Practice Documentation

What It Is

This is dedicated email hosting designed for legal practitioners. It is not a rebranded generic email service. It is built around three problems that generic email cannot solve: identifying who is writing to you, recognising when communications attract legal professional privilege, and linking correspondence permanently to matter files.

The platform works with any standard email client — Outlook, Apple Mail, Thunderbird. Your existing workflow does not change. The intelligence layer runs underneath it, continuously.

What It Does

Correspondent identification. The complete Queensland Law Society register — every practising solicitor and barrister in Queensland — is part of the system. When a lawyer emails you, the platform cross-references the sender's details against QLS records and confirms who they are: their full name, firm, practising certificate class, and current registration status. This happens on arrival, before the email reaches your inbox.

Privilege recognition. Emails between solicitor and client that attract legal professional privilege are flagged at the point of delivery. The assessment runs against your active matter records — the system knows who your clients are and when a communication falls within the scope of a privileged retainer. Flagged communications carry a privilege indicator visible before any forwarding, export, or disclosure decision is made.

Matter linking. Every email connected to an active matter is automatically attached to that matter file. Correspondence does not accumulate in a general inbox — it becomes part of the permanent, searchable matter record from the moment it arrives.

Secure delivery. All email in transit is encrypted. Sending authentication is enforced — your domain cannot be spoofed to send fraudulent emails in your name. Inbound email is screened for malicious content before delivery. Deliverability to other legal practices and courts is enterprise-grade.

External client access. Works with any standard email client via IMAP and SMTP. Platform subscribers additionally access a full webmail interface with matter-linked inbox, correspondence threading, and integrated draft management.

Why Lawyers Need It

Inadvertent disclosure of privileged material is one of the most serious — and most preventable — professional conduct issues in Queensland practice. Generic email systems treat all messages identically. There is no filter between you and a forwarding error. There is no flag on a document that says "this is privileged — verify before disclosing."

Every time a document is shared in discovery, every time a bundle goes to chambers, every time a solicitor responds to a subpoena, there is an opportunity for inadvertent disclosure. The consequences are disproportionate to the administrative error that caused them: waiver of privilege, costs orders, and in serious cases, disciplinary proceedings.

Identification matters. You cannot always know whether the person writing to you is a currently practising solicitor. This matters for service — an email served on a person who is not authorised to accept service on behalf of a party is not good service. It matters for professional obligation — communications with lawyers carry different obligations than communications with unrepresented parties. It matters for privilege assessment — the capacity in which a person is writing affects whether the communication is privileged.

Having QLS registration confirmed automatically, on every incoming email, removes this uncertainty.

How It Enhances Legal Practice

Privilege protection becomes structural. Before a document leaves the system, the privilege flag is visible. The risk of inadvertent waiver is materially reduced — not by policy, not by a checklist, but by the architecture of how email moves through the practice.

Correspondence is organised from arrival. Mail reaches the matter file linked, indexed, and searchable. When you need to brief counsel, the correspondence is already organised. There is no separate process of matching emails to matter files.

You know who is writing to you. Every incoming email from a QLS-registered lawyer arrives with their registration details confirmed. You see their firm, their certificate class, and their current status. You are not relying on the sender's email signature — you are relying on the QLS register.

The practice keeps its email history. When a fee earner leaves, their correspondence history remains in the matter files, linked and searchable. Institutional knowledge embedded in email does not walk out the door.

What It Is

Private cloud storage is a secure, self-hosted platform for storing, organising, and sharing documents within and outside your practice. It provides shared folders, file synchronisation, version history, and client file exchange — running on a dedicated server in Australia under your direct control.

The platform delivers the same functionality as major commercial cloud services. Files sync to your desktop and mobile devices. Team members access the same folders from any location. Clients receive secure, time-limited download links. The difference is where the data sits and who can access it.

What It Does

Shared document storage. Create folder structures by matter, practice area, or team. Every fee earner and support staff member works from the same folder, on the same version of the same document. There are no "please use this version" emails and no version conflicts from simultaneous editing.

File synchronisation. Files sync automatically to desktops, laptops, and mobile devices. Working offline is supported — changes sync when you reconnect. This works on Windows, macOS, iOS, and Android.

Version history. Every version of every document is retained. If a document is overwritten or accidentally deleted, you recover the previous version. The version history shows who made each change and when.

Client file exchange. Instead of emailing large documents — with the security and privilege risks that entails — you send the client a secure link. They download the file directly. The link expires after a set period. You receive confirmation when the client accessed the document. This is auditable evidence of delivery.

