Companion Guide — February 2026

Zero Data Retention,
ABA Compliance & the
Claude Product Gap

A detailed analysis of Anthropic’s Zero Data Retention (ZDR) addendum: whether it satisfies ABA ethics obligations, how to obtain it, which Claude products it covers — and which it does not — and what that means for law firms analyzing confidential client files.

← This is a companion to the Law Firm Security Guide — Anthropic Claude Products. Read that page first for plan tiers, general security configuration, and firm policy guidance.

What Is Zero Data Retention?

Zero Data Retention (ZDR) is Anthropic’s strongest data privacy commitment. Under a ZDR arrangement, when you send a prompt to Claude through the API, your input is processed in real-time and immediately discarded after the response is returned. No prompts. No outputs. No logs on Anthropic’s servers.

This is fundamentally different from all other Claude plans:

Plan / Product Data Retention Used for Training? How to Obtain
Free / Pro / Max
(consumer plans)		 30 days (opt-out) or 5 years (opt-in) Yes, by default Sign up at claude.ai
Team / Enterprise
(web/desktop chat)		 Retained for product experience; configurable on Enterprise Never Subscribe at claude.ai/pricing
Commercial API
(standard — no addendum)		 7 days Never Create account at console.anthropic.com
Commercial API
(with ZDR addendum)		 Immediately discarded Never Contact Anthropic sales; negotiate & sign ZDR addendum
Common Misconception Many people assume that the Anthropic API or Claude Code automatically provide zero data retention. They do not. The standard commercial API retains inputs and outputs for 7 days. This is dramatically better than consumer plans, and the data is never used for training, but it is not zero. ZDR is a separate contractual arrangement that must be specifically requested from and approved by Anthropic’s sales team. Without the signed addendum, you are on the 7-day standard retention.

For a law firm, this distinction matters enormously. Even a 7-day retention window means that your client’s confidential contract text, privileged communications, or case strategy analysis sits on Anthropic’s servers for a week. Under ZDR, it doesn’t sit anywhere at all.

Who Could Access Data During the 7-Day Retention Window?

The practical risk level during the standard API’s 7-day retention window determines how significant the difference between standard retention and ZDR is for a given firm’s practice. The risk of unauthorized third-party access is low but not zero, and the scenarios most relevant to lawyers differ from those that concern most businesses.

Potential Access Scenarios

Who During 7-Day Window Under ZDR
Anthropic employees By default, cannot see conversations. Anthropic states that only designated Trust & Safety personnel may access data on a need-to-know basis when content is flagged for a Usage Policy violation. Anthropic has not published a SOC 2 Type II or ISO 27001 certification that independently verifies these internal access controls; firms relying on the 7-day window are relying on Anthropic’s representations. No data exists to access (except safety-flagged content; see Caveats).
Other API customers No. API data is isolated per organization. No mechanism exists for another customer’s queries to surface your data, and commercial API data is never used for training, so it cannot leak through model outputs. Same — no cross-customer exposure.
Government / law enforcement During the 7-day window, data exists on Anthropic’s servers. This means it is potentially reachable via court order, search warrant, grand jury subpoena, or national security letter directed at Anthropic. Anthropic would be the custodian — not the firm — which creates complications around privilege assertions and work product protections. Nothing to produce. Data that does not exist cannot be subpoenaed.
Opposing counsel In contentious litigation, opposing counsel could theoretically serve a third-party subpoena on Anthropic for the firm’s API logs, arguing they contain relevant evidence about how work product was prepared. During the 7-day window, those logs exist and would need to be addressed through a motion to quash or privilege assertion. No records exist. The response to a subpoena is straightforward: there is nothing to produce.
Attackers
(infrastructure breach)		 If Anthropic’s servers were compromised during the 7-day window, data that exists could be exfiltrated. Low probability (enterprise-grade AWS/GCP infrastructure, encryption at rest) but not zero. A breach yields nothing — data was already discarded.
Cloud infrastructure
providers		 Anthropic runs on AWS and GCP. These providers have infrastructure-level access to the physical and virtual machines. They have contractual commitments not to access customer data, but the theoretical capability exists during the retention window. Exposure window is milliseconds rather than 7 days.
Anthropic’s
subprocessors		 Listed in the DPA. Companies that Anthropic uses for operational purposes (hosting, monitoring). May have some degree of infrastructure access, contractually restricted. Same contractual restrictions, but minimal data to access.
The Scenario That Matters Most to Law Firms The scenarios most relevant to legal practice are not hacking or rogue employees — they are legal process. The 7-day window creates a period during which client AI-processed data is potentially discoverable through subpoena to a third party the firm does not control. For general practice work, this risk is theoretical and may be manageable. For litigation involving aggressive opposing counsel, high-stakes M&A where information asymmetry matters, or any matter where the fact that AI was used could itself become an issue, the 7-day window represents a concrete exposure that ZDR eliminates.
The Core Principle Data that does not exist cannot be subpoenaed, breached, or accessed by anyone. This is ZDR’s core value proposition. Each firm will need to evaluate whether the 7-day window represents an acceptable risk for their specific practice areas and client base, or whether ZDR’s elimination of that window is warranted.

