The appeal of cloud AI for professional document work is genuine. Upload a contract, receive a summary. Paste a deposition transcript, generate a draft response. The tools are fast, the interface is familiar, and the entry cost is low.
What these services communicate less clearly is what happens to a document after it arrives at their servers.
What transmission means
When you upload a file to a cloud AI service, that document travels from your device to infrastructure operated by the vendor, typically distributed across multiple data centers, and is processed by systems you do not control. Whether the vendor retains the document afterward varies by plan, configuration, and terms of service. Whether the document is used to improve or retrain future models also varies, and has changed for several major services without advance notice to users.
For most documents, this is an acceptable tradeoff. For professional documents, the question requires more care.
Three categories of professional confidentiality
Attorney-client privilege attaches to communications between a client and their attorney for the purpose of obtaining legal advice. The privilege belongs to the client. Uploading a client's case file, a draft motion, or internal correspondence to a third-party service raises questions about whether that transmission constitutes a disclosure that could affect privilege. The analysis varies by jurisdiction and is still developing. The risk is real.
Protected health information under HIPAA carries specific handling requirements. A covered entity that transmits PHI to a third-party vendor must have a signed Business Associate Agreement in place before doing so. Many cloud AI services offer BAAs for enterprise tiers. Whether the BAA reflects how the system actually processes data is a separate question, one the BAA itself does not answer.
Client financial information held by accounting firms, wealth advisors, and estate practices does not carry a single statutory framework equivalent to privilege or HIPAA, but carries its own confidentiality obligations under professional conduct rules, engagement agreements, and in some cases fiduciary duty. Uploading a client's tax returns or trust documents to a third-party service introduces risk that most engagement letters do not address.
Life sciences and manufacturing companies present a different configuration of the same problem. Proprietary formulations, batch records, validated system documentation, supplier qualifications, and deviation reports carry competitive and regulatory value that makes their confidentiality both a business and a compliance matter. In a regulated manufacturing environment, the integrity of that documentation is itself subject to audit. Transmitting it to a third-party cloud service without a defined data handling agreement creates exposure that is difficult to characterize after the fact.
The decision is not which cloud AI service to trust. The decision is whether those documents should leave your network at all.
What enterprise tiers actually provide
The major cloud AI vendors offer enterprise plans that include data isolation, no-training commitments, and in some cases SOC 2 Type II attestation. These are meaningful protections. They do not make a cloud deployment equivalent to a private one.
The distinction is architectural. With an enterprise cloud plan, documents leave your network, travel to vendor infrastructure, are processed there, and a response is returned. The vendor controls the hardware. The vendor's security posture, key management, and incident response govern what happens to your data. You are extending trust to that vendor's operations, not only to their contractual commitments.
A private, on-premise deployment inverts that structure. Documents remain on a computer inside your office network. Processing happens on that computer. Nothing is transmitted to a third-party service. The vendor of the software is not involved in the ongoing operation of the system. The practice controls the hardware, the documents, and the processing environment.
The compliance framing
Neither a cloud AI vendor with a BAA nor a private AI deployment carries a compliance certification on behalf of the practice that uses it. A system can be designed to support a practice's compliance obligations without being itself certified. The certification responsibility remains with the practice.
The relevant question is not whether the system carries a particular certification. The question is what the system does with documents, and whether that matches the practice's obligations to its clients.
A cleaner frame
For documents that have never left your building, and that have good reasons not to, the decision is not which cloud AI service to trust. The decision is whether those documents should leave your network at all.
For many professional practices, the answer depends on the category of document. Administrative correspondence may be different from case files. General research materials may be different from PHI. The work is identifying which categories require what level of protection, and building systems accordingly.
Private, on-premise AI is one approach to that problem. It is not the only approach. But for practices whose primary asset is client trust, understanding the tradeoffs before the first upload is worth the time.