← Back to Home
    LegalTek TrustMark - Safe, Compliant AI
    Verified Technology Standard

    The LegalTek Trust Mark™

    Verified Technology for a Trusted Legal Future

    The LegalTek Trust Mark™ is the foundation of trust within LegalTek's ecosystem — a signal that a technology, firm, or workflow has met the highest standards for data integrity, ethical governance, and verified human oversight.

    It tells clients, partners, and regulators one simple thing: LegalTek technology is tested, transparent, and accountable.

    What the Trust Mark Means Inside LegalTek

    Inside the LegalTek SaaS platform, the Trust Mark is not decorative. It's a live compliance engine and ranking signal embedded across every application, integration, and AI-powered workflow.

    Each LegalTek-certified system carries a tiered verification badge:

    LegalTek Verified™

    Baseline data security and provenance assurance.

    LegalTek Verified+™

    Human-in-the-loop verification and continuous audit compliance.

    LegalTek Assured™

    Independently audited systems meeting the highest NIST and GDPR standards.

    Every tier is earned, not claimed. The Trust Mark dynamically updates as audits, controls, and human-verification reviews are completed. It provides a real-time measure of compliance maturity.

    What the Trust Mark Means Outside LegalTek

    Externally, the Trust Mark serves as a recognition and ranking system for the broader LegalTek community — law firms, AI vendors, and data partners using LegalTek tools or participating in the LegalTek Marketplace.

    When displayed on websites, reports, or SaaS integrations, the Trust Mark signals:

    Verified adherence to COUNSEL and G3M frameworks.
    Transparent data-handling and retention practices.
    Conformance with NIST AI Risk Management, GDPR, and ISO 42001 standards.
    Auditable, human-reviewed AI decision workflows.

    These badges are clickable and verifiable via verify.legaltek.ai, where clients and regulators can view certification details, audit dates, and verification status in real time.

    The Framework Behind the Trust Mark

    Every system evaluated for the LegalTek Trust Mark™ is assessed through two proprietary governance frameworks:

    COUNSEL Framework

    Confidentiality · Oversight · Understanding · Notice · Scrutiny · Equity · Learning

    COUNSEL ensures that every LegalTek process protects user privacy, provides clear notice of data use, undergoes human oversight, and promotes ongoing ethical improvement.

    Explore the COUNSEL Framework

    G3M Framework

    Govern · Map · Measure · Manage

    G3M operationalizes governance — mapping data flows, measuring compliance, and managing ongoing risk across vendors and integrations.

    Explore the G3M Framework

    Together, they form the operational backbone of LegalTek's trust and compliance architecture.

    Criteria Checked and How It's Verified

    1.

    Data Provenance and Lineage

    Every document, record, and AI output is cryptographically time-stamped and tracked through immutable logs. This chain of custody is reviewed quarterly to ensure that:

    • Data origin and source identity are verifiable.
    • Transformations (e.g., model input/output) are reproducible.
    • No unverified data sources are introduced into LegalTek systems.
    2.

    Human Verification Protocols

    Before any client-facing AI result is released, licensed human reviewers validate outputs for:

    • Legal sufficiency and contextual accuracy.
    • Absence of bias, hallucination, or misrepresentation.
    • Proper application of jurisdictional law and firm policy.

    These reviews are sampled, logged, and used to train LegalTek's verification heuristics, which continuously improve oversight efficiency.

    3.

    Audit and Logging Systems

    All Trust-Marked entities maintain tamper-evident audit logs following NIST SP 800-92 and ISO 27035 incident reporting protocols. Logs record:

    • Who accessed or modified data.
    • When actions occurred.
    • What system rules or models were active at the time.

    Audits are performed by LegalTek's internal compliance team and, at the Assured tier, verified by independent third-party assessors.

    4.

    Cybersecurity and Infrastructure Controls

    LegalTek requires:

    • End-to-end encryption (TLS 1.3+)
    • Multi-factor authentication (MFA)
    • Role-based access control
    • Penetration testing under NIST 800-115 standards
    • Annual SOC 2 Type II review for critical systems

    Failures or anomalies automatically suspend the Trust Mark until remediation is confirmed.

    5.