Does ZDR Satisfy ABA Ethics Rules?

No single product feature “satisfies” the ABA Model Rules — compliance requires a holistic approach including technology choices, policies, consent, and supervision. But ZDR is the strongest technical safeguard currently available from any major AI provider, and it addresses the core concerns raised by Formal Opinion 512.

Here is a rule-by-rule analysis:

Model Rule 1.6 — Confidentiality of Information Strong

Rule 1.6 requires “reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation.”

ZDR’s answer: Client data is processed and immediately discarded. It is never stored on Anthropic’s servers, never retained in logs, and never used for training. This is the minimum possible data footprint for a cloud-based AI service — the only way to reduce it further would be to run the model locally (which is not currently feasible for frontier models like Claude).

Assessment: ZDR + DPA + no-training guarantee constitutes what many ethics commentators describe as “reasonable efforts” under Rule 1.6 for a broad range of practice areas. For matters involving extraordinary sensitivity (national security, sealed grand jury material), firms may wish to evaluate whether any cloud-based AI is appropriate.

Model Rule 1.1 — Competence Strong

Rule 1.1 requires understanding “the benefits and risks associated with the technologies used to deliver legal services.”

ZDR’s answer: By selecting ZDR specifically, you are demonstrating an informed understanding of how the AI tool handles data. You have evaluated the available options and chosen the most protective configuration. This document itself serves as evidence of that competence.

Model Rule 1.4 — Communication Adequate with Action

Opinion 512 states that boilerplate engagement letter consent is not sufficient. Firms are expected to obtain specific informed consent before using AI tools on client matters.

ZDR’s answer: ZDR is a technical safeguard, not a consent mechanism. Firms still need to disclose to clients that AI tools will be used, explain that data is sent to a third-party server (even though not retained), and obtain their specific agreement. ZDR makes that conversation much easier — “your data is processed and immediately deleted” — but the conversation still needs to happen.

Model Rules 5.1 & 5.3 — Supervision Requires Supplementation

Managerial lawyers must establish clear policies and ensure compliance.

ZDR’s limitation: Because ZDR immediately discards data, there is no audit trail on Anthropic’s side of what was submitted or returned. Firms that need to demonstrate what an attorney submitted to the AI, or review usage for supervisory purposes, would need to build that logging into their own application layer. ZDR prioritizes confidentiality over auditability — both concerns may need to be addressed.

ABA Formal Opinions 08-451 & 477R — Outsourcing & Data in Transit Strong

These opinions address using third-party services and transmitting protected client information.

