LawyerAILawyerAIIndependent Reviews
  • Search
  • Categories
  • Tag
  • Collection
  • Blog
  • Compare
  • Glossary
  • Solutions
  • Pricing
  • Submit
LawyerAILawyerAI
  1. Home
  2. ›
  3. Glossary
  4. ›
  5. Zero Data Retention (ZDR)

Zero Data Retention (ZDR)

An AI vendor commitment that customer inputs and outputs are not stored beyond the immediate processing session — the strongest available privacy assurance for sensitive legal queries.

Last reviewed: 2026/05/22

Definition

Why It Matters for Lawyers

How AI Tools Handle It

Frequently Asked Questions

Does ZDR protect against subpoenas served on the AI vendor?
Substantially, yes. If the vendor retains no data, there is nothing to produce in response to a subpoena, warrant, or government data request. ZDR eliminates the vendor as a third-party custodian of client data. However, ZDR does not protect against legal process served on the law firm itself — the firm's own copies of AI-assisted work product remain subject to normal discovery and subpoena rules. The protection ZDR provides is specifically against data held by the vendor.
Is ZDR compatible with the EU AI Act's documentation requirements?
Yes. The EU AI Act Article 53 imposes technical documentation and transparency obligations on GPAI (general-purpose AI) model providers — not on customers of those models. ZDR applies to customer data; the AI Act's documentation requirements apply to the vendor's own model development and architecture documentation. These are separate obligations covering different data, and there is no conflict between a vendor offering ZDR to customers and the vendor maintaining required model documentation for regulatory compliance.
Can a vendor that offers ZDR still experience a data breach affecting my client data?
A breach cannot expose data that was never stored — if ZDR is correctly implemented and your session has ended, there is nothing to breach at the vendor. However, a breach occurring during an active session (while your data is in memory being processed) is theoretically possible, though in-memory attacks are substantially more difficult to execute than attacks on stored data. ZDR reduces but does not eliminate all possible breach scenarios. It eliminates the largest and most common threat vector: unauthorized access to stored data.

Related Concepts

Security

Vendor Training on Customer Data

Whether an AI legal tool uses client-submitted content — contracts, queries, briefs — to train or improve its models, with direct implications for attorney-client confidentiality.

Security

SOC 2 Type II Compliance

An independent CPA audit confirming a vendor's security controls operated effectively over 6–12 months against AICPA Trust Service Criteria.

Security

Data Residency for Legal AI

Where a legal AI vendor physically stores and processes client data — a compliance requirement under GDPR, data sovereignty laws, and attorney confidentiality obligations.

Related Tools

  • Harvey AI

    The most expensive legal AI in the market — Am Law 100 firms only.

  • Lexis+ AI

    Conversational legal research with real-time Shepard's citation validation.

  • Legalfly

    European-compliant AI legal platform with built-in GDPR safeguards for contract review and research.

Related Reading

  • Legal AI Security: What Every Law Firm Must Verify Before Adoption

Last reviewed: 2026/05/22. Definitions are written by the LawyerAI Editorial team. We do not accept affiliate commissions; Featured placement is clearly labeled and does not influence editorial content.

← All glossary terms
LawyerAILawyerAI

Independent Reviews

The independent directory of AI tools for lawyers — reviewed by methodology, not by ad budget.

X (Twitter)
Tools
  • Search
  • Categories
  • Tag
  • Collection
Resources
  • Blog
  • Compare
  • Glossary
  • Solutions
  • Pricing
  • Submit
  • Suggest a Tool
  • Newsletter
Company
  • About Us
  • Studio
Legal
  • Privacy Policy
  • Terms of Service
  • Cookie Policy
  • Refund Policy
  • Editorial Independence
  • Sitemap
Editorially independent. Methodology open and versioned.
© 2026LawyerAI Editorial

Zero Data Retention (ZDR) is an AI vendor commitment that customer inputs — prompts, uploaded documents, and AI-generated outputs — are not stored, logged, or persisted beyond the immediate processing session. Under a true ZDR commitment, the data exists only in volatile memory for the duration of processing and is discarded once the session ends. No copy is written to disk, database, log file, or backup system.

ZDR is the strongest privacy assurance currently available from commercial AI vendors. It is distinct from, and more restrictive than, the more commonly marketed "no training on customer data" commitment. The distinction is operationally significant for legal practice: a vendor that commits to no training may still retain session data for weeks or months for purposes including debugging, abuse detection, and compliance monitoring. A vendor with true ZDR retains nothing.

