Trusted with privileged files, by design.
Self-custody is not a slogan here. It is the architecture. The parts of the product that touch client data are the parts built to never leave your control.
The agent proposes. A lawyer signs.
Every action the agent can take falls into one of three tiers. The tiers are not settings you can loosen in a hurry. Blocked actions are not even wired up as things the agent can do.
// A routine send runs unattended only under a playbook you approved. Anything novel waits.
Your AI, your key, your files.
The supervised agent runs on your own model key. When it needs the model, your matter data goes to the provider you chose, under your own account and your own agreement with them. Virtualaw OS never proxies that traffic through our servers, never stores your files, and never has a copy to lose.
It is true with respect to us. Virtualaw and Virtualaw OS never receive, proxy, store, or can read your client data. There is no vendor cloud holding your files.
It does not mean no service ever sees a prompt. When you use the agent, your data reaches the model provider you selected, on your key. That is a relationship between you and them, and you can read their terms and choose accordingly.
For firms that need nothing to leave the box, a local-model option is on the roadmap. It trades some model quality for total isolation.
It lives on your site. You can always walk away with it.
Everything installs on WordPress you host. There is no lock-in, because there is nothing to be locked out of.
Data at rest is yours
Matters, documents, and history live in your own database, on your own host. We do not have an account that holds them.
Cancel and keep everything
A lapsed license stops updates and new writes, and leaves a working read-only view of all your data. Nothing to export in a panic.
Standard WordPress
It is a set of plugins and a database, not a black box. Your own developer, or ours, can back it up and move it.
The guarantees underneath.
The trust story is only as good as the code. These are the rules the build holds to, the same ones your security review will ask about.
- AuditAppend-only recordEvery agent action is written before it runs and can never be edited or deleted after the fact.
- SecretsEncrypted at restModel keys and integration credentials are encrypted, read only where they are used, never returned to the browser or logged.
- WebhooksVerified on the way inEvery inbound webhook carries a per-source secret token, checked before anything happens. Unverified requests do nothing.
- AccessLeast privilegeThe agent sees one matter at a time, never the whole client roster. Access is scoped, logged, and revoked at handoff.
- DatabasePrepared statements onlyEvery query is parameterized, every external input validated. No string-built SQL anywhere.
- MoneyNever movesThere is no billing, no trust accounting, no payment path. The agent cannot move money because the capability does not exist.
Ownership you can actually verify.
Try the full suite free, on your own site, and see where every byte lives.