    Vendor and Model Governance

    Vendors and AI model providers integrated into LegalTek must sign Data Processing and Retention Agreements specifying:

    • Model training boundaries (no unconsented client data).
    • Retention and deletion timelines.
    • Data residency jurisdiction (U.S. or GDPR-aligned regions).
    • Certification of subcontractors under equivalent standards.
    6.

    Data Retention and Destruction Policies

    LegalTek's data lifecycle policies follow NIST SP 800-88 and GDPR Article 5(1)(e):

    • Retention: typically seven years for evidentiary compliance.
    • Deletion: irreversible cryptographic wiping after expiration.
    • Exceptions: retained only under legal hold or regulatory mandate.

    How the Trust Mark Is Earned

    1

    Application and Disclosure

    The product or firm submits all relevant documentation on governance, privacy, and infrastructure.

    2

    COUNSEL Review

    LegalTek's internal team evaluates privacy, oversight, and fairness alignment.

    3

    G3M Assessment

    Technical auditors verify mapping, risk measurement, and process management.

    4

    Certification Audit

    Independent review validates controls and confirms compliance tier.

    5

    Issuance and Monitoring

    A digital Trust Mark is issued with a certification ID, blockchain timestamp, and public verification record.

    6

    Ongoing Monitoring

    Any security incident, data-handling breach, or major product update triggers re-evaluation.

    How the Trust Mark Affects Rankings

    Within the LegalTek SaaS platform, the Trust Mark directly affects ranking visibility and user preference scoring:

    Higher-tiered systems are prioritized in search results.
    Verified+ and Assured vendors receive enhanced visibility in marketplace filters.
    Compliance maturity influences partnership eligibility and premium integrations.

    Externally, LegalTek provides public APIs that allow external firms, regulators, or clients to check a vendor's verification status. This ensures that the Trust Mark's credibility extends beyond the LegalTek ecosystem into the wider AI and legal technology industry.

    Connector Readiness: The Next Layer of AI Trust

    A legal AI system is only as safe as the products, connectors, permissions, terms, data pathways, and human-review gates around it.

    The LegalTek Trust Mark™ evaluates more than the model. It evaluates the operating environment around the model. In modern legal AI systems, that environment increasingly includes connectors: approved pathways between an AI assistant and a firm's email, calendar, document repositories, research tools, e-signature systems, meeting transcripts, project platforms, financial systems, and workflow automations.

    For lawyers, connector readiness is not a convenience issue. It is a professional responsibility issue. A poorly governed connector can expose client information, blur privilege boundaries, create unauthorized workflows, preserve the wrong records, or allow an AI system to act without adequate human review.

    LegalTek treats connectors as part of the Trust Mark analysis because connected AI is where theoretical risk becomes operational risk.

    Connector governance also requires layered terms review. A product should not be evaluated only by its features. It should be evaluated by its standalone product terms, its AI-platform connector pathway, the permissions it grants, the records it creates, the retention rules it follows, the subprocessors it uses, and the human-review controls available to the firm.

    Three Separate Review Layers

    A product may pass one layer and fail another. LegalTek evaluates each layer independently before recommending legal AI use.

    Layer 1

    Standalone Product Terms

    The vendor's own terms, privacy policy, DPA, MSA, AI terms, retention rules, subprocessor list, and customer-data commitments.

    Can the firm use this product for legal work at all?

    Layer 2

    Claude Connector Review

    The Claude connector pathway, Anthropic terms, MCP rules, workspace controls, permissions, tool access, and action authority.

    Can Claude safely access this product for the intended legal workflow?

    Layer 3

    ChatGPT Apps / Connectors / Actions Review

    The ChatGPT app or connector pathway, OpenAI terms, admin controls, actions, connected-app permissions, custom app rules, and audit controls.

    Can ChatGPT safely access this product for the intended legal workflow?

    Why Connectors Matter

    Access

    What systems can the AI reach? LegalTek evaluates whether access is limited by user role, matter, workspace, and business purpose.

    Data Flow

    What data can move into or out of the system? LegalTek reviews source systems, retention rules, training boundaries, and whether client-identifying information is protected.

    Action Authority

    Can the AI only retrieve information, or can it also draft, send, file, schedule, delete, label, update, or trigger automations? Higher-risk actions require stronger approval gates.

