Is ChatGPT safe for lawyers to use with client data?

The free and Plus tiers train on conversations by default unless you opt out in settings. The Teams and Enterprise tiers do not train on your data and offer zero-retention API options. Whether any tier is acceptable under Rule 1.6 depends on your specific use and your bar's guidance — consult your state's ethics counsel for a formal opinion.

Does Claude store attorney-client communications?

Anthropic's API and Claude for Work (Teams/Enterprise) both offer zero-retention options and no training on customer conversations by contract. Consumer Claude.ai retains conversations and trains on them unless you opt out. Legal-grade use should use the API or Claude for Work with the appropriate data-handling addendum in place.

What is a BAA and do AI tools offer one for law firms?

A Business Associate Agreement (BAA) is a HIPAA-specific contract between a covered entity and a service provider. It is not a substitute for a Rule 1.6 data-handling agreement. What matters for confidentiality obligations is the vendor's data processing addendum (DPA), their subprocessor list, their data-training opt-out, and their audit logging. Harvey, Westlaw AI, and Lexis+ AI provide enterprise DPAs; OpenAI and Anthropic provide them at the enterprise tier.

Can I use free AI tools for legal research if I don't include client names?

Anonymization reduces risk but does not eliminate it. Fact patterns, procedural postures, and contextual details can still be re-identifying. The safer standard is: if the output would give a third party useful insight into a client matter, it is client data for Rule 1.6 purposes. Free consumer tools should not be used for any portion of a client matter without understanding the platform's training and retention policy.

What should I do before adopting any AI tool at my firm?

Four steps: (1) Read the vendor's privacy policy and DPA for data-training opt-outs and retention windows. (2) Confirm whether the enterprise or API tier is required for no-training guarantees. (3) Check whether audit logs are available if you need to demonstrate compliance. (4) Document your decision in a written AI use policy so it is defensible to your bar. CyberFrad can walk you through this process — see our AI Security Audit.

Guide / June 2026

Best AI for Lawyers: A Security-First Comparison

Every AI comparison for lawyers focuses on features. This one focuses on what happens to your client data — the question that actually determines whether you can use a tool at all.

Note: This guide covers technical data-handling differences between AI products. It is not legal advice. Consult your state bar’s ethics counsel for jurisdiction-specific compliance guidance.

01 / Why the security question comes first

The feature debate is secondary

ABA Formal Opinion 512 (July 2024) confirmed that using generative AI in client work implicates your duty of competence, your duty of confidentiality under Rule 1.6, and your supervisory obligations. Before asking whether a tool drafts motions well, you need to know whether using it at all is defensible to your bar.

The key variable is data handling: does the vendor train on your conversations, how long do they retain them, what do their subprocessors do with them, and can you get audit logs showing what was accessed and when? None of that appears in the product's feature list.

This guide organizes tools into two categories — general assistants and legal-specific platforms — and gives you the security questions to ask before adopting any of them.

02 / General assistants

ChatGPT, Claude, and Copilot: consumer vs. business tiers

These three tools are the ones most likely already running inside your practice right now. Each has a consumer tier and a business or enterprise tier with meaningfully different data-handling commitments.

ChatGPT (OpenAI)

Free / Plus: Conversations may be used for training by default. Opt-out available in settings but applies per-conversation on Plus. No data processing addendum available.
Teams: Conversations are not used for training by default. Data processing agreement included. Suitable for non-privileged firm work if you review the DPA.
Enterprise / API zero-retention: Conversations not stored beyond request completion, not used for training. Audit logs available. This is the tier defensible for client-matter use under most interpretations of Rule 1.6.

Source: openai.com/enterprise-privacy ↗

Claude (Anthropic)

Claude.ai (free / Pro): Anthropic retains conversations and may use them to improve models unless you opt out via the privacy settings. Not appropriate for client data.
Claude for Work (Teams / Enterprise): No training on customer conversations by contract. Enterprise tier adds SSO, audit logs, and a data processing addendum.
API: No training on prompts or completions by default. Zero-retention option available. Suitable for client-matter use when the API key is held by the firm and logs are reviewed.

