Miranda AI
Trust & security

Built like the rest of your firm.
Privileged.

Legal AI is only useful if a managing partner can defend it under deposition. Here's exactly how Miranda is designed to be defendable, in plain language, no compliance theater.

Privilege-aware by design

Calls are agent-to-prospect, gated, and audited. Your data is not used to train any third-party model.

  • Model vendors are called with no-training settings; raw call content is not used to train their models.
  • Per-firm logical isolation: every row is scoped to a firmId; no cross-tenant query path exists.
  • Privileged-content tags on transcripts so review teams can mark and segregate at the row level.

PII you can defend

Caller information is encrypted in transit and at rest, redactable, and exportable for discovery on demand.

  • Transport encrypted via TLS; storage encryption provided by managed Postgres at rest.
  • Sensitive-pattern redaction (SSNs, DOBs, account numbers) is configurable per firm before transcript storage.
  • Caller-initiated deletion supported: a deletion request triggers removal of identifying transcript fields.

Retention you set

We default to short retention on raw audio. Final retention is set per firm to match your matter-management policy.

  • Default raw-audio retention is short; longer windows are explicitly configured.
  • Transcripts and structured intake stay as long as the matter is open, then follow your retention rule.
  • Deletions propagate to logs and backups on the standard backup-rotation window.

Audit log, end-to-end

Every call, prompt, transfer, and knowledge-document change is logged with attribution and timestamp.

  • Append-only audit trail you can export at any time.
  • Per-user action history for firm employees.
  • Designed against SOC 2 Type II controls; formal audit is on the roadmap, not yet completed.

A human is always in the loop

Miranda transfers, schedules, and flags, but every consult, retainer, and case-acceptance decision is made by your attorneys.

  • No legal advice given to callers, only information about your firm and procedural facts.
  • Conflict checks happen before any case-specific conversation.
  • Out-of-jurisdiction or sensitive matters route to a human as configured.

Boring, vetted infrastructure

Standard, well-known providers. No homemade telephony, no homemade auth, no homemade encryption.

  • Telephony: Twilio.
  • Speech: Cartesia, with no-training settings.
  • Hosting: Vercel for the web app; managed cloud hosting for backend services and Postgres.

Have a security question?

We'll send our security one-pager, the data-flow diagram, and a sample DPA, usually within the same business day.

Email rupesh@miranda.legal