketing materials without defining what it means in contractual terms. This is the most dangerous category — without contractual specificity, the claim is unenforceable.
See the ZDR glossary entry for a technical breakdown of each variant.
Even when a vendor genuinely implements zero data retention in its own systems, your data may flow through subprocessors who do not. This is the most common gap in otherwise credible ZDR claims.
A subprocessor is any third-party company that processes personal data on behalf of the primary vendor. In the legal AI context, subprocessors typically include:
When Harvey AI or Lexis+ AI claims ZDR, the question is not just whether Harvey or Lexis retains your data — it is whether every entity in their processing chain has equivalent protections. A vendor's own zero data retention commitment is meaningless if they pass data to a subprocessor who logs and retains it.
What to look for:
Many vendors conflate "opting out of training data use" with "zero data retention." These are distinct protections.
Training data opt-out means: your data will not be used to fine-tune or retrain the AI model. Your interactions with the system are excluded from the training pipeline. This matters enormously — you do not want your privileged client data improving the model that your adversary's law firm also uses.
Zero data retention means: your data is not stored at all, for any purpose, beyond the processing required to generate a response.
Training data opt-out does not imply ZDR. The vendor may still log your queries for security monitoring, retain interaction history for debugging, store data in error logs, or keep records for compliance purposes — while genuinely not using any of it for training. ZDR means none of that happens.
Some vendors offer training data opt-out by default but charge extra for true ZDR configurations. When a vendor says "we don't use your data for training," ask the follow-up question: "Is my data retained in any form after my session ends, and if so, where and for how long?"
We examined the ZDR claims of four major legal AI platforms used by law firms and in-house legal teams. This analysis is based on publicly available terms of service, data processing agreements, and direct vendor conversations. Vendor practices change — verify current terms before relying on this analysis.
Harvey markets itself as built for law firms and claims enterprise-grade data protection. Harvey offers a data processing agreement that includes commitments against using client data for model training. For enterprise customers, Harvey operates with a ZDR configuration for the inference layer — meaning data is not stored after generation.
Caveats: Harvey's ZDR commitment applies to the inference layer. Audit logs and security monitoring systems may retain limited metadata (query timestamps, error events) for operational purposes. Harvey is built on top of foundation models from Anthropic and other providers — the DPA should be verified to include flow-through commitments to those subprocessors. For full analysis, see Harvey AI on LawyerAI.
Verification status: ZDR commitment available in enterprise DPA; subprocessor list available on request. Credible but requires contractual confirmation.
Microsoft's enterprise data protection commitments are among the most mature and well-documented in the market. For enterprise M365 customers, Microsoft commits that: prompt and response data is not used to train foundation models, data is processed within the tenant boundary, and enterprise data is not shared across tenants.
Caveats: Microsoft's ZDR commitment for M365 Copilot applies when the tenant has the appropriate enterprise configuration. The commitment does not apply to consumer Microsoft accounts or Microsoft 365 plans below the enterprise tier. Additionally, Microsoft's AI product suite is rapidly evolving — features added to Copilot may have different retention characteristics than the core product. Microsoft publishes a comprehensive subprocessor list, which is a positive indicator of transparency.
Verification status: Strong contractual documentation available. Subprocessor list publicly available. Best-in-class transparency for the category. Compare Harvey AI vs Microsoft Copilot for a full feature and security comparison.
LexisNexis has updated its Lexis+ AI data practices to include a commitment that customer data is not used to train AI models. Enterprise customers can obtain a data processing agreement with explicit ZDR commitments.
Caveats: LexisNexis's product suite is large and the ZDR commitment should be verified to apply to the specific Lexis+ AI features you use, not just the brand as a whole. LexisNexis has subprocessors for infrastructure and other services — the DPA should include flow-through commitments. Lexis+ AI includes personalization features (saved searches, work history) that by their nature require some data persistence — understand how these features interact with ZDR commitments.
Verification status: ZDR commitment available in enterprise agreements. Subprocessor documentation available but requires vendor engagement to obtain full list. Credible with appropriate due diligence.
Thomson Reuters has published AI commitments as part of its enterprise AI terms. Customer data is not used to train models without explicit consent. Enterprise DPAs available with ZDR provisions.
