Your matters are privileged. We deployed for that.
FirmMemory is a single-tenant system inside an isolated environment per firm. No firm document and no firm query ever leaves the deployment perimeter. This page sets out the architecture in full, for the IT, risk, and COLP-facing teams a Knowledge Director will forward it to.
Last reviewed
May 2026
Scope
Architecture & hand-off
Audience
UK law firm IT & risk
Deployment
Single-tenant VPC
§ 01 · Deployment
01 / 08
Single-tenant. Two hosting models. The firm chooses.
Every firm gets a dedicated tenancy in an isolated VPC. No shared inference. No shared embeddings. No cross-firm contamination, including across our own client base. The hosting environment is chosen during discovery and recorded in the master services agreement.
NeuralHue UK cloudDEFAULT
A dedicated tenancy in NeuralHue's UK-region cloud infrastructure. UK data residency. Encryption at rest and in transit. SOC 2 Type I in progress; Type II targeted Q1 2027. The sub-processor list is disclosed in the security annex of the master services agreement.
The firm's own cloud tenancy
NeuralHue deploys into the firm's own AWS, Azure, or GCP tenancy. The firm retains custody of all infrastructure, keys, and logs. NeuralHue accesses the deployment only through firm-managed identity and audited sessions. Priced cost-plus on the firm's own infrastructure invoices.
In either model the deployment is single-tenant. The architecture below is the same; only the boundary of who holds the keys moves.
§ 02 · Perimeter
02 / 08
The perimeter, drawn.
Three concentric boundaries. The firm's matter content, embeddings, and synthesis model all sit inside the innermost. Foundation-model training infrastructure sits outside all three, with no connection to firm data at query time.
Fig. 01Deployment perimeter
Fig. 01 · Deployment perimeter. Connectors enter the firm VPC only. Synthesis runs inside the innermost boundary. Foundation-model training infrastructure sits outside all three boundaries and is not connected to firm data at query time.
§ 03 · Data boundary
03 / 08
What enters. What runs locally. What never leaves.
The architecture is set up so that a Knowledge Director can give a one-paragraph answer to the question their IT director will ask: where exactly does our content go?
Enters the perimeter
Matter documents and emails from the firm's DMS, mail archive, and closed-matter store. Connector identity and permissions inherit from the firm's existing systems. All ingestion is logged. Nothing is ingested without a written ingestion scope agreed during data preparation.
Runs inside the perimeter
Embeddings are computed locally on a model that runs in the deployment tenancy. The synthesis model runs in the deployment tenancy. The retrieval pipeline, the citation validator, and the gap-detection logic are all local. The pipeline does not call external APIs at query time.
Leaves the perimeter
The audit log, exported on the firm's schedule, to the firm's SIEM. That is the only outbound flow that contains firm-derived data. No document content. No query content. No embeddings. No model gradients.
Never happens
Firm matter content never enters a foundation-model training set. Contractually in the master services agreement, architecturally in the retrieval pipeline. There is no training feedback loop from the deployment to any NeuralHue-held model.
The lawyer trusts their colleague's prior memo. Not the model.
§ 04 · Privilege
04 / 08
Privilege is a deployment property, not a checkbox.
Legal professional privilege over ingested documents is preserved by the deployment architecture, not by a policy attached to it. The firm is the data controller for every document ingested into FirmMemory; NeuralHue is the data processor under the master services agreement, which incorporates the standard UK GDPR processor clauses.
A Data Protection Impact Assessment is completed jointly during discovery, before any matter content is ingested. The security annex sets out the specific controls: perimeter, access, logging, key custody, and processor obligations that support the privilege position. Conflict screens and matter walls in the firm's DMS are mirrored live by the ingestion layer; FirmMemory does not maintain a parallel permission system that could drift out of sync.
If a privileged document is withdrawn from the source DMS, for example because a conflict is identified post hoc, the next ingestion cycle removes it from the corpus and the embeddings. The audit log records the removal.
§ 05 · Ownership
05 / 08
What the firm owns at hand-off.
The pilot is a fixed-fee professional services engagement, not a software licence. The intellectual property split is set out in full in the master services agreement; it is reproduced here so an IT director can read it without leaving this page.