Access controls. Access to folders and files is controlled at a granular level. A conveyancing paralegal sees conveyancing matters. A family law solicitor sees family law files. Nothing is visible to anyone whose access has not been specifically granted.

Full audit log. Every file access — view, download, edit, delete — is logged with timestamp and user identity. The log is available on demand for compliance audits and professional conduct inquiries.

Why Lawyers Need It

The major commercial cloud storage providers operate under US law and their own terms of service. Client files stored on those platforms are subject to conditions that create real risk for legal practices.

Foreign law exposure. Under the Clarifying Lawful Overseas Use of Data Act (CLOUD Act), US law enforcement agencies can compel US technology companies to produce data stored anywhere in the world — including on Australian servers operated by US companies — without notifying the data subject. This applies regardless of where the physical server sits. Data stored in a US company's Australian data centre is not immune.

Provider terms of service. Commercial cloud providers' terms of service reserve substantial rights to access, process, and use the data you store. These rights coexist with your retainer and your professional obligations. In some cases they conflict with them. Your client's file, on a commercial provider's server, is subject to those terms whether you have read them or not.

Privilege risk. Legal professional privilege attaches to confidential communications between a lawyer and client. A document stored on a third-party server, accessible to that third party under their terms of service, has a weaker claim to confidentiality than a document stored on hardware you control. Whether this affects the privilege analysis depends on the circumstances — but the risk is real and avoidable.

Provider continuity. Commercial cloud providers change their pricing, modify their terms, exit markets, or become insolvent. When this happens, the migration window is typically short and the process is difficult. For a legal practice, inaccessibility of client files — for any reason — is a professional conduct issue.

How It Enhances Legal Practice

Client file exchange is secure and auditable. You know when a client opened the document you sent them. You have a record of delivery. This matters for service, for evidence of delivery in disputes, and for managing client relationships where receipt of advice is contested.

Collaboration is organised. Fee earners and support staff work from the same version of the same document, in a folder structure that mirrors the practice's matter organisation. The chaos of emailed attachments with competing version numbers stops.

The compliance position is clean. Data stays in Australia. Access is logged. There is no third-party access risk. When a client asks where their files are held — and clients increasingly do ask — the answer is straightforward: dedicated hardware in Australia, under our direct control, with a full audit log of every access.

Client answers to hard questions. "Who can access my documents?" The answer is: only people you authorise. No overseas law enforcement. No cloud provider. No AI training system. Only your practice and the people you have given access.

What It Is

Private AI is a legal AI assistant that runs entirely within your own infrastructure. It does not connect to any external service. Every prompt you enter, every document you submit, every draft it produces — all of it processes on your servers, in Australia, and stays there.

The AI assistant has access to your actual matter files, your correspondence history, and your document register. This is what separates it from every public AI service: it knows the context of your practice, not just general legal knowledge. When you ask it to draft a letter about a particular matter, it has read the file.

What It Does

Document drafting. Provide the AI with an instruction — "draft a letter to the solicitor for the second defendant confirming our client's position on the proposed consent orders" — and it produces a draft using the matter context it already holds: the parties, the correspondence history, the relevant facts. The draft is a starting point. You review it, edit it, and sign it. The professional judgment is yours.

Correspondence summarisation. Feed the AI the correspondence from the last three months on a matter. It produces a summary: the positions each party has taken, the commitments made, the admissions given, the issues in dispute. This takes seconds rather than the hour it would take to read through manually.

Matter briefing. Before a court appearance, ask the AI to brief the matter. It produces a concise summary of the key facts, the procedural history, the current issues, and the relevant documents — drawing on everything in the matter file. A comprehensive brief in minutes rather than half a morning of preparation.

Email reply drafting. From your inbox, ask the AI to draft a reply to a correspondent. It reads the incoming email, your prior correspondence on the matter, and your matter notes. It produces a draft reply in your voice, with the relevant facts and your client's position reflected.

Correspondent intelligence. Ask the AI what it knows about a particular solicitor or firm from your history with them. It draws on every matter, every email, and every event involving that correspondent — their negotiating patterns, their tendencies in correspondence, their positions on recurring issues. This intelligence comes from your own files and is specific to your practice's experience with them.

Why Lawyers Need It — And Why Public AI Is Not the Answer

Public AI services — the major chatbots and AI platforms available on the open internet — process every query on servers operated by technology companies, primarily in the United States. What you type into those services is transmitted to and processed by a third party.

