VirtualawOS
Security & self-custody

Trusted with privileged files, by design.

Self-custody is not a slogan here. It is the architecture. The parts of the product that touch client data are the parts built to never leave your control.

Human in the loop

The agent proposes. A lawyer signs.

Every action the agent can take falls into one of three tiers. The tiers are not settings you can loosen in a hurry. Blocked actions are not even wired up as things the agent can do.

TierWhat happensExamples
autoRuns immediately and is loggedDraft an internal note, populate deadlines from a template you activated
approveWaits in the queue with the agent’s reasoning shown, until you approveSend a novel client message, open a new matter, activate a playbook
blockedThe agent can never do it. Not a setting, a boundaryClose a matter, give a client legal advice, move money

// A routine send runs unattended only under a playbook you approved. Anything novel waits.

Bring your own key

Your AI, your key, your files.

The supervised agent runs on your own model key. When it needs the model, your matter data goes to the provider you chose, under your own account and your own agreement with them. Virtualaw OS never proxies that traffic through our servers, never stores your files, and never has a copy to lose.

What zero-knowledge means here

It is true with respect to us. Virtualaw and Virtualaw OS never receive, proxy, store, or can read your client data. There is no vendor cloud holding your files.

It does not mean no service ever sees a prompt. When you use the agent, your data reaches the model provider you selected, on your key. That is a relationship between you and them, and you can read their terms and choose accordingly.

For firms that need nothing to leave the box, a local-model option is on the roadmap. It trades some model quality for total isolation.

Self-hosted

It lives on your site. You can always walk away with it.

Everything installs on WordPress you host. There is no lock-in, because there is nothing to be locked out of.

Your server

Data at rest is yours

Matters, documents, and history live in your own database, on your own host. We do not have an account that holds them.

No hostage-taking

Cancel and keep everything

A lapsed license stops updates and new writes, and leaves a working read-only view of all your data. Nothing to export in a panic.

Portable

Standard WordPress

It is a set of plugins and a database, not a black box. Your own developer, or ours, can back it up and move it.

How it is built

The guarantees underneath.

The trust story is only as good as the code. These are the rules the build holds to, the same ones your security review will ask about.

  • Audit
    Append-only recordEvery agent action is written before it runs and can never be edited or deleted after the fact.
  • Secrets
    Encrypted at restModel keys and integration credentials are encrypted, read only where they are used, never returned to the browser or logged.
  • Webhooks
    Verified on the way inEvery inbound webhook carries a per-source secret token, checked before anything happens. Unverified requests do nothing.
  • Access
    Least privilegeThe agent sees one matter at a time, never the whole client roster. Access is scoped, logged, and revoked at handoff.
  • Database
    Prepared statements onlyEvery query is parameterized, every external input validated. No string-built SQL anywhere.
  • Money
    Never movesThere is no billing, no trust accounting, no payment path. The agent cannot move money because the capability does not exist.

Ownership you can actually verify.

Try the full suite free, on your own site, and see where every byte lives.