Private AI for regulated professionals
Built for the data your firm cannot send to the cloud.
InnerVault is a private, on-premises AI platform engineered for the confidentiality regimes attorneys and CPAs actually operate under. Your matter files, tax returns, and client records never leave the hardware in your office.
The cloud-AI products your competitors are using were built for marketers and software engineers — not for professionals whose ethical and statutory duties make sending client data off-premises a compliance event.
The same regulatory environment that makes frontier APIs awkward for your firm makes a private deployment the correct architecture. That's the whole company. We build the infrastructure, sign the agreements, and stay in your office.
The platform
Three commitments that make AI defensible inside a regulated firm.
Yours, physically.
Each customer firm receives dedicated hardware that lives in your office. No cross-tenant data, no model training on your files, no telemetry exfiltrating metadata. The machine and everything on it is yours.
Compliant by design.
The architecture is engineered around the rules you already operate under — IRC §7216, ABA Model Rule 1.6, the GLBA Safeguards Rule, HIPAA Business Associate obligations. We deliver the BAA, the §7216 consent template, and the WISP alongside the system.
Capable, not toy.
Open-weight reasoning models in the 70-billion-parameter class running on Apple-silicon hardware with a private retrieval system over your firm's full document corpus. Source-cited answers. Per-matter access controls. Built to do real work.
For attorneys
A research and drafting partner that respects privilege.
Search across the full matter file. Surface inconsistencies between depositions and exhibits. Build event timelines from testimony, emails, and digital discovery. Draft from your firm's own past briefs and templates — with citations to the specific document, page, and line.
Why on-premises
ABA Model Rule 1.6 and Comment 18 require reasonable efforts to safeguard client information when using technology. Routing privileged communications through a frontier API risks waiver of attorney-client privilege under United States v. Kovel agency analysis unless the vendor relationship is structured carefully. A dedicated, on-premises system avoids the analysis entirely.
Deposition intelligence
Search testimony, find contradictions across statements, compare witnesses, summarize what was admitted, denied, or could not be remembered — with exact page-and-line citations.
Evidence correlation
Compare testimony against emails, texts, invoices, call logs, GPS records, bank statements, contracts, and digital discovery — citing specific source documents on every claim.
Timeline builder
Construct event sequences from testimony and digital records. Surface where witnesses disagree, flag missing dates, and identify unsupported claims.
Drafting support
Draft motions, letters, and demand correspondence from your own past work product. The system never trains on your data; it retrieves and assembles, with the attorney making every final call.
For accounting firms
Tax and audit work without sending taxpayer data off-site.
Search historical tax filings instantly. Surface anomalies and inconsistencies across years. Automate recurring reporting. Review documentation for audit support. Answer client questions with the firm's own knowledge — without exposing taxpayer information to a third-party API.
Why on-premises
IRC §7216 imposes criminal penalties on tax preparers for using or disclosing taxpayer information for any purpose beyond preparing the return without specific written taxpayer consent. The GLBA Safeguards Rule (16 CFR Part 314) imposes prescriptive cybersecurity requirements on any preparer providing financial services. A private deployment satisfies both regimes cleanly. Frontier APIs do not.
Tax research
Search the firm's full historical archive of returns, workpapers, and engagement letters. Surface client history, prior positions, and supporting documentation.
Audit and review
Locate documentation, summarize chart history, surface inconsistencies across periods, and build defensible review trails for audit support.
Anomaly detection
Identify unusual patterns across financial statements, transaction history, and reporting cycles. The CPA reviews; the system surfaces.
WISP enforcement layer
Most firms have a Written Information Security Plan; few have a technical enforcement mechanism. InnerVault becomes the enforcement layer — role-based access, audit logging, and tamper-evident records aligned to your existing WISP.
Also serving
Healthcare practices, with HIPAA Business Associate obligations.
Medical and dental practices, clinics, and healthcare-vertical CPAs use the same private architecture for chart-history search, billing review, medication interaction support, and patient-care reminder automation. Every deployment ships with a Business Associate Agreement; every system meets the HIPAA Security Rule's administrative, physical, and technical safeguards.
The hardware
A box that lives in your office. Not a tab in a browser.
InnerVault deployments run on Apple-silicon hardware sized to your firm. The platform is architected to fit a Mac Studio class machine — enough computational headroom to run 70-billion-parameter reasoning models with a private vector index over your entire document corpus. The hardware lives on your network, behind your firewall, under your physical control.
Every deployment ships with a warm-standby unit and encrypted off-site backup. Disaster recovery is documented and tested. When the lights go out, the firm doesn't lose access to its working memory.
Practice tier — typical configuration
How it works
Four stages, eight to twelve weeks from contract to live use.
— 01
Scope
We map your sensitive document sources, access rules, matter or engagement workflows, and the regulatory regimes that apply. Every InnerVault deployment is sized to a specific firm.
— 02
Deploy
Hardware is procured, configured, and installed in your office. The system integrates with your existing identity provider, authentication, and firewall. The BAA, §7216 consent, and WISP are executed at deployment.
— 03
Ingest
Your historical document corpus is indexed into the private retrieval system. Matter-level access controls are applied. Initial bulk ingest runs over one to three weeks depending on volume.
— 04
Operate
Your team uses the system. We support adoption, monitor health, train new staff, and iterate on workflow refinements. Quarterly compliance reviews are part of the engagement.
Compliance posture
The regulations your firm operates under, named.
Generic "we take privacy seriously" statements are insufficient for a firm whose license depends on their accuracy. Below is the specific regulatory perimeter InnerVault is engineered against, with the corresponding contract artifact we deliver alongside the platform.
- IRC §7216 / §6713Tax preparer disclosure §7216 imposes criminal penalties on preparers for unauthorized use or disclosure of taxpayer information. Every CPA deployment ships with a Treasury Reg. §301.7216-3-conformant taxpayer consent template.
- GLBA Safeguards Rule16 CFR Part 314 (2023 update) Prescriptive information security program requirements for tax preparers and CPAs. We deliver a Written Information Security Program (WISP) aligned to the rule's administrative, technical, and physical controls.
- ABA Model Rule 1.6 / 5.3Confidentiality and vendor oversight Lawyer's duty of confidentiality extends to vendor relationships. The InnerVault contract and architecture are designed to satisfy reasonable efforts under Rule 1.6 Comment 18 and ABA Formal Op. 512.
- HIPAA Privacy & Security45 CFR Parts 160, 164 Healthcare-touching customers receive an executed Business Associate Agreement and a deployment that meets the HIPAA Security Rule's administrative, physical, and technical safeguards.
- SOC 2 Type IIIn progress SOC 2 Type I attestation targeted within twelve months of first paying customer; Type II in the following twelve. Our SOC 2 readiness work is underway with named external auditors.
Talk to us
Most of what InnerVault does cannot be explained on a webpage.
If your firm is exploring AI and the privilege, §7216, GLBA, or HIPAA conversations have already come up internally — we're the right call. Initial conversations are confidential and free. We do not pitch; we listen and tell you whether we're a fit.
Direct
Brief introduction including firm size, vertical, and the specific question that brought you here. We respond within one business day.