Privacy first

Built for lawyers who handle the most sensitive information. Your client data stays yours.

What we access

  • Email subject line
  • Sender and recipient email addresses
  • Date and time sent

What we never access

  • Email body content
  • Attachments or documents
  • Email threads or conversation history
  • Contacts beyond what's in your PMS

How we protect your data

  • Email metadata encrypted and purged after configurable period (default 30 days)
  • Data stored on AWS RDS (Sydney) with encrypted connections. App served via Vercel
  • OAuth tokens encrypted with AES-256 at rest
  • Clio is the source of truth. We store nothing long-term
  • Compliant with Australian Privacy Principles (APPs)
  • Message IDs stored as SHA-256 hashes only (for deduplication)
  • Auto-submit requires high confidence match. Nothing is billed without verification

Cloud AI matching

MatterFile uses Google Gemini via Google Vertex AI, hosted in the australia-southeast1 (Sydney) region, to match emails to client matters. Whether you use the Outlook add-in or the web dashboard, here is exactly what happens with your data.

Zero data retention

We use the paid API tier which does not retain prompts or responses. Your data exists only for the duration of the API call, then it is gone.

No training on your data

Under the paid API tier, Google does not use your data to train or improve any AI models. Your prompts and responses are not used for model development.

Secure data storage

All persistent data (database, tokens, email metadata) is stored encrypted on AWS RDS in the ap-southeast-2 (Sydney) region. The application is served via Vercel. AI processing requests contain only email metadata and are not retained by Google.

What the AI sees

Sent to Gemini

  • Email subject line
  • Sender and recipient email addresses
  • Contact names from your PMS
  • Matter descriptions from your PMS

Never sent to any AI

  • Email body or content
  • Attachments or files
  • Full conversation threads
  • OAuth tokens or credentials

Private AI

For firms that require complete data sovereignty, we offer a fully private AI instance. All matching runs on your own infrastructure. Zero data touches any external service.

Enquire About Private AI
  • Dedicated server on your network or private cloud
  • Zero data leaves your infrastructure
  • We install, configure, and maintain everything
  • Uses open-source Qwen3 model. No cloud API dependency
  • Meets the strictest AU privacy and compliance requirements