LegalTech due diligence in 2026 · what to actually check before you sign

Legal-tech vendors all say 'privilege-aware'. Here's the 12-point due-diligence checklist we run before our law-firm clients sign.

Last verified06 May 2026

By Dezső MezőFounder, DField Solutions

ShareX LinkedIn#

LegalTech due diligence in 2026 · what to actually check before you sign

Every LegalTech sales deck says 'privilege-aware', 'attorney-built', 'SOC 2 compliant'. Half of them haven't read their own DPA. Here are the 12 questions we make every law firm we advise put in writing before signing.

Data + privilege (1-4)

Where does our data live? (City + country, not just 'EU')
What's the retention default, and can we change it without an enterprise plan?
Are we opted out of model training by default, contractually?
What's the breach-notification SLA in hours, not days?

Workflow (5-8)

Show me the privilege-preservation flow when a document is shared internally · screen-share, not slides
Can we export the matter / case in a format we can take to another vendor?
Is there a conflict-check API or are we manually re-keying?
Show me the per-user, per-document audit log · the regulator will ask

Architecture (9-12)

What's the encryption-at-rest story · key custody included?
Is there an on-premise / private-cloud option for the M&A and IP work?
What's the exit clause · 30 days? 90? Data + format?
Full sub-processor list · who else touches our data?

If a sales rep can't answer 9 of these on the second call, the answer is no. We've watched firms sign anyway and pay 5-figures to migrate out 18 months later.

How we help

We sit on the technical-eval call as the firm's outside engineer · ask the questions, read the SOC 2 Type II, push back on the standard MSA. One-week engagement, fixed price. The output is a go / no-go memo + redlined contract.

ShareX LinkedIn#

Dezső Mező

Founder, DField Solutions

I've shipped production products from fintech to creator-tooling · for startups and enterprises, from Budapest to San Francisco.

ABOUT Let's talk

Keep reading

22 Apr 2026·10 min read

Agentic AI · the safe tool-use pattern we ship by default

Agentic AI that can send email and move money is not just a chatbot. Here's the safe tool-use pattern we ship.

Read

20 Apr 2026·11 min read

What an AI security audit actually checks in 2026

AI security isn't a checkbox. Here's the nine-point audit we run on every LLM system we ship, plus which bugs turn up most often on systems we didn't build.

Read

18 Apr 2026·11 min read

LLM prompt injection playbook · the 2026 attack surface

The prompt injection surface is not a single bug · it's five categories, each with a distinct defence. Here's our playbook.

Read

RELATED PROJECTS

AI solutions · Websites, web apps & online shops · Mobile apps · iPhone & Android · 2026AIHealthIQAI reads your wearable data, spots changes, recommends treatment and lifestyle tweaks.

AI solutions · Websites, web apps & online shops · 20263D AI PropertyAI-generated 3D properties and interiors, walkable in FPV · with a manual editor and drone view.

AI solutions · Cybersecurity · Websites, web apps & online shops · 2026Use AI EasilyAn AI firm's website · home of Hungary's first dedicated AI-security practice.

Let's talk

Would rather build together?

Let's talk about your project. 30 minutes, no strings.

Let's talk