    Terms Control

    What terms govern each layer? LegalTek reviews standalone product terms, AI-platform terms, connector rules, data-processing commitments, subprocessors, security, retention, audit logs, confidentiality, and enterprise controls.

    Connector Readiness Crosswalk

    Connector governance fits directly within the LegalTek Trust Mark™ because every integration changes the firm's risk profile.

    Trust Mark DimensionConnector Readiness QuestionLegal Risk Controlled
    ConfidentialityDoes the connector expose client-identifying facts, privileged communications, or confidential work product?Confidentiality and privilege protection
    OversightCan a lawyer review and approve outputs before client-facing, court-facing, or system-changing use?Supervision, unauthorized practice, and filing risk
    UnderstandingDoes the firm understand what the connector can access, retrieve, store, and trigger?Technology competence and vendor due diligence
    NoticeShould the client be told that a connected AI system is being used in the matter?Client communication and informed consent
    ScrutinyAre connected outputs verified against source documents and primary authority?Hallucination, citation, and misstatement risk
    EquityAre automation savings billed ethically and transparently?Fee reasonableness and billing integrity
    LearningIs connector performance, risk, and vendor behavior periodically re-reviewed?Ongoing competence and policy maintenance
    Terms ReviewDo the governing terms permit the intended legal use case and protect client data?Vendor contracting, confidentiality, privilege, and data-use risk
    Action ControlCan the AI take external actions, or is it limited to retrieval and drafting?Unauthorized action, deletion, filing, communication, and workflow-trigger risk
    AuditabilityCan the firm prove what happened, who approved it, and what sources were used?Recordkeeping, supervision, dispute response, and defensibility

    Directory availability is not Trust Mark approval. A product's standalone terms, Claude connector availability, and ChatGPT app, connector, or action availability must be reviewed separately. LegalTek treats each layer as a distinct governance question involving vendor terms, AI platform terms, data handling, retention, permissions, auditability, action authority, and human oversight. Terms and legal links are provided for review only and may change without notice.

    Last reviewed: July 9, 2026. Product terms, connector availability, app availability, platform policies, and provider terms may change. LegalTek.ai is not affiliated with Anthropic, Claude, OpenAI, ChatGPT, or any listed connector provider.

    Standalone Product Terms Review

    This grouped list identifies the standalone vendor terms and legal references that should be reviewed before any product is approved for legal AI workflows. These links do not mean the vendor is approved. They are starting points for LegalTek's Trust Mark review.

    The public Trust Mark page explains LegalTek's review framework. Product-specific determinations, contract analysis, and final approval status should be documented in a private Trust Mark review report, not inferred from a public directory listing. Data Sensitivity and Review Status shown here are review-priority indicators, not legal conclusions.
    Data SensitivityReview StatusProduct Count

    Last reviewed: July 9, 2026. Product terms, platform policies, connector availability, app availability, scopes, permissions, and admin controls may change. LegalTek recommends periodic re-review before enabling or expanding connected AI workflows.

    Default Legal AI Connector Posture

    For legal workflows, LegalTek generally recommends starting with the least authority necessary. Default to read-only access where possible. Disable sending, signing, filing, deleting, paying, publishing, or triggering external automations unless the workflow has been expressly reviewed. Require human approval before client-facing, court-facing, financial, or system-changing action.

    Admin Controls Determine Whether a Connector Is Defensible

    Even acceptable product terms may not be enough. LegalTek also reviews whether the firm can control who enables the connector, what scopes are granted, which workspaces or folders are accessible, whether write actions can be disabled, whether activity is logged, and whether administrators can revoke access.

    Workspace-level enablement
    Role-based access
    OAuth scope control
    Matter, folder, channel, or project scoping
    Write-action disablement
    Audit logs
    Retention settings
    Admin consent
    User-level revocation
    Enterprise policy enforcement

    Custom Connectors Require Heightened Review

    Custom connectors, MCP servers, custom apps, and actions may connect AI systems to tools that are not part of a public directory or have not been independently verified by the AI platform. LegalTek treats custom connectors as higher-risk unless the firm can verify the endpoint, authentication model, data flow, logging, retention, vendor terms, and action authority.