ZDR’s answer: Data is encrypted in transit (TLS). The DPA establishes contractual commitments. ZDR eliminates the storage concern entirely. You have reviewed the vendor’s terms and understand the data handling. This satisfies the outsourcing analysis framework.

Overall Assessment: ZDR Provides the Strongest Available Cloud AI Confidentiality

The API with ZDR, combined with the Commercial Terms (no training), the DPA, informed client consent, a firm AI usage policy, and appropriate supervision measures, provides what many ethics commentators consider a strong position under the current ABA ethics framework. It is the strongest configuration Anthropic offers and the strongest available from any major AI provider.

It is not, by itself, sufficient. ZDR is a technology safeguard. ABA compliance also involves informed consent (Rule 1.4), a firm policy (Rules 5.1/5.3), verification of AI output accuracy (Rule 1.1), and appropriate billing practices (Rule 1.5). But ZDR addresses the hardest technical problem — keeping client data off third-party servers.

Which Claude Products Support ZDR?

This is the most important section of this guide. ZDR does not apply to all Claude products. The coverage is narrower than most people expect.

Product
Details
ZDR?
Anthropic API
(direct calls)
Programmatic access via HTTP requests from your own application, script, or tool. This is the primary ZDR use case. However, ZDR is not automatic. The standard commercial API retains data for 7 days by default. ZDR requires a separate contractual addendum negotiated with Anthropic’s sales team (see How to Obtain ZDR). Without that addendum, your API calls are governed by standard 7-day retention — significantly better than consumer plans, but not zero.
With ZDR
addendum
Claude Code
(CLI tool)
Command-line coding agent. ZDR applies only when Claude Code is configured with a commercial organization API key that has an active ZDR addendum on file with Anthropic. Verify your key type with /config. Without a ZDR addendum, Claude Code follows the same 7-day standard API retention. If logged in with a consumer account (Free/Pro/Max) instead of an API key, consumer retention and training policies apply — 30-day retention or 5 years if training is enabled.
With ZDR
addendum
Claude.ai
(web interface)
The browser-based chat at claude.ai, regardless of plan tier (Free, Pro, Max, Team, Enterprise). The web chat retains conversations to provide product features like chat history and projects.
No
Claude Desktop
(Mac/Windows app)
Native application that is functionally identical to claude.ai. All data is sent to Anthropic’s cloud. Inherits the same retention as your web account.
No
Claude Mobile
(iOS/Android)
Mobile app with the same backend as claude.ai and Claude Desktop.
No
AWS Bedrock
Claude accessed through Amazon’s infrastructure. Governed by AWS terms, not Anthropic’s ZDR addendum. AWS has its own data handling commitments.
Separate
Google Vertex AI
Claude accessed through Google Cloud. Governed by GCP terms. Configurable logging via Cloud Logging.
Separate
The Key Takeaway If you are chatting with Claude through a web browser, desktop app, or mobile app, ZDR does not apply — regardless of your plan tier or ZDR agreement. ZDR only covers the API and products that use your commercial API key directly (currently: API calls and Claude Code) — and only when a ZDR addendum has been executed with Anthropic. There are three distinct retention tiers to understand:
Configuration Retention Training? How You Get It
Consumer plans
(Free / Pro / Max)		 30 days or 5 years Default ON Sign up at claude.ai
Commercial API
(standard)		 7 days Never Create account at console.anthropic.com; purchase API credits
Commercial API
(with ZDR addendum)		 Immediately discarded Never Contact Anthropic sales; negotiate & sign ZDR addendum
Important for Law Firms Even the standard commercial API without ZDR (7-day retention, no training) is a significant improvement over consumer plans and may constitute “reasonable efforts” under Model Rule 1.6 for many practice areas. If a firm cannot obtain ZDR or the timeline is too long, the standard commercial API represents an intermediate option. The 7-day window is short enough that some ethics commentators consider it reasonable, particularly combined with the no-training guarantee and DPA. ZDR provides the strongest available protection, but 7-day commercial retention is not disqualifying. See the 7-Day Retention Risk analysis above for a detailed breakdown of what that window means in practice.

