Legal AI existed. Data sovereignty didn't come with it. We changed that.
Most AI tools for law firms are built by tech companies who've never dealt with a COLP. Their pitch is simple: sign up, send your data to their cloud, get AI features. For a legal firm handling confidential client information, that's genuinely problematic — not in a vague, hypothetical sense, but in terms of SRA Standards & Regulations, GDPR Article 28, and basic professional duty of confidentiality.
We built Susan because private AI has become powerful enough to draft legal documents, run compliance checks, and automate billing workflows — all on a dedicated server you control, hosted on UK soil. Small and mid-size UK law firms now have access to the same AI capabilities as the largest practices, without the data sovereignty compromise. That principle underpins every decision we make.
The legal profession has obligations that most other industries don't. Here's why the architecture of Susan is a feature, not just a technical choice.
SRA Principle 6 requires you to act in a way that upholds public trust in the legal profession. SRA guidance published in 2024 explicitly notes that firms must ensure AI tools do not compromise client confidentiality. Sending client data to a third-party AI service creates a confidentiality question your COLP must be able to answer. With Susan, the answer is simple: the data never left.
Article 28 of the UK GDPR requires that where a data controller uses a processor to process personal data, there must be a written contract in place with that processor. Every time you send client data to a cloud AI service, that service becomes a processor. Susan eliminates this entirely — there is no processor, because the processing happens on your own hardware.
The ICO recommends completing a DPIA before implementing new technology that processes personal data at scale. For most cloud AI tools, this DPIA must account for the risks of data leaving your control and the AI provider's data retention policies. For Susan, the DPIA is straightforward: data stays on your own servers, is processed by software you control, and is subject solely to your own data handling policies.
Courts have not yet definitively ruled on whether transmitting privileged communications to a third-party AI service waives privilege. Until they do, the safest position is to ensure privileged communications are processed on infrastructure you fully control. Susan makes this the default — not the exception.
Built for
British law.
Working with professional services firms on their IT infrastructure, we kept seeing the same pattern: solicitors spending a disproportionate amount of time on document production, compliance admin, and chasing billing. At the same time, every AI tool on the market required data to leave the firm. The COLPs we spoke to were adamant: that wasn't going to happen. So we looked at what was possible with local AI, and the answer was more than we expected.
We built Susan on proven, open-standard components: Next.js for the application layer, Supabase for data and authentication, n8n for workflow automation, and Ollama for local AI inference. Together, they create a system that can run 14 distinct AI automation workflows — all the compliance documents, client communications, billing documents, and management reports that a legal firm produces repeatedly — without any data leaving your infrastructure. Your client data is stored in standard formats on your own server. It belongs to you — not to us, not to a cloud provider.
On top of the automation layer, we built a complete matter management platform: contacts, matters, time recording, disbursements, invoicing, aged debt, and key dates. The AI automations and the practice management platform share the same data model, so they work together — the AI knows what matter it's working on, who the client is, and what documents have already been produced.
Susan installs on a GPU server you control — in your office or a UK-hosted dedicated instance. VantagePoint handles the remote setup via Docker; you are live in under a day. From that point, everything runs on your own infrastructure: AI inference, database, documents, workflows. Your data stays on UK soil and never reaches a third-party AI service.
We're working on a native accounting module to replace the spreadsheet workarounds most small firms are still using. We're also building deeper integrations with legal-specific data sources and court filing systems. The model manager will gain support for fine-tuned models specialised for legal document drafting. And we're expanding the template library to cover the most common practice areas with high-quality starting-point precedents.
Everything we build will continue to follow the same principle: it runs on your infrastructure, your data belongs to you, and the AI works for your firm — not for us.
We're a small team and we talk to every potential customer personally. If you have questions about whether Susan is right for your firm, the compliance implications of self-hosted AI, or anything else — just get in touch.
info@vpnetworks.co.ukWe aim to respond within one business day.
We'll walk through the product, show you the modules most relevant to your practice type, and answer any compliance or technical questions your team has. No obligation, no hard sell.
Book a Demo →Practice management and AI automation. One flat monthly fee. Your data stays on UK infrastructure you control.