Each firm operates inside a cryptographically isolated tenant — a dedicated namespace spanning the application layer, the relational corpus, the vector index, and the document store (per-tenant key prefixes in Cloudflare R2). Every read and write path carries a tenancy assertion validated independently at the application boundary and at the database boundary under row-level-security policy; both must agree on the requesting tenant before any record is returned. Tenant context is established at sign-in and bound to every audit-log entry under Tex. Disc. R. 1.05 retention. Cross-tenant inference is architecturally not addressable: there is no API, query, or embedding path that can resolve another firm's data. Full posture at /security.

TLS 1.3 in transit (HSTS + preload eligible). AES-256-GCM at rest in Postgres and via Cloudflare R2 server-side encryption for document blobs. Backups are encrypted with separate keys. The Dedicated Private Cloud tier additionally rotates a per-tenant DEK.

Two layers. Retrieval-grounded generation means every answer cites paragraph-level chunks from your firm's own corpus or the underlying authority — answers without a cited source are blocked at the inference layer, not just hidden in the UI. Citation verification runs cite-check on every Texas citation in a draft before it can be exported or filed; fabricated case names fail the check and get flagged with the actual reporter row that does or doesn't exist. Paralegal-generated drafts also flow through the attorney approval queue (see below).

A role-gated seat tier. Paralegals get intake forms, doc upload, citation lookup, statute search, calendaring, and first-draft generation of routine forms. They cannot draft causes of action of any kind, send filings, run opposing-counsel intelligence briefs, or export final letterheaded documents. Every paralegal output drops into the supervising attorney's approval queue — that queue itself is the supervisory record under Tex. Disciplinary R. 5.03. Defensible against UPL claims; malpractice carriers ask for it. See /paralegal.

SOC 2 Type II is in progress — targeting Type I report Q3, Type II report Q1 of next calendar year. We have controls implemented today (audit log, encryption, tenant isolation, MFA-able admin auth) and the gaps are documentation + auditor engagement, not the underlying posture. Procurement contacts can request the current bridge-letter/control-mapping at rollingsentiment@gmail.com.

Multi-tenant tier: Fly.io dfw region (Dallas) for compute; Neon Postgres primary in us-central; Cloudflare R2 with US locality. Dedicated Private Cloud tier is provisioned single-tenant on request — including TX-only data residency, BAA, and customer-supplied KMS keys.

Your firm's corpus and audit log are exported on request — full JSON + the original source files. Dedicated Cloud tenants additionally get a Postgres pg_dump. Standard retention is 30 days post-cancellation, then permanent deletion (90 days at GA). We'll provide a written deletion certificate on request for your malpractice carrier or bar grievance file.

VOUX CORE is the production surface. Our DPA + privacy policy disclose every sub-processor, including the inference-layer provider, per Texas Bar Advertising Rule 7.04. We don't put third-party model names in the product UI because firms evaluating legal-tech AI repeatedly ask “wait, my privileged data is going to a chatbot?” and the answer needs to start with the controls (private inference, sealed corpus, no training on tenant data) — not the brand.