The Interface Gap: Why This Matters

This creates a practical problem for law firms. The claude.ai web interface and desktop app are the easiest, most intuitive ways to interact with Claude. Drag-and-drop file upload, conversation history, projects, visual formatting — they are consumer-friendly products designed for accessibility.

The API, by contrast, is a programmatic interface. You send HTTP requests and receive JSON responses. There is no built-in chat window, no file upload button, no conversation history. It is a developer tool.

This means a law firm that wants ZDR protection when analyzing confidential client files has three options:

Option A: Claude Code (Developer-Friendly)

If the attorney or someone at the firm is comfortable working in a terminal, Claude Code with a ZDR-configured commercial API key provides ZDR coverage. You can point it at documents on your filesystem, ask it to analyze them, and know that nothing is retained. However, Claude Code is a command-line tool designed for software development — not a natural interface for legal document review.

Option B: Custom Application (Most Common for Firms)

A developer builds a simple, secure web application that calls the Anthropic API on behalf of the attorneys. This gives you:

Option C: OpenClaw or Similar Platform

An open-source AI assistant platform like OpenClaw can be configured to call the Anthropic API with your ZDR-enabled key. This provides a conversational interface with skills and integrations while routing all requests through the ZDR-protected API. See the companion OpenClaw Security Guide for deployment details.

The Opportunity This “interface gap” is precisely the opportunity described in the skills-as-SaaS model. A developer who builds a clean, secure, law-firm-focused interface that calls the Anthropic API with ZDR is providing real value — bridging the gap between maximum privacy and usability. The technology is straightforward; the market need is clear.

How to Obtain a ZDR Agreement

ZDR is not a self-service feature. You cannot toggle it on in a settings panel. It requires a contractual arrangement with Anthropic’s sales team.

1
Contact Anthropic Sales

Reach out via anthropic.com/contact-sales or email the sales team directly. Identify yourself as a law firm (or a developer serving law firms) and state that you require ZDR for client confidentiality under ABA ethics obligations.

2
Eligibility Assessment

Anthropic evaluates ZDR requests on a case-by-case basis. Regulated industries (legal, healthcare, finance) are the primary target audience. There is no published minimum spend, but ZDR is positioned as an enterprise offering. A firm with meaningful API usage will likely qualify. A solo practitioner on a minimal budget should still ask — the worst outcome is being directed to the standard 7-day retention API.

3
Execute the ZDR Addendum

Anthropic provides a ZDR addendum that supplements your existing Commercial Terms. Review it with your firm’s counsel. Key points to verify: which API endpoints are covered, what exceptions apply (safety monitoring, legal obligations), and confirmation that the addendum covers Claude Code if you plan to use it.

4
Sign the Data Processing Addendum (DPA)

The DPA is separate from the ZDR addendum. It establishes Anthropic’s role as a data processor, covers GDPR requirements, and provides contractual data handling commitments. If you handle health-related matters, also inquire about the Business Associate Agreement (BAA) for HIPAA-eligible services.

5
Configure Your API Keys

Once the agreement is in place, Anthropic configures your organization’s API keys for ZDR. All API calls made with these keys will operate under zero-retention. Verify the configuration with your account representative.

6
Build or Configure Your Interface

Since ZDR doesn’t apply to the claude.ai web interface, you’ll need to access Claude through the API directly, via Claude Code, or through a custom application. See the Architecture Options section below.

What to Expect Based on current information, the ZDR sales process takes 1–3 weeks from initial contact to signed agreement. Enterprise sales cycles can be longer. Firms may want to factor this timeline into their planning.

