Log In

Can My Boss See What I'm Doing When I'm Using Ajax?

"Can my boss see what I'm doing?" - that's the question I get more than any other from lawyers looking at Ajax.

The answer is no. Ajax isn't a surveillance tool.

Here’s some context: I grew up watching my parents come home exhausted, then sit at the kitchen table at 10 PM trying to account for every hour of a day they'd already lived. They were both lawyers, and timekeeping was the part of the job they dreaded most. My brother and I built Ajax because they deserved better.

Ajax was built for lawyers like my parents. Below, I'll answer every question I've gotten about how Ajax handles your privacy.

What Is Ajax?

Ajax is an AI timekeeping tool built specifically for lawyers. It runs quietly in the background on your desktop and reads the actual words on your screen - pixel by pixel - as you move between emails, documents, research tabs, calls, and everything else that fills your day.

It takes all of that activity and turns it into polished, client-ready time entries:

  • Grouped intelligently (30 minutes in the morning + 30 around lunch + an hour and a half in the evening = one coherent two-and-a-half-hour entry)

  • Attributed to the correct matters

  • Written in narratives that match your firm's billing guidelines

"Reads your screen" is the part that makes people nervous. We get that - it sounds like surveillance. But the purpose is narrow: generate time entries so you don't have to reconstruct your day at midnight.

Ajax replaces the daily grind of manual timekeeping. It is not an employee monitoring tool.

So if it's reading your screen, who else can see what it captures? Nobody. Let's walk through the specifics.

What Your Managing Partner Can and Cannot See

Your managing partner sees aggregate firm metrics - billing compliance rates, utilization, whether the team is submitting time on schedule. High-level health metrics about the firm's timekeeping practices.

That's it.

They cannot see your individual screen activity. Here's what's specifically off-limits to managing partners, firm administrators, and everyone else at your firm:

  • Your raw screen data

  • What applications you used throughout the day

  • What websites you visited

  • What emails you read or wrote

  • Your unreleased time entries

  • Any personal activity captured after you hit pause (you can always pause Ajax)

  • The specific content Ajax processed to generate your entries

When Ajax generates draft entries, those entries appear in your personal Ajax dashboard. Not your managing partner's. Not your firm administrator's. Just yours.

You review them, adjust anything you want, and only then do you choose to release them to your billing system. Until you click that button, nobody else sees a thing.

The only data that ever leaves your account is the finished time entries you choose to release - the same entries you would have written manually anyway. Same narrative, same duration, same matter assignment.

The difference is you didn't spend 20 minutes at 10 PM trying to remember what you did at 9 AM.

How We Protect Your Data

"Trust us" isn't a good enough answer when you're handling sensitive client matters. So here's exactly what we've put in place:

AES-256 encryption. Your screen data is encrypted the moment it's captured and stays encrypted throughout the entire pipeline - at rest and in transit. Same standard used by banks and government agencies.

Automatic data deletion. Raw data (screen captures, activity logs) is deleted after 30 days. Processed data (structured records used to generate entries) is deleted after 60 days. This happens automatically for every user - no action required.

Zero-retention AI vendors. Our AI subprocessors - including large language model providers - are contractually prohibited from retaining or using your data for model training or fine-tuning. Your client's confidential merger details get processed, used to generate your time entry, and discarded.

SOC 2 compliance. We've completed our SOC 2 Type I audit, and our Type II observation period is underway. That means an auditor is watching everything Ajax does to make sure we're maintaining our infosec protocols. We also run regular penetration testing and maintain CASA (Cloud Application Security Assessment) certification. Security documentation is available under NDA.

Your data is never sold. Not to advertisers, not to data brokers, not to anyone. It exists for one purpose - to generate your time entries.

The Pause Button: You Control When Ajax Watches

If you want Ajax to stop watching - browsing vacation destinations, texting your spouse, taking a personal call - you hit the pause button. One click.

Ajax stops reading your screen entirely. No data is captured. No activity is logged. Nothing.

