Privilege matters more than ever—which is exactly why it's being ignored

Attorney-client privilege is one of the oldest protections in law. The principle is simple: your communications with your lawyer, and the documents your lawyer creates for you, generally cannot be used against you in legal proceedings—lawsuits, regulatory inquiries, government investigations.

It's a bedrock protection. And right now, most businesses are inadvertently waiving it at scale.

What's happening

When your team uses AI tools to analyze contracts, assess liabilities, map compliance risks, or draft communications about legal exposure, those conversations and documents are being committed to third-party storage. Servers you don't control. Infrastructure you can't fully audit. Retention defaults you probably haven't reviewed.

For most commercial AI tools, the consequences are predictable:

• Legal analysis lives on someone else's servers, subject to their policies and legal obligations
• Those servers are subject to subpoenas, litigation holds, and government inquiries
• Retention defaults are often measured in years—set by the provider, not by you
• The communications are not privileged because a lawyer was not party to them

Courts have routinely held that AI tool interactions are not privileged communications. The moment your team pastes a contract into ChatGPT and asks it to summarize risk, that conversation may be discoverable in subsequent litigation or regulatory proceedings. It's a document that exists, cannot be deleted after a preservation letter arrives, and may be produced to your adversaries.

This is not a speculative risk. Discovery of AI-generated work product and AI conversation logs is already appearing in commercial and regulatory proceedings.

The "Business" and "Enterprise" problem

The market moved fast and the marketing followed. Terms like "secure," "private," and "enterprise-grade" now appear across consumer and commercial AI products. In practice, these tiers reduce some risks without eliminating the core problem.

ChatGPT Business and ChatGPT Enterprise offer controls around data retention and training-data opt-outs. They don't change the fundamental legal analysis: OpenAI is not a law firm. A conversation on ChatGPT is not a privileged communication. The infrastructure may be more secure, but security and privilege are distinct legal concepts. A conversation that's encrypted but not privileged can still be compelled in discovery—and often is.

ChatGPT Team, popular with smaller companies and some law firms, provides limited data controls and does not support programmatic export of conversation history. Data retention defaults are set by OpenAI, not the customer, and can run to years.

Claude (Anthropic): a chat with Claude is not privileged. Anthropic is not a law firm. No matter how sophisticated the prompt, how careful the phrasing, or how well-intentioned the use, communications through a non-lawyer AI provider are not attorney-client communications. The same analysis applies regardless of which model powers the assistant.

Microsoft Copilot and similar enterprise AI integrations add complexity without resolving the core issue. Data may be retained within your Microsoft tenant under your enterprise agreement, but the privilege analysis still depends on whether a lawyer was party to the communication—not where the infrastructure lives.

Google Gemini for Workspace, Slack AI, and other integrated AI features operate under the same framework. Data retention and third-party storage are governed by the platform's terms, not by privilege doctrine.

The pattern across all of these: enterprise security controls do not create privilege. Privilege requires a lawyer.

Cloud providers, litigation holds, and third-party preservation

There is a second layer to this problem that's less visible but equally significant.

Cloud providers—including AI infrastructure providers—have received and responded to litigation holds, preservation requests, and government inquiries affecting customer data. The specific details of individual cases are not always public, but the pattern established by cloud storage and email providers over the past decade is instructive: providers generally preserve data in response to valid legal process, including process initiated by parties adverse to the provider's customer.

Your customer agreement with an AI provider may not prohibit them from complying with a litigation hold. It may not even require them to notify you promptly when they receive one. The moment you receive your own preservation letter, you cannot delete any of it—and if the provider is preserving it too, neither can they.

In many cases, the cloud provider is not violating any agreement by complying with an opposing party's preservation request. This is not a hypothetical. It's how cloud infrastructure has operated for years, and AI providers operate within the same legal framework.

Courts have repeatedly found that discussions with non-lawyer tools—chatbots, AI assistants, cloud-based work product tools—are not privileged when a lawyer isn't party to the communication. The reasoning is consistent: privilege requires a lawyer-client relationship, not just a confidential-looking interface.

Soon, AI-assisted communications will be the primary focus of discovery in complex litigation. For many businesses, they already are.

Questions worth asking every AI and legal-tech provider

Before committing privileged legal work to any AI tool or platform, ask:

• Is a licensed attorney party to my communications with your system?
• Where is data stored, and under which jurisdiction?
• What are the default data retention periods, and who controls them?
• Has your company received and complied with litigation holds or preservation requests affecting customer data?
• What controls do I have over deletion, and are those controls legally effective after a preservation letter arrives?
• Has any court addressed the privilege or confidentiality status of communications through your platform?

Most providers will not answer all of these clearly. That's meaningful information.

How Fences approaches this

Fences operates under lawyer supervision. Communications happen in lawyer-controlled channels. Analysis is attorney work product. The structure is designed to preserve privilege where privilege can apply.

We don't publish the specifics of our infrastructure configuration for the same reason you don't publish your trade secrets. We're happy to discuss our setup with prospective clients in an appropriate confidentiality context.

We encourage every business to audit legal service providers the way they'd audit an infosec vendor: with specific, documented questions, and with counsel reviewing the answers. The fact that a product is marketed as "secure" does not make communications with it privileged. The fact that a provider has enterprise terms does not make communications on their platform attorney-client communications.

When considering legal service providers, ask them directly: are you a law firm? Is a licensed attorney supervising my work? What is your privilege and confidentiality posture? If those answers are unclear, treat the ambiguity as risk.

The law here continues to evolve. The fundamentals do not.

Contact us to learn about our approach.