Architecture Options for ZDR-Protected Client File Analysis

Since the standard Claude web and desktop interfaces do not support ZDR, here are three practical architectures for law firms that need ZDR when analyzing confidential files:

Architecture A: Claude Code (Simplest)

Attorney → Claude Code CLI → Anthropic API (ZDR Addendum Required)
Attorney
at terminal
Claude Code
reads local files
Anthropic API
ZDR (if addendum signed)
Typical use case: technically comfortable attorneys or developer-assisted workflows. Without a ZDR addendum, standard 7-day API retention applies.
# Configure Claude Code with your commercial API key:
claude config set apiKey sk-ant-your-zdr-key

# Verify ZDR-enabled key is in use:
claude /config

# Analyze a confidential document:
claude "Review this contract for indemnification clauses
  and summarize any risk areas: @contract.pdf"

Architecture B: Custom Firm Application

Attorney → Firm Web App → Anthropic API (ZDR Addendum Required)
Attorney
in browser
Your Firm’s App
auth + file upload
+ audit logging
Anthropic API
ZDR (if addendum signed)
Typical use case: firms wanting a familiar interface with ZDR protection and firm-controlled audit logs. Without ZDR addendum, standard 7-day API retention applies (still no training).

Your developer builds a lightweight web application (typically 500–2,000 lines of code) that provides:

The critical point: Anthropic never stores the data (ZDR), but your application controls its own logging for supervisory compliance. You get both confidentiality and auditability.

Architecture C: OpenClaw / Open-Source Platform

Attorney → OpenClaw (on VPS) → Anthropic API (ZDR Addendum Required)
Attorney
via Telegram
or web UI
OpenClaw
on firm VPS
with skills
Anthropic API
ZDR (if addendum signed)
Typical use case: firms that want an AI assistant with integrations (calendar, email, research tools). Without ZDR addendum, standard 7-day API retention applies.

OpenClaw or a similar platform is configured with your ZDR-enabled API key. All requests to Claude route through the API with ZDR. The platform runs on infrastructure you control (a VPS, GCP VM, or office server), giving you full control over conversation storage and access. See the OpenClaw Security Guide for detailed deployment and hardening instructions.

How Conversations Work Under ZDR

A common concern is whether ZDR prevents continuous, multi-turn conversations about a client’s file. If data is “immediately discarded,” how can Claude remember what you discussed three prompts ago?

Yes — Full Conversations Are Possible Under ZDR

ZDR does not prevent continuous, multi-turn conversations. An attorney can upload a contract, ask questions about it, request follow-up analysis, and have a natural back-and-forth dialogue — all with ZDR in effect. The experience is seamless and indistinguishable from a normal chat.

Why This Works: The API Is Stateless

The Anthropic API does not maintain conversation history on its servers — not under ZDR, and not even under standard retention. Every API call is a completely independent, self-contained request. The way multi-turn conversations work is that your application (the custom firm app, OpenClaw, or Claude Code) stores the conversation history locally and re-sends the entire conversation to Anthropic with each new prompt.

How a Three-Turn Conversation Flows Under ZDR
Turn 1
Your app sends → [User: "Review this contract for indemnification risks" + contract text]
Anthropic: Processes the request, returns analysis.
Under ZDR: Everything is immediately discarded. Anthropic retains nothing.
Your app stores the response locally and appends it to the conversation history ↓
Turn 2
Your app sends → [Turn 1 User msg + contract, Turn 1 Assistant response, User: "What about force majeure?"]
Anthropic: Processes the full history as if seeing it for the first time. Returns answer.
Under ZDR: Everything is immediately discarded again.
Your app stores the new response and appends it ↓
Turn 3
Your app sends → [Full conversation so far + User: "Draft a summary of the key risks"]
Anthropic: Processes everything fresh, returns the summary.
Under ZDR: Immediately discarded. Anthropic has retained nothing from any turn.

From the attorney’s perspective, this is a normal conversation. Claude “remembers” the contract and prior discussion because your application replays the full history each time. Anthropic’s servers process it, respond, and forget — every single turn.