ZDR is primarily available at enterprise pricing tiers. Standard and free subscription tiers almost universally retain customer data for varying periods, typically ranging from thirty days to two years, depending on vendor policy and jurisdiction. Lawyers evaluating AI tools for client matters need to verify at which tier ZDR applies and obtain contractual confirmation rather than relying on marketing representations.

The term is most directly relevant to the API layer of AI infrastructure. OpenAI, Anthropic, and Google all offer ZDR (or equivalent commitments described as "no API data storage") through their enterprise API products, which form the underlying infrastructure for many commercial legal AI tools. The legal AI vendor's ZDR commitment must be understood in the context of both the vendor layer and the underlying model provider layer.

The attorney-client privilege and the duty of confidentiality under ABA Model Rule 1.6 create a professional obligation to protect client information from unauthorized disclosure. A data breach affecting a vendor's stored client data is not merely a technology incident — it is a potential Rule 1.6 violation, a malpractice exposure, and, where client notification laws apply, a regulatory event triggering breach notification obligations.

The threat model that ZDR addresses is data at rest. Once data is written to persistent storage, it becomes:

  • Vulnerable to unauthorized access by external threat actors (data breaches)
  • Subject to subpoena or legal process against the vendor
  • Accessible to vendor employees with administrative access
  • Retained potentially beyond the vendor's stated retention period due to backup system complexity
  • Subject to government surveillance requests (e.g., under FISA Section 702 for data held by US companies, or equivalent national security law in other jurisdictions)

Each of these risks is materially reduced when no data is written to persistent storage at all. There is no stored data to breach, subpoena, access, or retain indefinitely.

For law firms in the AmLaw 100, the data breach risk is well-documented. The Mandiant/Google Threat Intelligence Group reported in 2024 that law firms remained among the most frequently targeted sectors for state-sponsored data exfiltration, due to their access to confidential client business information and privileged legal strategies. The 2024 ILTA Technology Survey found that 23% of law firm respondents had experienced a security incident involving a third-party vendor in the prior twelve months. ZDR eliminates the stored-data attack surface for AI tools specifically.

For in-house legal departments, ZDR is relevant to GDPR compliance. GDPR Article 5(1)(e) requires that personal data be "kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed" (the storage limitation principle). For in-house teams using AI tools to process documents containing personal data of EU individuals, ZDR is the most straightforward implementation of GDPR's storage limitation principle with respect to AI-processed content.

ABA Formal Opinion 512 (2024) on AI in legal practice states that lawyers should "understand and consider the data retention and use practices of AI providers before using those tools for client matters." ZDR is the strongest possible positive answer to the retention portion of that inquiry.

How It Works (Technical)

In a ZDR architecture, the AI system is designed so that customer data flows only through volatile memory — RAM — and is never passed to any persistent storage subsystem. The implementation operates at the API gateway level: when a request arrives, it is processed in memory and the response is returned. No write operation is issued to a database, file system, object store, or log aggregator for the content of the request or response.

This requires architectural discipline across multiple system components:

API gateway: The ingress point must be configured not to log request bodies — only metadata such as timestamps, error codes, and request identifiers (which do not contain the content of the prompt or document).

Model inference layer: The model computation environment processes the input and generates the output in memory; neither input nor output is persisted as part of normal model operation.

Observability tooling: Standard software observability tools (application performance monitoring, distributed tracing, log aggregation) typically capture request payloads by default. ZDR requires these tools to be configured to exclude customer content from all observability pipelines.

Backup and disaster recovery systems: Organizations typically back up databases and file systems continuously. ZDR requires that backup scope explicitly excludes any storage location where customer inputs would otherwise be written — but since ZDR means nothing is written to those locations in the first place, this is a logical consequence of the architecture rather than a separate configuration.

The trade-off ZDR creates is operationally important: vendors cannot investigate reported errors without logs. If a lawyer experiences a system bug, incorrect output, or security anomaly during a session, the vendor cannot retrospectively examine the session logs to diagnose the issue, because there are no logs. This limits the vendor's ability to improve product quality based on real-world failures and to investigate abuse. Vendors offering ZDR typically handle this by relying on anonymous telemetry (performance metrics without content) and by asking affected customers to reproduce issues in a non-ZDR debugging environment.

