A zero-retention contract is a promise about what a vendor did after your data arrived. An attestation proves the data never left the approved boundary in the first place. For a firm answering an outside-counsel guideline or a client audit, that is the difference between a representation and evidence.
Why is zero data retention not enough?
Zero-retention contracts are a promise about what a vendor did with your data after it arrived. They presume the data reached the model, and they ask everyone to trust that the term was honored. An attestation inverts that: it proves privileged material never left the approved boundary in retrievable form. One is a representation; the other is evidence you can produce when a client, regulator, or opposing party asks.
What does the attestation bind?
- An interaction digest — a cryptographic fingerprint of the specific AI interaction.
- The approved tool identifier — which vetted system handled the work.
- The governing policy in force at the time of the interaction.
- The client’s informed consent — the step ABA Formal Opinion 512 requires before client information enters a self-learning generative AI tool.
What it proves — and what it does not
The attestation proves architecture and consent: that isolation functioned as designed and consent was captured, signed with post-quantum cryptography and sealed to a tamper-evident log anyone can verify. It does not — and cannot — guarantee a court will find privilege preserved or unwaived. Privilege is a legal conclusion; the attestation is the strongest evidence that reasonable, verifiable steps were taken. ABA Opinion 512 addresses the ethical confidentiality duty under Model Rule 1.6, which is distinct from evidentiary privilege — we keep that distinction explicit.