The Upper Tribunal confirmed it. Every US-parented AI tool — ChatGPT, Copilot, Gemini, Claude — is subject to the CLOUD Act. A US court can compel them to produce your client data. That is a privilege waiver your firm cannot undo.
Request Governance Evaluation →"Uploading confidential documents into an open-source AI tool, such as ChatGPT, is to place that information into the public domain, resulting in a breach of client confidentiality and a waiver of legal professional privilege."
This is not guidance. It is a binding determination. Privilege, once waived, cannot be restored.
of UK fee earners use unapproved AI for client work
of paralegals admit to using ChatGPT on client matters
of firm leaders believe they face "zero risk"
Source: Censuswide survey of 200 UK fee earners and 100 legal leaders, commissioned by Access Legal (May 2026).
Microsoft Copilot, ChatGPT Enterprise, and Google Gemini are marketed as secure. They are all US-incorporated entities subject to the CLOUD Act. A contractual promise of UK data residency cannot override a US federal court order.
Every request processed on UK-owned hardware. Zero retention. Full audit trail for SRA compliance.
Summarise lengthy contracts, identify key clauses, flag unusual terms. Privileged analysis stays privileged.
Draft correspondence, research memos, and skeleton arguments from instructions. Ready for partner review.
Generate letters, emails, and advice notes from brief context. Professional, accurate, privilege-protected.
Compare contract versions, identify amendments, track changes between drafts without uploading to cloud services.
Condense lengthy case bundles into structured summaries. Chronologies, key issues, party positions.
Every request logged with timestamp and metadata. Exportable records for regulatory compliance and client billing transparency.
Every feature designed with the SRA Code of Conduct in mind.
No US jurisdiction. No sub-processors. No mechanism for foreign court orders.
Prompts processed and immediately discarded. Never stored, never used for training.
Every request logged. Exportable for SRA, client queries, and billing transparency.
UK company, UK hardware. Only UK law applies to your client data.
Data controller registered. DPA and DPIA available for your compliance team.
4-week governance evaluation. Your DPO tests our claims. We hide nothing.
Not a free trial. A governance evaluation. Your DPO independently verifies our sovereignty claims.
We share our full data flow diagram. Your DPO reviews jurisdiction and sub-processors. No NDAs needed — we have nothing to hide.
Your fee earners use Hush AI on real work. Your compliance team monitors. We provide full audit logs throughout.
Test our zero-retention claim: send data, then ask us to produce it. We cannot. Export the full audit trail for your records.
Your compliance team is satisfied — or they are not. No lock-in. No penalty. The evidence speaks.
Not by contract. Not by policy. By the physical absence of any mechanism for foreign data access.
Request Governance Evaluation →Or email [email protected] directly.