    Terms Evidence LegalTek Collects Per Product

    The public page currently shows the primary Terms / Legal link. A full Trust Mark review record captures the following evidence, when available, and is maintained privately per product.

    Terms of Service / Customer Agreement
    Privacy Policy
    Data Processing Addendum
    Subprocessor List
    Security / Trust Center
    AI Terms or Data-Use Terms
    Retention / Deletion Policy
    Enterprise Agreement or MSA
    BAA Availability (if relevant)
    Audit / Logging Documentation

    Recommended Law Firm Starter Stack

    For most small and mid-size law firms, connector readiness does not mean connecting everything. It means connecting the right systems first, under the right terms, with the right permissions and review gates.

    LegalTek generally recommends starting with:

    • Microsoft 365 or Google Workspace
    • Docusign
    • One legal research system
    • One governed document repository
    • One meeting-intelligence workflow
    • One internal collaboration platform
    • One controlled automation platform

    The goal is not maximum connectivity. The goal is defensible connectivity.

    Before a Connector Can Be Trusted

    Have the standalone product terms been reviewed?
    Have the AI-platform terms been reviewed separately?
    Does the vendor contractually prohibit model training on client data where required?
    Is there an executed DPA, MSA, BAA, or equivalent agreement where required?
    Can access be limited by user, role, matter, workspace, folder, channel, or project?
    Are prompts, outputs, tool calls, and approvals logged?
    Can high-risk actions such as sending, filing, deleting, sharing, signing, or publishing be disabled?
    Are retention and deletion timelines documented?
    Are subprocessors disclosed and reviewed?
    Does the system preserve privilege-sensitive records appropriately?
    Is human review required before client-facing or court-facing output?
    Are outputs verified against source documents and primary authority?
    Is there a documented escalation path for ambiguous or unacceptable terms?
    Is the connector re-reviewed when vendor terms, platform terms, or product behavior changes?

    Is Your AI Stack Connector-Ready?

    LegalTek can evaluate your firm's AI tools, standalone product terms, Claude connector pathways, ChatGPT Apps / Connectors / Actions, vendor terms, permissions, and workflow controls against the LegalTek Trust Mark™ rubric. The result is a practical green/yellow/red roadmap for safer legal AI adoption.

    TRUST MARK SUPPLEMENT

    Agentic AI: From Chatbots to Autonomous Workflows

    Agentic AI systems do more than answer questions. They can plan, use tools, call APIs, retrieve records, remember context, trigger workflows, and sometimes act across connected systems.

    Traditional AI tools generate responses. Agentic AI systems pursue goals. They can decide what steps to take, what tools to use, what information to retrieve, and when to ask a human for approval. That shift creates enormous opportunity for law firms, but it also creates new duties around confidentiality, supervision, permissions, auditability, vendor terms, and human oversight.

    LegalTek evaluates agentic AI because a law firm\u2019s risk is no longer limited to what the model says. The risk includes what the agent can see, what it can remember, what it can change, what it can send, what it can trigger, and whether the lawyer remains in control.

    Agentic AI is the next shift in legal technology. Instead of simply responding to prompts, agentic systems can pursue goals, break work into steps, choose tools, retrieve information, call APIs, update systems, remember context, and coordinate with other agents. A chatbot may draft an answer. An agent may search a file system, check a calendar, summarize a transcript, draft an email, prepare a task list, update a CRM, trigger an automation, or ask another specialized agent to complete part of the work.

    LegalTek treats agentic AI as a Trust Mark issue because agentic systems move AI from “answer generation” into “workflow execution.”

    Connector readiness determines what an AI system can access. Agentic AI readiness determines what the system can do with that access.

    Three-Layer Governance Stack

    Layer 1 — Standalone Product Terms
    Layer 2 — Connector / Platform Review
    Layer 3 — Agentic Workflow Review
    LegalTek Trust Mark Controls
    PermissionsTerms reviewData handlingRetentionMemory controlsAudit logsHuman approvalAction gatesRe-review

    Connectors are the access layer. Agents are the action layer. The Trust Mark is the governance layer.

    What Makes AI Agentic?

    1. Goal

    An agent is given an objective, not just a one-time question. Example: “Prepare a client intake summary and flag missing information.”

