Confidentiality & Compliance

The no-Google policy

FidesBeacon does not use any Google product or service in its own workflow. The policy applies to our infrastructure, our tooling, and our operational accounts — not to where your content originates. Your documents can come from any source, including Gmail and Google Drive (with the practical caveat described below). Once content reaches our intake, we process it on systems that never touch a Google service.

What this means for us (the firm side)

The following Google products are not part of FidesBeacon operations:

• Gmail and Google Workspace as our mail provider. Our mail runs on Microsoft 365.
• Google Drive, Google Docs, Google Sheets, Google Slides as our document store. We use Dropbox Business, OneDrive Business, Box, and dedicated single-tenant Webnet Media storage.
• Google Cloud Platform, BigQuery, Cloud Functions, and all other Google Cloud services. Our processing runs on dedicated hardware in Webnet Media's Florida and Romania facilities.
• Google AI Platform, Vertex AI, and Gemini. Our model calls run through Anthropic's API on a private path with training-rights opt-out.
• Google Fonts, Google Analytics, Google Tag Manager. None of our public-facing properties load any Google-hosted resource (verifiable in this page's source).

What this means for you (the client side)

You are free to keep using whatever email provider, file-share platform, or document tools your firm prefers. The no-Google rule does not extend to your environment. The practical points:

• Gmail is fine as a content source. If you forward a Gmail message to us, it arrives at our Microsoft inbox normally and we process it like any other email. If you export an entire mailbox archive (.mbox), upload it through Dropbox and we will ingest the archive. We never touch Gmail to receive your content.
• Google Drive content is fine after export. Please download Google Drive files first, or export Google Docs / Sheets / Slides to Word / Excel / PowerPoint, and send the files via Dropbox, OneDrive, Box, or email. The one constraint: we cannot click through a Google Drive share link, because that would require us to sign in to a Google account on our side.
• Other email and storage providers are also fine. Outlook, Yahoo, Apple Mail, ProtonMail, AOL, FastMail, Hey, Dropbox, OneDrive, Box, Sync.com, Tresorit, iCloud Drive, your firm's internal SharePoint or document management system — all work normally.

Why we maintain this rule

Our principal maintains conflict-of-interest restrictions consistent with active patent enforcement work. Every Google product the firm could use has terms of service or a data-handling policy that would create a real or apparent conflict given those restrictions. The simplest answer is for our side not to use Google products. The rule pre-dates any individual client engagement and is not subject to per-matter negotiation. It applies to our environment only; your environment is your business.

Document handling

Intake

Documents are received over an approved secure channel (see the How It Works page for the channel list). Document hashes are recorded on receipt. The intake step generates the matter ID, the QC log skeleton, and the analytical workspace, all on dedicated hardware.

Processing

Processing happens in a single-tenant environment dedicated to the matter. No multi-tenant cloud product is used. Model calls run through a private API path with training-rights opt-out contractually guaranteed by the model provider. Intermediate work product (drafts, OCR text, citation indices) is encrypted at rest on the dedicated hardware.

Delivery

Deliverables ship over the same secure channel by which documents were received, or over an alternative approved channel at the client's request. Deliverables are hashed at the moment of release; the hash is recorded in the QC log and can be re-computed by the receiving firm to confirm integrity.

Retention and destruction

Default retention is ninety (90) days after final deliverable release. At ninety days, original client documents, intermediate work product, OCR caches, and analytical workspaces are cryptographically destroyed (overwrite + key destruction). The QC log row is retained indefinitely for audit-trail purposes; the QC log row contains no document content, only metadata describing how the deliverable was produced.

Longer retention is available on request. Common longer-retention arrangements: through trial date plus thirty days; through final judgment plus ninety days; through appeal exhaustion. Retention terms are set in the confidentiality agreement.

Privilege protection

FidesBeacon deliverables are prepared at the direction of counsel and are intended to qualify as attorney work product under Federal Rule of Civil Procedure 26(b)(3) and analogous state rules. The engagement structure is designed to preserve the protection rather than waive it.

What we require to preserve the protection

• FidesBeacon is engaged by the law firm, not by the underlying client. The engagement letter is firm-to-firm.
• The engagement letter recites that FidesBeacon is performing work at the direction of counsel in anticipation of litigation or for use in pending litigation.
• Deliverables are addressed to the engaging firm and are not distributed to the underlying client except through the firm.
• FidesBeacon personnel do not communicate directly with the underlying client, unless the firm specifically directs otherwise in writing.

What we will not do

• We do not produce work product that is intended for direct distribution to non-attorney recipients (board members, investors, regulators, etc.) without an attorney's intermediation. Such products are available as a separate "Webnet Air" engagement, outside the privilege boundary.
• We do not testify as expert witnesses on the contents of our own deliverables. The deliverables are work product; the testifying experts are retained separately by the firm.
• We do not, under any circumstances, share work product with opposing parties, opposing counsel, or third-party vendors outside the engagement.

Subcontracting

FidesBeacon does not subcontract analytical work to third parties. Citation verification, adversarial review, and attorney sign-off all happen in-house at Webnet Media. Specialized expert consultation (e.g., a particular subject-matter consultant for a damages-modeling question) is added to scope under the engagement letter only with the firm's written approval; it is not a default operating mode.

Conflicts

FidesBeacon maintains a conflict-clearance procedure modeled on law-firm practice. Before any matter is accepted, the named parties are checked against the firm's adverse-engagement list. Standing conflicts known to the firm are disclosed during intake, and specific conflicts are documented in the engagement letter. The firm will decline matters where:

• FidesBeacon or its parent Webnet Media is, or is reasonably likely to become, a party adverse to the named parties.
• FidesBeacon has an active engagement with a party adverse to the named parties.
• The matter would require analysis of documents that are subject to a confidentiality obligation FidesBeacon owes to a third party.

Data security at a glance

• Dedicated single-tenant hardware in Webnet Media facilities (Florida and Romania).
• Encryption at rest (AES-256) on all storage volumes.
• Encryption in transit (TLS 1.3 minimum) on all data movement.
• Two-factor authentication on all personnel access.
• Network segmentation between the analytical workspace and the public internet.
• Logging of all access to client materials with the access log retained for the matter's retention period.
• Cryptographic destruction at retention period end (overwrite plus key destruction).
• Annual third-party security review.