The firm owns, in perpetuity
The matter corpus and its embeddings. The evaluation kit tuned to the firm. All prompt configurations, retrieval parameters, and gap-detection rules tuned to the firm's work. All documentation, runbooks, and training materials produced during the engagement. The deployment configuration in the firm's chosen environment. With full source code and configuration access on day one of operation.
NeuralHue retains, and licenses in perpetuity
The generic FirmMemory platform codebase: the retrieval pipeline, the synthesis layer, the citation validator, and the gap taxonomy framework. The licence is perpetual, royalty-free for the deployed instance, and survives termination. NeuralHue cannot resell the firm's corpus, evaluation kit, or tuned configuration in any form.
Source code escrow
The platform source code is held with a UK-registered escrow agent. It is released to the firm on agreed trigger events, including NeuralHue ceasing to trade or materially failing to support the deployment. The practical effect: the firm can run and modify FirmMemory in perpetuity regardless of NeuralHue's continued involvement.
§ 06 · Frameworks
06 / 08
Frameworks. Honestly stated.
A first-pilot AI consultancy claiming to be SOC 2 Type II certified on day one would be lying. NeuralHue is not. The position below is stated as it stands in May 2026, and will be restated as it changes; the security annex of the master services agreement carries the current status and the auditor of record.
SOC 2 Type I
In progress. Targeted completion 2026.
SOC 2 Type II
Targeted Q1 2027. The Type I result is the gating step.
UK GDPR & Data Protection Act 2018
Compliant. NeuralHue acts as processor. DPA and SCCs available pre-engagement under NDA. Joint DPIA in discovery.
Sub-processors
Disclosed in full in the security annex before any matter content is ingested. Changes are notified in writing with a 30-day objection window.
§ 07 · Audit
07 / 08
The audit log is the product, not a feature of it.
Every query, every retrieved source, every claim, every citation, every refusal, every gap surfaced. Exportable in a format the firm's COLP and SRA-facing risk function will accept without rework. A separate audit log specification sets out the schema and retention model in full.
The intent is plain: when a partner asks the system a question and forwards the cited answer to a client, the firm can reconstruct, months later, exactly what was retrieved, what was synthesised, what was refused, and what gap was declared. That reconstruction is the trust artefact a regulator would ask for. The system is built to produce it on demand.
§ 08 · Refusals
08 / 08
What FirmMemory will not do.
The negative claims are the load-bearing ones. A security page made of green ticks is a marketing document. These are the refusals encoded in the architecture.
It will not answer ungrounded
Every claim in every response cites a paragraph in a specific document. The synthesis layer cannot return a sentence that does not resolve to a retrieved paragraph. Citations are validated against the actual retrieval set; hallucinated paragraph numbers fail validation and force a retry, then a degraded response if the retry also fails. There is no path in the pipeline by which the model invents a source.
It will not proxy adjacent precedent for a real one
If the firm has not done the work, the system says so. A question about Russian inbound investment does not get an answer about a UAE matter dressed up in similar prose. The gap is surfaced explicitly, with the named matter, or with a clean refusal where no matter is the right answer.
It will not draft client-facing legal advice
Pre-synthesis refusal patterns block requests for prediction, client-letter drafting, and firm-strategy advice. FirmMemory is a memory layer over the firm's prior work. It is not a substitute for a lawyer's judgement, and the deployment is wired to refuse the pretence that it could be.
It will not train a model on the firm's matters
Not ours, not a foundation provider's, not anyone's. Contractually in the master services agreement. Architecturally in the retrieval pipeline. There is no training feedback loop in the deployment. The synthesis model is used at inference only.
It will not exist as a shared service
There is no multi-tenant FirmMemory. Every firm gets its own tenancy, its own embeddings, its own model deployment. The phrase cross-firm contamination describes a failure mode the architecture is built to make impossible, not a risk the firm is asked to take on trust.
The gap is the trust signal. Not the answer.
Bring three partners. Leave with a working diagnostic.
Forty-five minutes. NDA-first. We come prepared with public information about your firm.
You leave with our written read on where Firm Memory would pay back inside a quarter, and a candid answer on whether we're the right partner for that work.