    2. Planning

    The agent breaks the objective into steps: review intake form, search emails, check calendar, identify documents, draft follow-up questions.

    3. Tool Use

    The agent calls tools, apps, APIs, databases, calendars, document systems, or web services to complete each step.

    4. Memory and State

    The agent may retain context across steps, sessions, matters, users, or systems — including drafting style, project history, and prior results.

    5. Action

    The agent may create, update, send, file, publish, delete, trigger, or route work — draft an email, schedule a meeting, or prepare a filing packet.

    The governance risk increases as the agent moves from \u201Cread\u201D to \u201Cwrite,\u201D from \u201Cdraft\u201D to \u201Csend,\u201D and from \u201Csuggest\u201D to \u201Cact.\u201D

    Agentic AI Maturity Ladder

    LevelNameDescriptionLegalTek Governance Posture
    Level 0ChatbotResponds to prompts but does not use tools or act externally.Standard AI output review required.
    Level 1Tool-Assisted AssistantUses approved tools to retrieve or analyze information.Verify sources, scopes, and access permissions.
    Level 2Workflow AgentExecutes multi-step workflows across one or more systems.Require logs, role controls, and workflow review.
    Level 3Multi-Agent SystemCoordinates specialized agents for research, drafting, review, or operations.Require orchestration controls and human checkpoints.
    Level 4Action AgentCan write, send, update, delete, publish, sign, pay, or trigger external actions.Require explicit approval gates and action restrictions.
    Level 5Autonomous Operating AgentRuns persistently, monitors triggers, and acts over time with limited prompting.High-risk; enterprise controls and documented governance required.

    LegalTek generally recommends that law firms begin with Level 1 or Level 2 agentic workflows and avoid Level 4 or Level 5 authority unless the use case has been formally reviewed.

    Agentic AI Landscape: Examples LegalTek Tracks

    The agentic AI market includes personal agents, self-hosted agents, multi-agent frameworks, workflow-orchestration platforms, enterprise governance platforms, and business-app agent systems. LegalTek tracks these categories to help firms distinguish useful automation from uncontrolled autonomy.

    These examples are not approvals. They are market examples for governance review. Inclusion does not mean LegalTek approval, Trust Mark approval, legal suitability, security approval, or client-data approval. Agent capabilities, product terms, platform terms, privacy commitments, security controls, and availability may change. LegalTek evaluates agentic systems case by case.

    Common Agentic Design Patterns

    Single-Agent Workflow

    One agent receives a goal, uses tools, and completes a task.

    Best for: Low-risk research, summarization, document extraction, or intake triage.

    Risk: The agent may overstep if tools are too broad.

    Multi-Agent Crew

    Multiple specialized agents collaborate. One may research, another drafts, another reviews, another verifies.

    Best for: Complex research, drafting, review, and operations workflows.

    Risk: Errors can compound if agents trust each other without source verification.

    Human-in-the-Loop Agent

    The agent pauses before high-risk actions and waits for lawyer approval.

    Best for: Client communication, court-facing work, filing, contract approval, payment, or publication.

    Risk: The approval step must be real, logged, and easy to understand.

    Event-Triggered Agent

    The agent runs when something happens — a new email, form submission, calendar event, signed agreement, or CRM update.

    Best for: Intake, follow-ups, task routing, CRM updates, and status tracking.

    Risk: Bad triggers can create unauthorized or repetitive actions.

    Persistent Agent

    The agent runs over time, monitors systems, remembers context, and may act across sessions.

    Best for: Operations monitoring, research watchlists, matter-status support, and executive assistants.

    Risk: Memory, retention, credential use, and ongoing autonomy require heightened governance.

    Self-Improving Agent

    The agent updates skills, prompts, tool descriptions, or workflows based on experience.

    Best for: Experimental internal tools and advanced technical teams.

    Risk: Behavior drift, unapproved changes, regression failures, and auditability problems.

    Agentic AI Risk Matrix

    Data Access

    Agents may retrieve confidential, privileged, or client-identifying data.

    Ask: What data sources can the agent access, and are they scoped by role, matter, or workspace?

    Tool Permissions

    Agents may call tools that read, write, send, delete, publish, sign, pay, or trigger workflows.