Caveats: Thomson Reuters' suite includes products with different data architectures (Westlaw research, Contract Express, CLEAR investigative). Verify that ZDR commitments apply across the specific products you use, not just the flagship research product. Thomson Reuters is a large enterprise with complex data flows — a thorough subprocessor review is warranted for high-sensitivity matters.
Verification status: ZDR commitment available in enterprise agreements. Documentation transparency comparable to other enterprise vendors in the category. See Westlaw Precision on LawyerAI for our full review.
Before relying on any vendor's ZDR claim for client data in legal matters, work through this verification checklist:
Contractual documentation:
Subprocessor due diligence:
Technical verification:
Ongoing monitoring:
For solo and small firm practitioners who lack the resources to negotiate custom DPAs, legal AI solutions for small firms lists tools with accessible privacy protections.
For enterprise buyers, ZDR commitments are negotiable — and many vendors who do not advertise ZDR will agree to it by contract if pressed. Key negotiating points:
Define ZDR explicitly in the contract: Do not accept "zero data retention" as an undefined term. Negotiate specific language: "Vendor shall not store, log, or retain any Customer Data input into the Service beyond the processing time required to generate a response, except as required by applicable law."
Specify carve-outs and retention limits: If the vendor requires some logging (security, error recovery), negotiate explicit limits: what is logged, the maximum retention period, and who has access.
Include audit rights: The right to request an independent audit of data retention practices — even if you never exercise it — creates accountability and signals that you take verification seriously.
Require subprocessor flow-through: "Vendor shall ensure that all Subprocessors are bound by data protection obligations no less protective than those in this Agreement."
Negotiate breach notification timelines: Industry standard is 72 hours for notification under GDPR. For attorney-client privileged data, negotiate an equivalent standard regardless of jurisdiction.
Q: What does zero data retention actually mean in legal AI?
In the most precise technical sense, ZDR means your data is not stored anywhere after the system processes your query and generates a response — no logs, no training pipelines, no backup copies. In practice, most vendor ZDR claims mean something narrower: that your data will not be used to train AI models, with some carve-outs for operational logging. The distinction matters — true ephemeral processing provides stronger protection than training-data-only opt-outs.
Q: How do I verify that a vendor actually implements ZDR?
Start with the contract — a credible ZDR claim should be reflected in a signed DPA with specific, defined commitments. Then look for independent verification: SOC 2 Type II audits that cover data retention controls, ISO 27001 certification, or third-party penetration test reports. Ask the vendor to walk you through their technical architecture for how ZDR is implemented. If a vendor cannot explain their ZDR implementation technically, treat the claim skeptically. See the vendor verification checklist above.
Q: Which legal AI vendors offer true zero data retention?
Among major legal AI platforms, Harvey AI and Microsoft Copilot for enterprise have the most credible and well-documented ZDR commitments. LexisNexis and Thomson Reuters offer ZDR commitments in enterprise agreements. Smaller or newer vendors may have weaker documentation even if their technical implementation is sound — require contractual specificity regardless. No vendor should be taken at their word without a signed DPA.
Q: What contractual protections should I require beyond ZDR?
At minimum: explicit training data opt-out, a complete subprocessor list with flow-through protections, breach notification within 72 hours, audit rights, and a data residency commitment where required for EU personal data. For high-sensitivity matters, also negotiate insurance requirements (cyber liability), indemnification for data breaches, and a right to terminate if the vendor's security posture materially changes.
Q: What are the subprocessor risks I should know about?
The primary subprocessor risk in legal AI is that your data passes through infrastructure or AI model providers whose own data retention practices are different from the primary vendor's commitments. A common scenario: a legal AI tool built on OpenAI's API claims ZDR, but the contractual chain between you, the legal AI vendor, and OpenAI does not adequately flow through the ZDR commitment. Require a complete subprocessor list and verify that the primary vendor's DPA requires equivalent protections from all subprocessors. Changes to the subprocessor list should require advance notice — you need to be able to exit the contract if a new subprocessor creates unacceptable risk.
Editorial Independence: LawyerAI.directory is reader-supported. We do not accept payment for placement in our reviews or tool listings. Our scores reflect independent testing and editorial judgment. Learn more about our methodology.