Practical Implications

ConsiderationWhat It Means
Conversation continuity Seamless. Attorneys can have extended, multi-turn discussions about a document just as they would in the claude.ai web interface. There is no functional difference from the user’s perspective.
File content is re-sent each turn If you uploaded a 50-page contract, that text is included in every subsequent API call so Claude can reference it. This increases token usage (and cost) but has no impact on the attorney’s experience. Your application handles this automatically.
Conversation state lives in YOUR app Anthropic retains nothing. The full conversation history — including the client file — is stored by your firm’s application, on your firm’s infrastructure. This is what you want: the data stays under your control, not a third party’s.
Your app’s storage is your responsibility Since your application holds the conversation, its data storage practices also need to meet confidentiality requirements. Considerations include encryption at rest, access restrictions, and alignment with the firm’s document retention policy.
Supervisory advantage Because your app controls the conversation log, you can build in audit trails (who submitted what, when) that satisfy Rules 5.1/5.3 — something that ZDR on Anthropic’s side actually makes easier to manage, since you own the only copy of the data.
Session loss If the app crashes mid-conversation and hasn’t saved the session, the history is gone — Anthropic has no copy to recover. Saving conversation state to disk or database at each turn mitigates this risk.
Bottom Line ZDR does not limit your ability to have rich, multi-turn conversations about confidential client files. It simply changes where the conversation lives: on your firm’s infrastructure rather than on Anthropic’s servers. The attorney’s experience is identical to using the claude.ai chat interface. The difference is entirely behind the scenes — and entirely in your favor from a confidentiality standpoint.

Caveats and Exceptions to ZDR

ZDR is the strongest available protection, but it is not absolute. These exceptions are important to understand and disclose to clients when obtaining informed consent.

Exception 1 — Safety & Abuse Monitoring Anthropic still runs User Safety classifiers on ZDR requests to enforce their Usage Policy. The classifier results (not your actual text) are retained. However, if a conversation is flagged for a Usage Policy violation, Anthropic may retain the actual inputs and outputs for up to 2 years. This exception exists across all plans and cannot be contracted away.
Exception 2 — Legal Compliance Anthropic may retain data where required by law (court order, subpoena, regulatory requirement). This is standard for any cloud service provider and is not unique to Claude.
Exception 3 — Non-ZDR Features Not all API features are ZDR-eligible. If you use a feature that isn’t covered, data will be retained according to that feature’s standard policy. Prompt caching, for example, stores cryptographic hashes (not raw text) for 5–60 minutes. The Anthropic Files API has longer retention. Always verify feature eligibility with your account representative or the ZDR documentation.
Exception 4 — Your Own Application Layer ZDR governs what Anthropic retains. If your custom application, OpenClaw instance, or Claude Code local cache stores conversation data, that is outside Anthropic’s ZDR scope and is your responsibility. Ensure your own logging and storage practices also meet confidentiality requirements.

What to Tell Clients

When obtaining informed consent, be transparent about these exceptions. A suggested disclosure framework:

Sample Disclosure Language (Adapt to Your Jurisdiction) “We use an AI tool provided by Anthropic (Claude) to assist with [specific tasks]. We access this tool through a private interface that connects to Anthropic’s API under a Zero Data Retention agreement. Under this agreement, your information is processed by the AI and immediately discarded — Anthropic does not store your data on their servers and does not use it to train their AI models. In limited circumstances, Anthropic may retain data if required by law or if their automated safety system flags content for review. We maintain our own secure records of our work product. Your consent to this arrangement is voluntary and will not affect our representation if you decline.”

Alternative: Running OpenClaw with a Local Model

A natural question arises: if the core concern is client data reaching Anthropic’s servers, why not eliminate the third party entirely? OpenClaw and similar platforms can be configured to use locally-hosted AI models (such as Llama, Mistral, or DeepSeek) instead of calling the Anthropic API. This means no data ever leaves your network.