A second operational consideration is session continuity. Features like "memory" across sessions, conversation history, and personalized AI responses are not possible under true ZDR — those features require that prior session data be retrievable. Law firms evaluating AI tools need to assess whether the workflow benefit of session continuity features outweighs the privacy benefit of ZDR for their specific use case.

How Legal AI Vendors Address It

Harvey AI offers ZDR at its enterprise tier. Harvey's enterprise agreements available to large law firms typically include an explicit ZDR commitment covering both prompt inputs and AI-generated outputs. Harvey has described this commitment publicly in discussions with major law firms, and it is a standard element of enterprise contracts with AmLaw 100 clients. Limitation: ZDR at the Harvey layer depends on Harvey's underlying model providers also operating without data retention — Harvey relies on Anthropic and OpenAI API infrastructure, and the enterprise API terms from both providers include no-storage commitments consistent with ZDR at the API layer. However, lawyers should verify the current version of both Harvey's enterprise agreement and the underlying provider's API terms, as these terms can change with notice.

Lexis+ AI (LexisNexis) provides data retention controls in its enterprise contracts. The specific question for Lexis+ AI procurement is whether the commitment offered is true ZDR or the weaker "no training on customer data" — the two are frequently conflated in vendor conversations. LexisNexis has a strong institutional interest in protecting the confidentiality of legal research patterns, and its enterprise terms reflect this. Limitation: law firms should request written clarification distinguishing the retention period for session data from the training commitment. If data is retained for thirty days for debugging but not used for training, that is a different risk profile than true ZDR.

LegalFly takes an approach driven by EU regulatory requirements. As an EU-based company, LegalFly operates under GDPR's data minimization principle (Article 5(1)(c)), which requires limiting data collection to what is strictly necessary, and the storage limitation principle (Article 5(1)(e)). LegalFly's data architecture reflects these requirements with ZDR or near-ZDR as a design principle rather than a contracted exception. For EU and UK law firms subject to GDPR and UK GDPR respectively, LegalFly's regulatory-driven approach provides structural privacy assurance that is enforced by law rather than only by contract. Limitation: the strength of GDPR as a constraint depends on effective enforcement — DPA enforcement timelines in GDPR investigations have historically been long.

OpenAI Enterprise API offers ZDR (described as "no API data storage") for enterprise API customers. Since several legal AI tools are built on the OpenAI API, a legal AI vendor's ZDR commitment may be partially or wholly derived from OpenAI's enterprise API terms. Understanding whether the legal AI tool uses the OpenAI Enterprise API (with ZDR) versus the standard OpenAI API (which retains data for up to thirty days) or a fine-tuned model (which involves a training data pipeline) is essential for accurately assessing data handling. Limitation: the architecture of the specific legal AI tool determines which tier of the underlying API is in use — lawyers cannot assume enterprise API terms apply without confirming with the vendor.

How Lawyers Should Verify a ZDR Claim

  1. Request the data processing agreement (DPA) and identify the specific ZDR commitment in writing. Marketing language about privacy commitments is not a contractual obligation. The DPA or enterprise agreement must contain a specific clause stating that customer inputs and outputs are not retained beyond the session. Identify the specific clause by section number. If the vendor cannot point you to a specific contractual provision, the commitment is not binding.

  2. Distinguish ZDR from "no training." Ask the vendor directly: "Is our data stored at all after the session ends, for any purpose, including debugging, security monitoring, or abuse detection?" If the answer is yes for any of these purposes, the commitment is no-training with temporary retention — not ZDR. That may be acceptable depending on your firm's risk tolerance and matter sensitivity, but it should be accurately understood.

  3. Verify the underlying model provider's data handling terms. Ask the vendor which underlying model provider(s) their tool uses, and whether they use the enterprise API tier of that provider. Review the enterprise API terms for that provider to confirm ZDR or equivalent no-storage commitments apply. Document your review.

  4. Address ZDR limitations for compliance logging. Some regulatory frameworks (e.g., SEC Rule 17a-4 for broker-dealer record retention, HIPAA for covered entities) require retaining records of business communications and activities, which could include AI-assisted legal work. In regulated industries, ZDR may conflict with mandatory retention obligations. Resolve this tension before deploying ZDR-tier tools — you may need to maintain your own logs of AI interactions to satisfy record retention requirements, even when the vendor retains nothing.