    Ask: What tools can the agent use, and which actions require human approval?

    Memory

    Agents may retain context across sessions or users.

    Ask: What does the agent remember, where is it stored, and how can it be deleted?

    Planning

    Agents may choose their own path to complete a goal.

    Ask: Are plans constrained by policy, playbooks, or approved workflows?

    Multi-Agent Delegation

    Agents may rely on other agents’ work.

    Ask: Are intermediate steps and sources visible to the lawyer?

    External Actions

    Agents may affect real systems.

    Ask: Can the agent send, file, share, publish, delete, sign, pay, or trigger automations?

    Auditability

    The firm may need to prove what happened.

    Ask: Are prompts, tool calls, sources, outputs, approvals, and timestamps logged?

    Vendor Terms

    Product and platform terms may govern data use differently.

    Ask: Have standalone product terms and AI-platform terms been reviewed separately?

    Human Oversight

    Lawyers remain responsible for legal work.

    Ask: Where is human review mandatory, and is it documented?

    Unauthorized Practice

    Agents may appear to provide legal advice.

    Ask: Are disclaimers, supervision, and client-facing boundaries in place?

    Billing Ethics

    Automation may change time, value, and billing practices.

    Ask: Are fees reasonable, transparent, and consistent with professional duties?

    Incident Response

    Agents can make mistakes across multiple systems quickly.

    Ask: Can the agent be stopped, audited, rolled back, and contained?

    Agent Action Authority Scale

    The more authority an agent has, the stronger the governance requirement.

    Read

    Search, retrieve, summarize, classify

    Default: Generally lowest risk, but still requires access controls.

    Draft

    Prepare proposed text, tasks, emails, memos, forms

    Default: Human review required before use.

    Write

    Create or update internal records

    Default: Restrict to approved workflows with logs.

    Send / Share

    Send emails, share files, message users, publish updates

    Default: Human approval required.

    Delete / Modify

    Delete files, overwrite records, change settings

    Default: Disable unless specifically reviewed.

    Sign / Pay / File

    Execute signatures, payments, filings, or legal submissions

    Default: Critical risk; require formal approval gates and documented review.

    Trigger Automation

    Launch cross-system workflows

    Default: High to critical risk depending on workflow; require scoped triggers and audit logs.

    Human-in-the-Loop Workflow

    Client / Matter Data
    AI Agent
    Draft / Recommendation
    Lawyer Review
    Approved Action
    Audit Log

    Approved governance path

    AI Agent
    — — ▶
    Direct External Action

    No direct client-facing, court-facing, financial, filing, publishing, signing, deleting, or system-changing action without approval.

    Agentic AI Risk Heat Map

    The highest-risk workflows combine sensitive legal data with external action authority.

    Data Sensitivity ↓ / Authority →Read-onlyDraftExternal Action
    Privileged / Financial / LitigationMediumHighCritical
    ConfidentialMediumHighHigh
    InternalLowMediumHigh
    PublicLowLowMedium
    Low Medium High Critical

    Default LegalTek Agentic AI Posture

    For legal workflows, LegalTek generally recommends starting with the least authority necessary. Begin with read-only or draft-only access. Disable sending, signing, filing, deleting, paying, publishing, or triggering external automations unless the workflow has been expressly reviewed. Require human approval before client-facing, court-facing, financial, or system-changing action.

    The goal is not maximum autonomy. The goal is supervised, auditable, defensible autonomy.

    Before an Agentic AI System Can Be Trusted

    Every agentic workflow reviewed under the LegalTek Trust Mark™ must clear the questions below. Human-approval gates and auditability items are non-negotiable for any authority beyond read or draft.

    Scope & Purpose

    Governance

    Define what the agent is for before granting any authority.

    • What is the agent’s narrowly-defined purpose?
    • What legal workflows is it approved for — and explicitly not approved for?
    • What systems, matters, folders, channels, projects, or workspaces can it access?
    • What data can it retrieve, and what data is off-limits (privileged, sealed, PII, PHI, client-confidential)?
    • What tools, APIs, and connectors is it allowed to call?

    Memory & Learning

    Governance

    Constrain what the agent remembers, learns, or changes about itself.

