Law firms cannot afford a security compromise. We built Sorush from the ground up with that non-negotiable truth as our first design principle — not an afterthought.
The single most important security decision we made: the entire Sorush stack — LLM inference, voice processing, memory storage, RAG pipeline, and integration connectors — runs inside your firm's own Azure Virtual Network.
We do not send your clients' calls to a third-party cloud. We do not store your firm's data on our servers. We do not have access to your conversations. You own the keys. You control the environment. We provide the infrastructure blueprint and the managed deployment.
When you hire a human receptionist, you run a background check. You should expect the same accountability from a digital one handling your clients' confidential legal matters.
Every Sorush agent receives our Background Check Badge — a documented certification that the agent has been:
We partner with background verification vendors to provide verifiable, third-party documentation of this certification for every deployment.
Agentic Employee is pursuing SOC 2 Type II certification, covering Security, Availability, and Confidentiality trust service criteria. Target certification: Q3 2026. Audit logs are immutable and available for export at any time.
AES-256 encryption for all data at rest via Azure Storage Service Encryption. TLS 1.3 enforced for all data in transit. No unencrypted data pathways exist in the architecture.
The Sorush client dashboard supports Admin, Manager, and Viewer roles. All actions are logged with timestamp and user attribution. Azure AD SSO with MFA enforced for all dashboard access.
Every agent action, every call, every dashboard change is logged immutably. Logs are available for export and are retained according to your firm's specific legal hold requirements.
The failure mode of most AI tools in legal settings is hallucination — confidently stating something false. This is unacceptable in a law firm context where a wrong answer about a deadline, a case status, or a fee arrangement can cause real harm.
Our guardrail enforcer monitors every response Sorush generates. When confidence falls below our threshold on any factual query, Sorush is forced to respond: "I don't have that information — let me connect you with someone who does."
We back this with a no-hallucination guarantee on routine tasks — including call answering, FAQ responses, and scheduling. If Sorush fabricates an answer that we can verify was outside its knowledge base, we own it.
Sorush is designed to complement — not create tension with — attorneys' professional responsibility obligations. Our design explicitly accounts for the rules most relevant to front-desk AI.
Sorush never transmits client information outside the firm's VPC. All data remains inside the attorney-client privileged environment. No third-party SaaS has access to your calls or data.
Sorush operates under direct attorney oversight via the dashboard. Supervising attorneys can review every interaction, update scripts in real time, and disable specific capabilities with one click.
Sorush is hardcoded to never dispense legal advice, legal opinions, or case predictions. It transfers any substantive legal question to the attorney — without exception.
During intake, Sorush can collect conflict screening information as directed by the firm, and routes potential conflict matters to the appropriate attorney before any privileged information is disclosed.