From a Confidentiality Standpoint: The Strongest Possible Configuration

A fully local deployment eliminates ZDR as a concern entirely. There is no third-party retention, no addendum to negotiate, no safety-flag exception, no terms of service to monitor, and no data in transit beyond your local network. The ethics argument is the simplest possible: “Client data never left our office.”

!
From a Competence Standpoint: Significant Concerns

Running a local model solves the confidentiality problem but introduces a competence problem. Model Rule 1.1 requires lawyers to provide competent representation using tools they understand. If a local model produces inferior, unreliable, or hallucinated analysis compared to Claude — and the attorney relies on that analysis — the firm has traded one ethics risk for another.

Side-by-Side Comparison

Factor Anthropic API (with ZDR) Local Model (e.g., Llama 3 70B)
Data leaves your network? Yes — transmitted to Anthropic (encrypted, immediately discarded under ZDR) No — all processing on your hardware
Third-party retention risk? Minimal (ZDR + safety-flag exception) None
Contractual dependencies? ZDR addendum, DPA, Commercial Terms None
Analysis quality State-of-the-art (Claude Opus/Sonnet) Significantly lower — more hallucinations, weaker reasoning, less reliable citations
Context window 200K–1M tokens (can process 100+ page documents) 8K–32K effective tokens (quality degrades beyond this, even if model advertises more)
Speed Fast (cloud infrastructure) 3–10× slower on typical office hardware
Hardware cost $0 (API usage fees only) $3,000–$15,000+ for capable GPU setup
Ongoing cost API token usage (~$3–$25/M tokens) Electricity + maintenance (lower if usage is high)
Ecosystem & tools Web search, file analysis, tool integrations, skills Limited — most integrations must be built from scratch
Maintenance burden Managed by Anthropic Entirely your responsibility — model updates, security patches, hardware failures
Support Anthropic enterprise support Community/open-source only

The Core Trade-Off

This is fundamentally a Rule 1.6 vs. Rule 1.1 trade-off:

Local Model Maximizes

Rule 1.6 (Confidentiality)
No third-party exposure of any kind. The most airtight data protection possible.

Claude API + ZDR Maximizes

Rule 1.1 (Competence)
Best available analysis quality. Confidentiality addressed through contractual and technical safeguards.

Hardware Realities

Running a model that approaches (but does not match) Claude’s quality for legal analysis requires substantial hardware:

Setup Approximate Cost What It Can Run Legal Analysis Quality
Mac Mini M4 (64GB) ~$1,800 7B–13B models at reasonable speed; larger models very slowly Insufficient for complex legal work
Mac Studio M4 Ultra (192GB) ~$7,000–$9,000 70B models at moderate speed Usable for simpler tasks; unreliable for complex analysis
Workstation with NVIDIA A6000 (48GB) ~$6,000–$10,000 70B models (quantized) at good speed Comparable to above
Multi-GPU server (2× A100 80GB) ~$25,000+ 70B+ models at good speed with full precision Best local option, but still below Claude Sonnet for legal reasoning

When a Local Model Makes Sense

Where Local Models May Be Appropriate National security, government classified, or intelligence-adjacent work where data absolutely cannot touch any external server under any circumstances, and the sensitivity outweighs the quality trade-off. Also potentially suitable for simple, high-volume tasks like initial document categorization, basic summarization, or form-filling where the stakes of any single analysis being wrong are low and human review is applied to every output.
Where Local Models Present Challenges Complex legal analysis, contract review with nuanced risk assessment, multi-document synthesis, or any task where the attorney may rely on the AI’s output without performing independent verification of every conclusion. The quality gap between local models and Claude is significant for most legal work. An attorney who relies on a hallucinated clause analysis from a local model faces a competence concern that data sovereignty does not address.

