
Is AI Timekeeping Safe for Law Firms? A Real Answer
# Is AI timekeeping safe for law firms? A real answer
When we demo Ajax, the security question comes up in the first fifteen minutes, every time. Usually phrased carefully. Sometimes phrased as "so you're reading privileged documents?"
Fair question. You're an attorney; confidentiality isn't a preference, it's Rule 1.6. Any tool that watches lawyers work should get grilled, ours included. So here's the grilling, done for you: what these tools actually capture, where the data goes, and the exact questions that separate serious vendors from sketchy ones.
We build Ajax, so we'll use ourselves as the worked example. The checklist at the end applies to anyone you evaluate.
What capture actually means
AI timekeeping tools watch work happen and turn it into time entries. The inputs vary by product: some read activity data from connected apps (email metadata, calendar events, document names), and some, like Ajax, read the content on screen so the drafted entries reflect the actual work.
Reading the work is the point. It's also exactly why your diligence should be aggressive. The right posture isn't "is this category safe," it's "show me the controls."
The controls that matter
Who sees what. This is the question attorneys care about most, and it has a clean answer done right: each timekeeper's captured activity and draft entries are visible to that timekeeper alone. Nobody at the firm, including managing partners and admins, can browse anyone's screen activity. What the firm sees is rolled-up reporting and whatever entries the attorney chooses to release. If a vendor's answer here is fuzzy, stop the evaluation.
What never gets captured. You should be able to exclude things from tracking entirely, and with real granularity. Ajax's blacklist works three ways: name an app (it becomes invisible to capture), name specific web pages, or give it a text string and any window whose title contains it is never captured. Put "MyChart" or your bank's name on the list and those windows simply don't exist as far as Ajax is concerned. Step away from the computer and capture notices the inactivity within a few minutes and stops attributing time.
How long raw data lives. Capture produces sensitive raw material, and the safest data is deleted data. Ajax deletes raw captured data automatically and permanently on a rolling basis, and processed data like draft narratives and calendar events on the same principle. What persists long-term is what you'd expect: the time entries themselves, which are your billing records.
Where AI processing happens, and on what terms. Modern tools use large language models to draft narratives. The contractual details matter more than the brand names: Ajax has zero-data-retention agreements with every AI subprocessor, and all of them are contractually prohibited from training models on firm data. Your client's merger doesn't become anyone's training set. Ask every vendor for this in writing.
The boring fundamentals. Encryption in transit and at rest. SOC 2 audit (Ajax holds a SOC 2 Type I, with Type II underway). Single sign-on with your identity provider (Okta, Microsoft Entra, Google) so your IT team controls access centrally. None of this is differentiating; all of it is disqualifying when absent.
The professional responsibility angle
Two rules do most of the work here.
Rule 1.6 requires reasonable efforts to prevent unauthorized disclosure of client information. Vendor diligence is literally your reasonable-efforts obligation: data handling, retention, subprocessor terms, breach history. The checklist below maps to it.
Rule 5.3 (and, for AI specifically, ABA Formal Opinion 512) puts lawyer supervision over technology-assisted work. AI timekeeping fits that frame cleanly because a lawyer reviews every entry before it's released and billed. The AI drafts; the lawyer decides.
One more that surprises people: contemporaneous capture is arguably a compliance improvement. Hourly bills are supposed to reflect actual time worked. Entries recorded as work happens are more accurate, and more defensible in a fee dispute, than Friday-afternoon reconstructions from memory.
The vendor checklist
Send this to any AI timekeeping vendor, ours included, and require written answers:
Can firm administrators or partners view individual timekeepers' captured activity or unreleased drafts? (Right answer: no.)
Can users exclude specific applications from capture? How?
How long is raw captured data retained, and is deletion automatic?
Which AI subprocessors touch our data, and do you have zero-data-retention agreements with each?
Is any of our data used to train models? (Right answer: contractually prohibited.)
Is data encrypted in transit and at rest? Where is it hosted?
What third-party audits do you hold (SOC 2), and can we see the report under NDA?
Do you support SSO with our identity provider?
What's your breach notification commitment, in hours?
When we leave, how fast is our data deleted, and how is that certified?
A serious vendor answers all ten in one email. Evasion on questions 1, 4, or 5 is your cue to walk.
Our honest summary
Is AI timekeeping safe? Built correctly: yes, and the controls are checkable rather than a matter of trust. The capture layer needs private-by-default design, aggressive deletion, and airtight subprocessor terms. That's exactly where your diligence should push, and vendors who've done the work will welcome the push.
If you want the deeper technical comparison of capture approaches, read screen capture vs. API-based timekeeping. And if you're an associate wondering what your own firm can see, we answered that directly in can my boss see what I'm doing?
FAQ
Is AI timekeeping safe for confidential client work?
Yes, when the tool is built for law firms: capture private to each timekeeper, automatic rolling deletion of raw data, encryption, and contractual bans on AI vendors retaining or training on firm data. Verify each control in writing rather than taking the category on faith.
Can law firm management see what attorneys do on their computers?
Not in Ajax. Captured activity and draft entries are visible only to the individual timekeeper. Management sees rolled-up reporting and released entries, never screens or drafts. Ask any vendor this exact question before buying.
Does AI timekeeping violate attorney-client privilege?
Recording your own work for billing purposes is handled the way firms handle any technology vendor under Rule 1.6: through data controls and contract terms. The diligence checklist above covers what to verify, and your ethics counsel can confirm how that maps to privilege in your jurisdiction.
Do AI timekeeping vendors train models on firm data?
They shouldn't, and you should get it in writing. Ajax's AI subprocessors operate under zero-data-retention agreements and are contractually prohibited from training on firm data.