When you're ready to get back to work, you unpause it and Ajax picks right back up. The button isn't buried in settings - it's designed for frequent use throughout the day, because we built Ajax for the person using it, not for the person managing them.

How Ajax Compares to Integration-Based Tools on Privacy

Most AI timekeeping competitors take an integration-based approach. They connect to your Microsoft Word, Chrome, Outlook, and Zoom, then pull data via APIs - email subject lines, document names, sender and recipient information, meeting titles.

Some people initially feel more comfortable with that model because there's no "screen reading" involved. That's a reasonable first impression, and integration-based tools do have the advantage of feeling lighter-weight.

But consider what that metadata actually includes:

  • Who you're emailing

  • What documents you're opening

  • The subject lines of every message in your inbox

  • How long you spend in each application

The privacy exposure is more comparable than it appears at first glance.

Where the difference shows up most clearly is output quality. Because Ajax reads actual screen content, your entries sound like a lawyer wrote them - specific narratives with relevant details about the work performed.

Integration-based tools tend to produce entries that read more like "Word document - 45 minutes" or "Email - Johnson matter - 12 minutes," because they're working with metadata rather than context.

That richer capture is exactly why we've invested so heavily in encryption, automatic deletion, zero-retention vendors, and strict individual silos. The privacy architecture has to match the depth of what we're processing.

What About Attorney-Client Privilege?

This comes up on nearly every demo call, and the honest answer is: attorney-client privilege isn't an information security question. It's a legal one.

The real question is whether sharing your data with an AI processor - Ajax or anyone else - waives privilege in the eyes of a court. No amount of encryption, rolling deletion, or zero-retention vendor contracts answers that, because that's not what the argument is about. Privilege turns on how courts interpret third-party handling of confidential client information, not on how secure the pipeline is.

What we can tell you is that the framework most bar associations and ethics opinions have applied to cloud document storage, e-discovery platforms, and outside consultants has generally extended to any third-party service a firm uses in delivering legal work - provided the vendor is bound to appropriate confidentiality standards. Whether AI processors fit neatly into that framework is a question still being worked out.

If your firm has specific concerns, the right place to work through them is with your ethics counsel or general counsel - this is a legal question, and it deserves a legal answer. We're happy to share whatever security documentation helps support that conversation.

Frequently Asked Questions

Can my firm administrator access my Ajax data? No. Our architecture does not provide administrators with access to individual users' screen activity or unreleased entries. The only data visible to your firm is the time entries you choose to release.

Does Ajax store screenshots of my screen? Ajax reads the text and context on your screen to generate entries. Raw data is automatically deleted after 30 days, processed data after 60 days.

Is my data used to train AI models? No. We don't use your data for model training, and our AI subprocessors are contractually prohibited from doing so.

What if there's something personal I don't want Ajax to see? Hit the pause button. Ajax stops reading your screen entirely until you turn it back on - nothing is captured, nothing is logged.

Who at Ajax can see my data? No one. Your data is encrypted, processed algorithmically, and deleted on schedule. Human eyes - at your firm or at Ajax - don't see your raw activity.

Can I see what Ajax captured about my day? Yes. All draft entries appear in your personal dashboard. You review them, edit them if needed, and decide which ones to release to your billing system.

What happens to my data if I stop using Ajax? All data is deleted within 30 days of account termination, except where applicable law requires longer retention.

Final Thoughts

We built Ajax to read your screen because that's what produces entries that sound like a lawyer wrote them - grouped across the day, attributed to the right matters, narrated in your firm's style.

But that capability comes with a responsibility we take as seriously as you take your clients' confidentiality.

Your boss can't see what you're doing. Your data is encrypted, deleted on schedule, and never used for training. You decide when Ajax watches, what gets released, and what stays private.

Lawyers who arrive skeptical about privacy tend to run the two-week pilot, see exactly how the controls work in practice, and wonder why they spent years reconstructing their days manually.

Book a demo to see the privacy controls firsthand - and find out how many billable hours your firm is leaving on the table.



5 Reasons Why Ajax Is Better Than Other AI Timekeeping Tools for Lawyers ›