    • Does it have persistent memory, and is that memory scoped per user, matter, or client?
    • Can memory be inspected, edited, exported, and purged on request?
    • Can it learn from prior sessions, fine-tune, or modify its own skills or prompts?
    • Are self-modifications gated by human review before they take effect?

    Human-Approval Gates

    Human-Approval Gate

    No client-facing, court-facing, financial, or system-changing action without a human decision.

    • Is human approval required before sending any external communication (email, message, portal post)?
    • Is human approval required before signing, filing, or serving any document?
    • Is human approval required before payment, transfer, refund, or any financial action?
    • Is human approval required before publishing, posting, or sharing externally?
    • Is human approval required before deleting, overwriting, or modifying records of legal significance?
    • Is human approval required before triggering downstream automations, workflows, or other agents?
    • Is client consent or notice captured for the workflow, model, and data flows involved?
    • Is the reviewer clearly identified (name, role, timestamp) at each gate?
    • Is there a documented “no-approval, no-action” default for anything above read or draft?

    Auditability & Evidence

    Auditability

    Every action must be reconstructable after the fact.

    • Are prompts, system instructions, retrieved sources, tool calls, and outputs logged with timestamps?
    • Are approvals, denials, edits, and overrides logged with the human reviewer’s identity?
    • Are model, version, temperature, and configuration recorded for each run?
    • Are logs tamper-evident, access-controlled, and retained per firm and client obligations?
    • Can a full action trail be exported for a given matter, client, user, or date range?
    • Are outputs verified against source documents and primary authority before use?
    • Are hallucinations, refusals, and safety interventions tracked as first-class events?

    Containment & Response

    Governance

    Assume something will go wrong — be able to stop, contain, and recover.

    • Can the agent be disabled globally, per user, per matter, or per tool within minutes?
    • Is there a documented rollback plan for actions the agent has already taken?
    • Is there an incident-response runbook covering wrong-recipient sends, wrong-account posts, unauthorized filings, and data exposure?
    • Are clients, opposing counsel, courts, and regulators notified when required?
    • Is the workflow re-reviewed whenever terms, tools, models, permissions, or subprocessors change?

    Terms, Data & Governance

    Governance

    The paperwork must match the action authority.

    • Are standalone product terms reviewed against LegalTek Trust Mark™ criteria?
    • Are AI-platform terms reviewed separately from product terms?
    • Are data processing, retention, deletion, and subprocessor terms reviewed and mapped to the workflow?
    • Is training-on-customer-data disabled or contractually restricted where required?
    • Is the agent’s authority scale (Read / Draft / Send / Sign / Pay / File / Trigger) documented and reviewed?

    Default rule: if a checklist item cannot be answered with evidence, the agent stays at read or draft authority. No sending, signing, filing, paying, publishing, deleting, or triggering downstream automations until every human-approval gate and auditability item is verifiably in place.

    The public Trust Mark page explains LegalTek\u2019s agentic AI review framework. Product-specific determinations, contract analysis, security findings, workflow diagrams, and final approval status should be documented in a private Trust Mark review report, not inferred from a public market list.

    Last reviewed: July 9, 2026. Agentic AI products, platform capabilities, vendor terms, connector availability, admin controls, and security practices may change.

    Is Your Firm Ready for Agentic AI?

    LegalTek can evaluate your firm\u2019s AI agents, automation workflows, connected systems, vendor terms, permissions, memory, audit logs, and human-review controls against the LegalTek Trust Mark\u2122 rubric.

    Vendor Terms Evaluation

    LegalTek evaluates third-party AI tools against the COUNSEL Framework before recommending them for legal workflows. Below is our assessment of two productivity vendors commonly considered by attorneys.

    Analysis based on publicly posted Terms of Service and Privacy documentation. This is not legal advice; firms must conduct independent due diligence before deploying any vendor with client data.

    Automated re-evaluation cadence: every 30 days|Granola: v1.0 · updated —|Wispr Flow: v1.0 · updated —

    Granola

    AI meeting notetaker · Evaluation v1.0 · Last updated —

    View Terms

    Strengths

    • • Layered Terms structure (Platform, Application, User) separates enterprise from consumer obligations.
    • • API documentation is public and permits programmatic access with issued keys.
    • • Distinguishes personal use from organization-bound acceptance for authorized signatories.