Source: anthropic.com/privacy ↗

Microsoft Copilot

Copilot (consumer / free): Connects to Microsoft's consumer services. Not appropriate for client data.
Microsoft 365 Copilot (commercial): Covered under the Microsoft Product Terms and DPA. Data stays within your Microsoft 365 commercial tenant. Prompts and completions are not used to train foundation models. The EchoLeak vulnerability (CVE-2025-32711, patched May 2025) demonstrated that Copilot's deep M365 integration creates an attack surface general assistants do not have — a successful injection in a malicious document could exfiltrate data from your tenant.

Source: microsoft.com/trust-center/privacy ↗

03 / Legal-specific platforms

Westlaw AI, Lexis+ AI, and Harvey-class tools

These platforms are built specifically for legal workflows. They generally start from a stronger confidentiality baseline because their customer contracts are negotiated with law firms. That said, “built for lawyers” is not a guarantee — you still need to read the DPA.

Westlaw AI / CoCounsel (Thomson Reuters)

Thomson Reuters' AI products operate under their enterprise customer agreements, which include data confidentiality provisions and prohibit use of customer content for training without consent. CoCounsel is positioned as a legal research assistant with citation checking built in, which reduces (but does not eliminate) hallucination risk. Verify your specific subscription agreement — terms differ between law firm and solo tiers.

Source: legal.thomsonreuters.com ↗

Lexis+ AI (LexisNexis)

LexisNexis offers contractual confidentiality protections under their enterprise agreements. Lexis+ AI ties into their verified legal database, which provides citation grounding that general assistants cannot match. Their data use policy for AI is published separately from their general terms — read it specifically, as it governs what happens to prompts you submit.

Source: lexisnexis.com privacy policy ↗

Harvey and similar enterprise legal AI platforms

Platforms in the Harvey category are enterprise-only, contracted directly with firms, and typically include explicit confidentiality terms, no training on customer data, and audit logging. The security posture is generally stronger than consumer AI tiers, but they are priced for mid-size and larger firms. For solo and small practices, the cost generally does not justify the specific features offered — the Westlaw/Lexis AI tiers are the more practical path.

04 / The pre-adoption checklist

What to verify before adopting any AI tool

Regardless of vendor category, these are the four questions every solo and small-firm attorney should answer in writing before using an AI tool on client matters:

Data training opt-out

Does the vendor train on your inputs? Is the no-training guarantee contractual (DPA) or just a settings toggle? Toggles can change; contracts are enforceable.

Retention windows

How long does the vendor retain your prompts and completions? 30 days, 90 days, indefinitely? Shorter retention reduces exposure from breach or litigation discovery.

Subprocessor list

Who else handles your data? The AI vendor typically passes data to cloud providers and possibly to the model API layer. Each subprocessor adds surface area. Look for this list in the DPA or privacy policy.

Audit logs

Can you pull a log showing who in your firm queried the tool, when, and with what prompts? Audit logs are what allows you to demonstrate compliance to a disciplinary body — and to catch unauthorized use by staff.

If you cannot answer all four questions for every AI tool currently in use at your practice, that is the finding. A CyberFrad AI Security Audit inventories your full tool stack and delivers a written hardening plan covering each of these questions within five business days.

05 / Honest bottom line

There is no universally “best” AI for lawyers

The right tool depends on your practice area, your budget, and what you are actually using AI for. Legal research with citation requirements points toward Westlaw AI or Lexis+ AI. Document drafting and general reasoning at controlled cost points toward ChatGPT Enterprise or Claude for Work. Deep integration with firm systems points toward evaluating Microsoft 365 Copilot with eyes open to its attack surface.

What is universal: using a consumer-tier general assistant on client matters without a data processing agreement is a compliance risk. The tier distinction is not a marketing upsell — it is the line between a tool that has made a contractual commitment about your data and one that has not.

If you want a second opinion on your current stack, the CyberFrad audit is a flat-fee engagement with a money-back guarantee if no material risk surfaces.

FAQ

Frequently asked questions

// Not sure which tier you're on?

Get a written answer for your specific stack.

The CyberFrad audit inventories every AI tool your practice uses and delivers a written hardening plan in five business days. Flat fee. Money-back guarantee.

Request an Audit — $497