Hybrid Approach: Best of Both Worlds

Some firms may benefit from a two-tier architecture:

Hybrid: Local Model for Triage → Claude API (ZDR) for Deep Analysis
Client File
Local Model
categorize, summarize,
redact identifiers
Claude API (ZDR)
deep analysis on
redacted/approved content
Use a local model for initial processing and redaction, then send de-identified or pre-approved content to Claude for high-quality analysis.

In this approach, the local model handles initial document categorization, PII detection, and redaction. Only de-identified or pre-approved content gets sent to the Anthropic API (with ZDR) for substantive legal analysis. This gives you local-model-level confidentiality for the raw files and Claude-level quality for the analytical work.

Note The hybrid approach adds complexity and development cost, and it requires the local model to be reliable enough for the redaction/triage step. This is a future-looking architecture — as local models improve (and they are improving rapidly), this will become increasingly practical. For most firms today, the API with ZDR is generally the more straightforward option to implement.

Configuration Options by Firm Size and Practice

Firm Profile Configuration Option Considerations
Solo / Small (1–5 attorneys)
General civil practice		 Team Standard ($25/seat) for daily use; API with standard 7-day retention for document analysis Team provides Commercial Terms (no training). 7-day API retention may be reasonable for many civil matters. ZDR is an option if budget allows.
Small/Mid (5–20 attorneys)
Litigation, transactional, IP		 Team Standard for daily use; Custom app + API with ZDR for confidential file analysis ZDR may be warranted given sensitivity of client files. Custom app provides audit trail for supervisory obligations. Cost-effective at this scale.
Mid/Large (20+ attorneys)
Multi-practice		 Enterprise plan for daily use; Custom app + API with ZDR + BAA for document analysis Enterprise provides SSO, SCIM, audit logs, custom retention. ZDR + BAA covers HIPAA if handling health matters. Full compliance stack.
Any size
M&A, securities, government, national security		 API with ZDR only; evaluate whether any cloud AI is appropriate Maximum sensitivity may warrant maximum protection. Consider whether the 2-year safety-flag exception is acceptable. Document the risk assessment.
Any size
Classified, intelligence-adjacent, or absolute-zero-tolerance for third-party exposure		 Local model on firm hardware (OpenClaw + Llama/Mistral); no external API Eliminates all third-party risk. Involves a quality trade-off that requires rigorous human review of every output. Consider the hybrid approach for non-classified portions.

ZDR Implementation Checklist

Procurement

Technical Implementation

Ethics & Policy

Resources & References

Anthropic ZDR Documentation

ZDR Documentation — Eligible endpoints and features
Privacy Center — What products does ZDR apply to?
Privacy Center — Commercial data retention
Claude Code — Data usage documentation
Contact Anthropic Sales (to request ZDR)

ABA Ethics Guidance

ABA Formal Opinion 512 — Generative Artificial Intelligence Tools (PDF)
ABA Announcement — First Ethics Guidance on AI Tools
ABA Business Law Today — Opinion 512 Framework Analysis
NCBE Bar Examiner — Formal Opinion 512 Detailed Analysis

Third-Party Analysis

CaseClerk — Is Claude Enterprise Safe for Law Firms? (2025)
AMST Legal — Claude AI Privacy & Confidentiality Impact
Gerrish Legal — Claude AI Updates Explained
Skywork — Claude Desktop Security & Privacy FAQ

Companion Guides

Law Firm Security Guide — Anthropic Claude Products (plan tiers, settings, firm policy)
OpenClaw Security Guide for Legal Professionals (local & GCP deployment)
Final Note The ZDR landscape is evolving. Anthropic has updated its data policies multiple times in 2025, and ZDR-eligible features may expand over time. It is possible that future versions of the claude.ai web interface or desktop app will support ZDR for commercial customers. Monitor Anthropic’s Privacy Center and your account representative for updates. As of this writing, the API + custom interface approach is the only configuration that provides ZDR when analyzing confidential client files.