    Concerns for Legal Use

    • • Meeting audio and AI summaries constitute attorney-client communications when used on privileged calls — retention and access disclosures must be scrutinized before enabling on client matters.
    • • Terms do not publicly commit to no-training on customer meeting content at the free/personal tier; enterprise DPAs must be negotiated separately.
    • • Consent-to-record obligations shift entirely to the user; Ohio and most one-party-consent states are covered, but all-party-consent jurisdictions (CA, FL, IL, PA, WA) require affirmative disclosure.

    COUNSEL Crosswalk

    Confidentiality — Requires enterprise DPA
    Oversight — User-mediated
    Understanding — Terms are readable
    Notice — Third-party consent not automated
    Scrutiny — Limited third-party audit disclosure
    Equity — Not addressed in ToS
    Learning — Model training policy not publicly explicit for personal tier

    LegalTek Assessment: Acceptable for internal, non-privileged meetings. Not currently eligible for the LegalTek Trust Mark™ for use on client-privileged calls without a negotiated enterprise agreement, BAA (where PHI is possible), and documented all-party consent workflows.

    Wispr Flow

    Voice-to-text dictation · Evaluation v1.0 · Last updated —

    View Terms

    Strengths

    • • Explicit user ownership of Inputs and assignment of Outputs back to the user (§2.B).
    • • Third-party LLM providers (OpenAI, Anthropic) contractually barred from training on user data; 30-day deletion (§6).
    • • User-controllable model-training toggle via published Data Controls Policy.
    • • Privacy Mode: no dictation stored on Wispr servers.
    • • SOC 2 Type II, ISO 27001, and HIPAA certified per public privacy disclosures.
    • • Prohibits AI Features for automated legally-significant decisions without adequate human review (§3.B) — aligned with COUNSEL Oversight.
    • • Prohibits recording third parties without consent (§3.A).

    Concerns for Legal Use

    • • Standard "AS IS" warranty disclaimer on Output accuracy (§12) — attorneys remain solely responsible for verifying dictated content before filing.
    • • Broad license to "reproduce, modify, distribute, transmit, export, display, store" Customer Content for service operation (§2.B). Confirm scope in enterprise agreement for privileged dictation.
    • • Third-Party Outputs clause disclaims uniqueness — dictation refined by generative AI may resemble other users' Outputs (§2.D).
    • • Limitation of liability excludes consequential damages (§13) — standard SaaS but relevant for malpractice-exposure analysis.

    COUNSEL Crosswalk

    Confidentiality — Privacy Mode + HIPAA + 30-day vendor deletion
    Oversight — Explicit human-review requirement (§3.B)
    Understanding — Clear, sectioned ToS
    Notice — Data Controls Policy published; recording consent required
    Scrutiny — SOC 2 Type II, ISO 27001, HIPAA
    Equity — Anti-discrimination clause in §3.B
    Learning — Opt-out training toggle, no third-party training

    LegalTek Assessment: Materially stronger data-governance posture than most productivity vendors. Provisionally aligned with LegalTek Verified™ baseline for attorney dictation workflows when Privacy Mode is enabled and model-training is disabled at the account level. Firms should still execute a BAA before dictating any PHI and confirm data-residency requirements for regulated matters.

    Side-by-Side Summary

    CriterionGranolaWispr Flow
    User owns OutputNot explicit in public termsYes — assigned to user
    No training on customer dataEnterprise-tier onlyUser-toggle + third-party barred
    Public security certificationsNot publicly enumeratedSOC 2 Type II · ISO 27001 · HIPAA
    Local/on-device privacy modeCloud-processedPrivacy Mode available
    Human-review requirement for legal AI useNot addressedContractually required
    Preliminary Trust Mark eligibilityNot recommended for privileged workflows without enterprise DPAProvisionally LegalTek Verified™ with Privacy Mode

    The Promise of Verified Trust

    The LegalTek Trust Mark™ embodies the company's mission:

    "To build technology that empowers lawyers and protects clients — through governance, not guesswork."

    Every mark issued is a badge of discipline, transparency, and earned trust.

    Inside or outside LegalTek, it means one thing above all: verified integrity in the age of intelligent law.