Legaltech

    Control AI in contract review, legal research, and case workflows — with hard limits, policy, and privilege-aware tamper-evident audit on every decision, before it executes.

    A contract-review workflow drafts a summary touching privileged text. A matter-intake workflow reaches for a non-approved model on a new client. A discovery workflow floods the provider during a brief-filing window, crowding out a partner's real-time research. No one saw it until the client asked.

    Keel evaluates a permit before each provider call, using the rules your team defines, and writes a tamper-evident record of every decision.

    Where Systems Break Down

    • A contract-review workflow pipes a privileged passage to a provider without a signed DPA, and no rule stopped it
    • A new model rolls into discovery and per-document cost jumps 5× before a partner asks
    • A discovery burst during a brief-filing window starves an associate's real-time research
    • A client audit asks who authorized a specific AI-drafted passage in their matter — and the answer is "we have logs"
    • Billing asks for per-client-matter AI spend — someone reconciles from provider invoices and timekeeper notes for a week

    What Stops Before the Provider Call

    Every request is evaluated at the permit seam. Unsafe, unbudgeted, or unauthorized requests don't reach the model.

    • Policy gates — provider, model, and workflow choices are checked against authored rules before dispatch; mismatches never reach the model
    • Budget enforcement — per-client, per-matter, and per-practice-group budgets evaluated before the provider bill accrues
    • Throttle as a first-class outcome — HTTP 429 with Retry-After for lower-priority flows during peak filing or discovery windows
    • External attestation gate — challenge privileged or conflict-sensitive workflows until an approved reviewer, an internal approval service, or an existing customer-operated upstream control attests that execution may proceed

    Example Rules You Can Enforce

    Plain English, backed by the policy engine today.

    • "Privileged-client work only on zero-retention providers, under signed confidentiality terms your firm maintains." Deny when the workflow handles privileged client data and either the provider's data retention is not zero or the confidentiality-terms compliance flag your firm maintains on the provider is not set.
    • "Litigation matters use audited models only." Deny when the matter category is litigation and the selected model is not in the audited allowlist.
    • "No EU matter touches a non-EU provider, ever." Deny when the matter's jurisdiction is EU and the provider's region is outside the approved EU region set — regardless of fallback, regardless of which team invoked the call.
    • "Conflict-sensitive workflows require external attestation before execution." A challenge decision holds the request until an approved reviewer or upstream conflicts-check system attests the workflow may proceed.

    Where the Firewall Strengthens the Baseline

    The prompt firewall runs a platform-wide baseline every project inherits. Your team can add legal-specific detectors on top — never weaken below the floor. Detectors are evaluated before provider dispatch; blocking matches precompute a deny outcome and are recorded in the decision details. This layer screens request content; the decision still happens at the permit.

    • Matter and client-number patterns, privileged-legend language
    • Settlement-confidential and sealed-case references
    • High-net-worth client PII combined with financial identifiers
    • Embargoed-case and opposing-party lexicons for conflicts-sensitive practice areas

    What the Decision Record Proves Later

    This is what your auditor will ask for. Every evaluated request produces a permit — the decision artifact that survives the conversation.

    • Permit — the unit of governance; decision, reason, rule basis, provider, model, budget state
    • Stable reason code — machine-readable codes that mean the same thing across every audit, replay, and SDK
    • Tamper-evident per-project chain — every governance event participates in a chain that makes modifications detectable on later review
    • Cryptographically signed export — Ed25519 signed, verifiable via included CLI, for bar-association review, client audit, or regulatory inquiry
    • Externally anchored checkpoint — signed chain snapshots published to storage outside the runtime, on a regular cadence
    • RFC 3161 timestamp receipt — external timestamp witness evidence from an authority Keel does not control

    Cost Now, Compliance Later

    Cost. Provider charges don't show up on the practice-group dashboard until the bill arrives. Keel blocks unbudgeted and out-of-policy execution at the permit seam — before the provider call, not during month-end reconciliation. When estimated cost diverges from actual cost, the usage ledger supports correction, not just reporting.

    Compliance. Bar-association review, client audit, and regulatory inquiry all ask the same question — who made this request, under what rule, using which provider and model, and why was it allowed? The permit answers it. The signed export produces it. The externally anchored checkpoints and independent timestamps let an auditor verify the record against a party Keel does not control.

    If a request shouldn't have run, it shouldn't reach the provider.

    Next