This is not a theoretical risk. It is a practical one that arises every time a lawyer types a client's name, a matter description, or a litigation strategy into a public AI service. The convenient response — "no one at the AI company will actually read it" — is not a legal analysis and is not a defence to a conduct complaint.

Private AI removes this risk entirely. Because the AI runs on your own infrastructure, there is no third party. The information does not leave your servers. The confidentiality obligation is met by architecture, not by policy or hope.

How It Enhances Legal Practice

Speed of drafting increases substantially. The time from instruction to first draft drops. Routine correspondence — acknowledgments, directions, confirmations, status updates — that previously took twenty minutes to draft takes three. The AI does not replace the lawyer's judgment. It handles the structural work so the lawyer focuses on the substance.

Matter preparation is faster and more thorough. The ability to brief a matter in minutes from a complete and accurate summary of the file means preparation is less likely to be abbreviated for time. A solicitor who has two minutes before a callover can still get a complete brief. A solicitor preparing for a hearing has a starting point that reflects the full file, not just what they remember.

Correspondent intelligence is proprietary. The AI's knowledge of how a particular firm conducts litigation — their tactics, their communication style, their negotiating positions — is built entirely from your own history. No commercial database provides this. It reflects your actual experience, not averaged data from an external source.

The risk is zero. No client information leaves the infrastructure. No matter detail is disclosed to any third party. The obligation is met architecturally. This means you can use AI assistance on every matter, for every task, without a confidentiality analysis before each use.

What It Is

Enterprise security monitoring is a continuous, automated system that watches every service, every access event, and every network connection in your infrastructure. It detects threats, logs anomalies, and maintains a complete, tamper-evident record of every significant event — available on demand for compliance audits, disciplinary inquiries, and legal proceedings.

The monitoring runs continuously — overnight, on weekends, during court hours. It does not depend on a human watching a screen. It detects and alerts without human intervention.

What It Does

Real-time threat detection. Over one hundred thousand detection rules run across all services simultaneously. When the system identifies a pattern that indicates an attack — a sequence of failed login attempts, an unexpected outbound connection, access to a file type or location that does not match normal behaviour — it generates an alert immediately.

Access logging. Every login attempt — successful and failed — is logged with timestamp, source, and outcome. Every file access is recorded. Every document that is viewed, downloaded, modified, or exported generates an entry in the audit log. This log is tamper-evident: no user, including an administrator, can modify it.

Network monitoring. Every connection to and from the infrastructure is inspected. The network security layer enforces that only authorised services communicate with each other. Connections from unexpected sources are blocked and logged. Traffic patterns that indicate data exfiltration are detected and alerted.

Certificate management. All encrypted connections use current certificates. Certificates are renewed automatically before expiry. No service operates with an expired or weak certificate.

Backup integrity. Automated backups run continuously. Each backup is verified for integrity — not just that it completed, but that the data it contains is recoverable. Backup integrity checks run automatically and generate alerts on failure.

Why Lawyers Need It

Legal practices are targeted. Law firms hold high-value information: client identity, matter strategy, financial data, correspondence with courts and regulators. This information has significant value to criminal actors — for blackmail, financial fraud, identity theft, and competitive intelligence. The perception that law firms are softer targets than banks or government agencies has made them increasingly attractive to sophisticated attackers.

The evidentiary chain of custody. Legal proceedings increasingly turn on digital evidence. When a party challenges the integrity of a document — alleging it was modified after the fact, backdated, or fabricated — the response requires a complete chain of custody for that document. The audit log provides this: it shows when the document was created, who accessed it, and whether it was ever modified. Without this log, integrity is a matter of assertion. With it, integrity is provable.

Professional obligations. The Legal Profession Act 2007 requires practices to maintain proper records and protect client information. The obligation is not satisfied by intention — it requires actual technical measures. Security monitoring is one of those measures. It demonstrates that the practice has implemented and maintains appropriate controls, and it provides the documentary evidence to prove it.

Breach notification. The Privacy Act 1988 requires notification of eligible data breaches to both the Office of the Australian Information Commissioner and the individuals affected. An "eligible data breach" requires that the breach is likely to result in serious harm to any of the individuals to whom the information relates. Detecting a breach quickly — and having the audit log to understand exactly what was accessed — limits the scope of the breach and the scope of the notification obligation.

How It Enhances Legal Practice

The audit log is a professional asset. In a costs dispute, a disciplinary proceeding, or a client complaint about file management, the ability to produce a complete, tamper-evident record of every access to a client file is a powerful defence. "Here is a complete log of every person who accessed this file, every document that was viewed, and every change that was made" is a substantially stronger position than "we believe our file management procedures were followed."

