Does this preserve attorney-client privilege?

Privilege is a legal property, not a software property — but software shouldn't undermine it. CodeB keeps call and meeting media on the firm's own server with end-to-end DTLS-SRTP. No third-party cloud sees the media. Recording is local and signed. Operator policy and access controls are your responsibility.

Can the AI receptionist do client intake?

It can run first-pass intake: caller name, matter type, conflict-check question, preferred contact time. It must never give legal advice. The persona shipped on day one explicitly transfers anything substantive to a fee-earner.

How is meeting content protected on a deposition / hearing?

DTLS-SRTP between browsers. Signed local recording — the recording lives on disk with a cryptographic hash that can be referenced in correspondence. No vendor-managed cloud copy exists.

Are transcripts privileged?

Privilege depends on the content and purpose; CodeB stores AI-call transcripts in a tenant-local folder under your control. With the local AI backend, the transcript is generated on your machine and never copies to any external vendor.

For law firms

Confidential phone, video and AI intake — on a server you control.

For solicitors, barristers’ chambers and boutique firms whose procurement question starts with “where does the call data live?”. CodeB doesn’t put it in a third-party cloud, doesn’t copy recordings to a vendor, doesn’t run analytics on conversations, and lets you keep the AI front-end on the same machine as the rest.

Talk to us Privacy manifesto →

Note on privilege. Attorney-client privilege is a legal property. Software can’t create it, but it can avoid undermining it — by not interposing third-party processors in the path of privileged communications. CodeB’s posture: meeting media never enters our infrastructure, SIP-call media never enters our infrastructure, and the AI front-end can be configured to keep transcripts entirely local.

01 / The legal-services reality

Why generic SaaS comms unsettle compliance teams.

Cloud-hosted recordings

Many cloud voice products keep recordings in the vendor’s storage. A discovery request reaches both the firm and the vendor. The list of people with theoretical access expands.

AI transcription as a side door

Vendor-supplied AI transcription often ships training-opt-in by default. Even when opt-out is available, the data still transits through a third-party model API.

Intake at the wrong cost

A trainee answers the phone for hour-one client intake. They’re paid to do something more substantive. A simple front-end could screen for conflicts and capture matter type.

Hybrid working without ringing chambers

The phone in chambers rings into empty space when a barrister works from home. Forwards introduce dropouts. A browser softphone follows the person, not the building.

02 / What CodeB adds

Four pieces tuned for a privilege-aware firm.

AI intake screener (local backend recommended)

Greets the caller, captures name and matter type, runs a conflict-check question, books a call-back slot. Sample persona ships configured to never give legal advice and to transfer on any substantive question.

Local-AI optionConflict checkTranscript

Browser softphone per fee-earner

Sign in once via OIDC, register the softphone, take calls from wherever you actually work. No physical handset on the desk in chambers ringing into empty air.

Per-userHybridPWA

Video with signed local recording

Conference room URL per matter. Browser-only, end-to-end DTLS-SRTP. Recording is local on the firm’s server with a cryptographic hash you can cite in correspondence.

No SaaS copyHash-cited

Built-in OIDC identity

Use the same CodeB identity to sign in to Nextcloud (case files), GitLab (private repos for clauses), Grafana (firm dashboards). No external IdP, no cross-site cookies. The IdP runs on the same Windows box.

No 3rd-party IdPSSO across firm tools

03 / Worked example

A boutique commercial-litigation firm.

Twelve fee-earners, two PAs, hybrid working. Existing PBX is 3CX. Concerns: client recordings sitting in a vendor cloud, AI transcription opt-ins they don’t fully trust, intake calls absorbing trainee time.

AI intake DID running with the local backend. Each new caller gets name + matter type + conflict-screening question. Transcript lands in the practice’s case-management folder.
Browser softphone for every fee-earner, signed in via OIDC. Calls follow the person across home and chambers.
Video meeting room per active matter, recordings stored locally with signed hashes, optionally shared with the client via revocable view-only links.
OIDC sign-on across Nextcloud (case files), the firm’s WordPress knowledge base, and a small GitLab instance for clause templates.

04 / Why not Zoom / Teams / NetDocuments-bundled voice

Where the SaaS path doesn’t end in a satisfying place.

Third-party in the privilege chain

Every additional processor in the path is a place a privilege argument could go sideways. Self-hosting removes that processor entirely for the media plane.

Discovery / subpoena surface

SaaS vendor logs and recordings are reachable by subpoena. Your own server is reachable too — but the surface is smaller and the chain of custody is yours alone.

Cross-border data flow

Schrems II and equivalent court rulings make cross-border SaaS comms a recurring conversation. A Malta-, UK- or Germany-hosted CodeB box keeps the answer simple: media never left the jurisdiction.

Cost model that fits

SaaS scales per-seat. A 12-person firm with hybrid working has 12-seat fixed cost. CodeB’s cost is per-install, which suits boutique firms better than monthly-per-head pricing.

05 / Deployment

Patterns we’ve seen work for firms.

On the firm’s file-server

Windows + IIS already there. CodeB bridge as a service. PBX integration via SIP trunk to the firm’s existing 3CX / Asterisk.

Dedicated mini-PC

Fanless box in the IT cupboard. ~400 EUR. Reduces noise on the file-server and lets IT manage the comms box separately.

Private hosted tenant

If self-hosting is out of scope, we run a single-tenant deployment on isolated infrastructure under your domain. No shared media path.

Pilot one DID, then expand

Start with AI intake on one number. Add softphones once the IT team is comfortable. Roll out video to fee-earners last.

Want a scoping conversation under NDA?

For procurement-aware firms we’ll happily walk through the data-flow diagrams under a mutual NDA, including the AI privacy posture and recording-hash workflow.

Get in touch →