Privacy-First Architecture
I never see your
client data.
That’s not a promise.
It’s how the system is built.
Thirty percent of solo attorneys have no website. We think we know why — most vendors want full access. This page explains why that’s not how Built by Cameron works.
The Architecture
You own the building
and the land.
Most web platforms put every client on a shared floor of a shared building. We don’t. Here’s how it actually works.
Your own building
You get your own server — not a floor in someone else's building. Your firm's data doesn't share infrastructure with other law firms, other industries, or anyone else. The server is provisioned for you.
Your front door, your file room
Your clients come in through your front door, into your lobby, and their documents go into your file room. The only way in is through your credentials — the login you control.
A maintenance key — not a master key
I have a maintenance key that lets me fix the plumbing and paint the walls. But I can't open the file room. Only you have that key. That's not a setting — it's how the access roles are architected.
Role-Based Access
Two keys.
Two levels of access.
The system has two completely separate access roles. Here is exactly what each key opens — and what it cannot touch.
Your Key
Owner Access
Full access to everything in your practice.
- All client contacts, names, addresses
- Case notes and matter details
- Invoices and payment history
- Intake form responses
- Portal messages with clients
- Documents uploaded by clients
- Social Security numbers and financial records
- Every CRM record in your system
My Key
Maintenance Access
Can access:
- Website pages and design
- System settings and configuration
- Email templates (text, not send history)
- Module configuration and settings
- Server logs and performance metrics
- Backup status and storage health
Cannot access:
- Contacts or client records
- Case notes or matter details
- Invoices or payment data
- Form responses
- Portal messages
- Uploaded documents
- Financial information of any kind
The Lock
What I cannot access.
Not hidden. Not filtered. Locked. The door doesn’t exist for my key.
Client names, addresses, phone numbers
The contact record itself is outside my access role.
Social Security numbers and financial information
Intake forms collect this. I cannot open intake responses.
CRM records — leads, contacts, case notes
The CRM module is visible to your account only.
Invoices and payment history
Billing data lives in the accounting module. I don't have access.
Portal messages between you and your clients
Message threads are scoped to the users in the conversation.
Documents uploaded by your clients
Files attached to portal sessions or intake forms are locked to the matter.
It’s not just hidden — it’s locked. The door doesn’t exist for my key.
Onboarding
Your data.
Your hands.
The moment that trips up most vendors: moving your existing clients into a new system. The standard approach is to hand over a spreadsheet and let the vendor do the import. That means your client data passes through someone else’s hands.
We don’t do that.
- 01
I provide CSV templates — blank forms shaped exactly like the system expects.
- 02
I record a video walkthrough so you know exactly how to fill them out before we meet.
- 03
On your onboarding call, you share your screen and I walk you through the import step by step.
- 04
You do the clicks. I do the guidance. Your data never passes through my hands.
Document Checklists
For ongoing client work: you tell the system which documents you need for each matter type. Your client uploads them directly to their portal. You see the status — no chasing required.
Johnson Estate Plan
5 of 8 received- Government-issued ID
- Prior will or trust (if any)
- Property deed(s)
- Financial account statements
- Life insurance declarations
- Beneficiary designation formsPending
- Business interest documentsPending
- Retirement account statementsPending
The system sent a reminder to the client 3 days ago. You didn’t have to ask.
Transparency
What happens when
something breaks?
Every system has edge cases. Here’s exactly how I handle them — in plain language, before you sign anything.
Diagnosis from the outside
I diagnose from system logs, configuration data, and test records I create myself. No access to your live records needed. This resolves the vast majority of technical issues — server performance, module configuration, email deliverability, automation logic.
Screen share — you navigate
You share your screen on a video call. I see exactly what you see in the moment — nothing more. I give real-time guidance while you navigate. I have no login access to your system during this session. When the call ends, that view ends.
Authorized access
For the rare case that requires direct record access: you provide written authorization via email, specifying the scope. I make the fix while you're present on the call. Access ends the moment the fix is confirmed. I document what I did.
This is exactly how IT departments work in law firms. The IT person doesn’t have standing access to case files. They’re called in when something breaks, they fix the specific problem, and they leave. The same principle applies here.
The Agreement
It’s in writing.
Before I touch your system, we sign a Vendor Confidentiality and Data Handling Agreement. Not a generic NDA — a purpose-built agreement written specifically for technology vendors serving law firms.
Your bar association requires due diligence on technology vendors. This agreement is your due diligence, done.
ABA Model Rules — plain language
Rule 1.6 — Confidentiality
You must make reasonable efforts to prevent unauthorized access to client information. A written vendor agreement with documented security practices satisfies this standard.
Rule 5.3 — Vendor Supervision
You are responsible for ensuring your technology vendors operate consistently with your professional obligations. The agreement and architecture described on this page give you what you need to demonstrate that.
What the agreement specifies
- I don't access client data without explicit written authorization.
- I protect the system with documented reasonable security measures.
- I notify you within 72 hours if anything goes wrong.
- I keep a log of every admin session.
- When the engagement ends, I confirm deletion of any data in writing.
- You retain full control over how any incident is disclosed.
Insurance
I carry Technology E&O insurance (covers claims against me for implementation errors or security incidents) and Cyber Liability insurance (covers first-party costs if the hosting infrastructure is breached). Certificates of insurance provided on request.
Why we built it this way
30% of solo attorneys
have no website.
We think we know why.
Most web designers want full admin access. They want to manage everything — and to manage everything, they have to be able to seeeverything. That means your contacts, your case notes, your clients’ financial information. The intake form where a client disclosed their estate, their health situation, their family structure.
For attorneys who spend their careers protecting client confidentiality — who understand what it means when a trust is violated — handing that data to a web designer isn’t just uncomfortable. It may not be consistent with their professional obligations.
So they do nothing.
They have no website. They take referrals only. They’re invisible to the people who need them most — someone who just lost a parent, someone whose spouse was just diagnosed, someone who is trying to protect their family and doesn’t know where to start.
We built something different.
30%
of solo attorneys have no website
30+
state bar opinions support this architecture
0
times your client data passes through my hands
Ready to see a system built
around your privacy?
A 30-minute call. No hard sell. You’ll see exactly how the system works and exactly what I can and cannot access. Bring your questions — the harder the better.