California Licensed Attorney

What is Zero Data Retention

Zero data retention (ZDR) is essentially a process where information uploaded into a software vendor is used in the moment, and then it’s gone. Nothing is saved, stored, or kept on their servers after your session ends.

When you type a question or upload a document into an AI tool, that information travels to the vendor’s servers to be processed. In a standard system, the vendor keeps a copy by logging it, storing it, and may use it to improve their AI over time. In a zero data retention system, the vendor processes your request, sends back the answer, and then immediately deletes everything. No logs, no copies, no backups.

Standard AI system AI with Zero data retention Attorney sends query Client docs, case facts, questions Vendor processes request AI reads and responds Attorney gets answer Research, draft, summary Data stored Kept on servers Used to train Improves vendor AI Risk to attorney Confidentiality breach · Rule 1.6 Attorney sends query Client docs, case facts, questions Vendor processes request AI reads and responds Attorney gets answer Research, draft, summary Data immediately deleted No logs · no copies · no backups Client info stays protected Confidentiality preserved Rule 1.6 satisfied

The common concern with most standard AI tools is that the moment you paste a client’s name, a set of facts, or a sensitive document into the chat window, that information potentially lives on the vendor’s servers indefinitely. It could be used to train the next version of their AI. It could be accessed by vendor employees. It could be caught up in a vendor data breach. And because of that, it would no longer be confidential or privileged, and opposing counsel will argue that sharing client information with a third-party AI vendor waived privilege.

Zero data retention addresses all of this by making the data disappear as soon as it’s no longer needed to answer your question. The vendor can’t lose what they don’t have. They can’t sell or train on what they’ve already deleted. And they can’t hand over records in litigation if those records don’t exist.

As this becomes a more common demand, more and more AI software will advertise zero data retention capability. But just because they say they offer zero data retention, doesn’t mean you’re actually getting zero data retention. Some may delete your data after 30 days and call it ZDR. Some apply it only to certain tiers of service. Some carve out “anonymized” or “aggregated” data that they keep.

When you’re evaluating a vendor, you want ZDR spelled out explicitly in the contract and you want it to be the default setting, not something you have to opt into after signing.