Breach response is faster and more contained. When the monitoring system detects an anomaly, the response begins immediately. The audit log identifies exactly which data was accessed and by whom. The scope of any breach notification is precisely understood rather than estimated. Remediation is targeted rather than blanket.

The practice runs securely at all hours. Clients send email at midnight. Opposing solicitors serve documents on Friday evenings. The infrastructure operates continuously, and so does the monitoring. If something anomalous happens outside business hours, you are alerted. You do not find out when a client calls.

What It Is

Sovereign infrastructure means physical dedicated servers in Australia, running exclusively for your practice. Nothing is shared with any other tenant. The hardware exists solely to serve your practice.

Eight service environments run on a single dedicated host. Each environment is isolated — a compromise of one cannot spread to another. Each performs a single function: email, file storage, AI processing, security monitoring, the Vault, web services, and long-term archiving. Each can be independently maintained, backed up, and restored without touching the others.

What It Does

Isolation by design. Each service runs in its own environment. If a problem occurs in one — a vulnerability, a misconfiguration, an attempted breach — it cannot reach the others. A web server compromise cannot access the Vault. An email server problem cannot affect file storage. The architecture enforces this separation technically, not just by policy.

Continuous encrypted backup. Every service is backed up continuously, with integrity verification. Any service can be restored to a specific point in time. A catastrophic failure does not mean data loss — it means downtime measured in minutes while the service is restored from a verified backup.

Australian jurisdiction. The servers are physical hardware in Australia. They are subject to Australian law. There is no data processing agreement with an overseas entity, no foreign terms of service, and no situation in which a foreign court, government agency, or regulatory body has a basis to compel access to your data.

Full portability, always. You can request a complete export of your data at any time — all matters, documents, correspondence, and files in standard formats. There is no lock-in. There is no situation in which your data is inaccessible to you.

Why Lawyers Need It

The dominant alternative to dedicated infrastructure is cloud hosting — services running on hardware operated by large technology companies, typically in the United States. Cloud hosting creates three categories of risk for legal practices that are not adequately managed by commercial cloud providers' standard terms.

Foreign law. Under the Clarifying Lawful Overseas Use of Data Act (CLOUD Act), enacted by the United States Congress in 2018, US law enforcement agencies can compel US technology companies to produce data stored anywhere in the world — including on servers physically located in Australia — without notifying the data subject. This applies to any US company, regardless of where it says its data is stored.

This means that a client file stored on a US cloud provider's Australian data centre is legally accessible to US law enforcement on a subpoena or court order served on the US company, without any requirement to notify you or your client. The physical location of the data is irrelevant. The legal exposure arises from the nationality of the company holding the data.

Provider terms of service. Commercial cloud providers' terms of service reserve rights to access, process, and use the data you store on their platforms — for purposes including service improvement, security, and legal compliance. These rights exist regardless of your retainer agreement. In some cases they conflict directly with your confidentiality obligations. The terms are non-negotiable for standard commercial accounts.

Provider continuity. Cloud providers change their pricing, modify their terms, discontinue products, exit markets, or become insolvent. When this happens, the migration window is typically short, the export process is complex, and data may be inaccessible for an extended period. For a legal practice, inaccessibility of client files — for any reason, for any duration — is a professional conduct issue under the Legal Profession Act 2007.

How It Enhances Legal Practice

Complete sovereignty. Your client files are on hardware you control. They are subject to Australian law, your retainer, and your professional obligations — and nothing else. There is no foreign law exposure. There are no provider terms sitting over your client data. There is no third-party right of access.

Your files are always yours. You can export all your data at any time. In the event of any dispute about fees or services, your access to download and take your files is unconditional. We hold no lien, no claim, and no interest over your practice data under any circumstances. This is not a policy position that can be changed by a contract amendment. It is an architectural fact: your data is on your hardware.

A clear answer to client questions. Clients increasingly ask where their data is held and who can access it. "Our infrastructure is dedicated hardware in Australia under our direct control, subject only to Australian law" is a substantially better answer than "a cloud service provider in the United States, subject to their terms of service and US law." For clients with sensitive matters — criminal defence, family law, commercial litigation — this distinction matters.

Regulatory compliance is straightforward. The Australian Privacy Principles, the Legal Profession Act 2007, and the practice's own file management obligations are all satisfied by an infrastructure arrangement that keeps data in Australia on controlled hardware with a full audit log. There are no overseas disclosure obligations to manage. There are no foreign law compliance questions to navigate. The compliance position is clear.