Security First Infrastructure
Your Data Stays Put.
Our Engine Does the Work.
Arivu.Legal is not a document repository. It is a specialized intelligence infrastructure built to activate the legal knowledge already residing in your SharePoint Online environment.
Zero-Trust Legal AI:
In-Tenant Security Architecture
Arivu.Legal leverages native Microsoft 365 APIs to deliver Generative AI without moving data outside your organization’s security boundary.
Our architecture is designed on the principle of Zero-Trust. By utilizing delegated permissions and Microsoft’s native Graph API, we ensure that the “System of Intelligence” functions as a natural extension of your “System of Record,” maintaining a unified security perimeter.
Technical Overview
API Integration: Direct connection via Microsoft Graph for real-time document discovery and metadata sync.
Identity Management: Authentication handled exclusively via your firm’s primary Entra ID (Azure AD).
Boundary Enforcement: Data processing occurs within scoped, volatile memory environments that clear after execution.
The Data Sovereignty Standard
Unlike legacy legal tech “integrations” that rely on syncing document copies to third-party cloud repositories, Arivu operates on a Zero-Storage principle for client data.
01
No External Indexing
We utilize your existing SharePoint Online Search Index. We do not build “shadow” databases of your firm’s IP, ensuring your document governance remains centralized.
02
Ephemeral Processing
Document analysis occurs in volatile memory. No text chunks or embeddings are stored on Arivu-owned disks, preventing data persistence outside your control.
Architecture Snapshot
// Auth Layer
OAuth 2.0 / OpenID Connect (Entra ID)
// API Surface
Microsoft Graph API (Scoped Permissions)
// AI Inference
Azure OpenAI (Private Instance)
// Data Boundary
Customer-Defined M365 Tenant
The Security Advantage of a
Resident Agent
Traditional legal AI requires an “External Agent”—a third-party cloud that acts as a bridge, pulling data out of your environment. Arivu deploys a Resident Agent that executes entirely within your security perimeter.
Zero Data Bridges: Eliminates the need for external data synchronization or shadow repositories.
Ephemeral Reasoning: The agent’s “brain” is ephemeral. It uses Just-In-Time tokens to reason over files, ensuring it never bypasses your established M365 security walls.
// Resident Security Logic
“By living ‘residentially’ on SharePoint, the agent inherits your existing DLP policies, sensitivity labels, and retention schedules automatically. It cannot see what the user cannot see.”
Security Comparison: Arivu vs. Legacy Connectors
Legacy “Universal Pickers”
✕
High-Privilege Service Accounts
Requires global administrative permissions that bypass individual user restrictions.
✕
Synchronizes ACLs
Must mirror and store your SharePoint permission tables in a 3rd-party database
✕
External Data Egress
Data migrates to external clouds for indexing and AI “Agent” processing.
Arivu Native M365 Layer
✓
High-Privilege Service Accounts
Requires global administrative permissions that bypass individual user restrictions.
✓
Synchronizes ACLs
Must mirror and store your SharePoint permission tables in a 3rd-party database
✓
External Data Egress
Data migrates to external clouds for indexing and AI “Agent” processing.
Multi-Geo Support
Global Data Residency
For global firms, Arivu supports Multi-Geo SharePoint environments. Our compute clusters are deployed in alignment with your data residency requirements.
● Regional compute affinity to minimize latency and satisfy local sovereignty.
● Full compliance with GDPR, CCPA, and UK Data Protection Act.
● Localized Azure OpenAI endpoints ensure firm IP never leaves specific regions.
Data Storage
Zero original document storage. Arivu holds only the metadata required for reasoning. Your source files remain in your controlled environment at all times
User-Context
Native ACL Respect. The engine only processes what the user is permitted to see via their existing Microsoft 365 permissions.
Private Compute
Isolated Inference. No public model training occurs on your data. Your inputs and proprietary reasoning never leave the enterprise trust boundary.
Architecture & Data Flow
Secure OAuth 2.0 flow between your SharePoint Tenant and Arivu Private Compute Layer.
Step 1
Scoped Discovery
Agent uses Graph API to identify legal documents via delegated user permissions.
Step 2
Legal Analysis
Processing in volatile memory to extract Legal DNA (Markers/Clauses).
Step 3
Workflow Delivery
Synthesized intelligence pushed directly to Word/Outlook sidebars.
SharePoint to Resident Agent in 14 Days
Day 1
Auth
Entra ID handshake and OAuth setup.
Day 3
Discovery
Mapping Matter structures in SharePoint Online.
Day 7
Activation
Clause extraction within your secure boundary.
Day 14
Deployment
Resident Agent active and accessible across Word & Outlook.
IT Infrastructure FAQ
How does Arivu authenticate?
Arivu uses Entra ID (formerly Azure AD) for SSO. We utilize OAuth 2.0 delegated scopes, meaning the application can only access data the authenticated user already has permissions to view in SharePoint.
Is our data used to train LLMs?
No. Arivu connects to your private instance of Azure OpenAI or your preferred in-tenant LLM provider. Your data is not available to the model provider (OpenAI) for training or service improvement.
How do Ethical Walls work?
Because Arivu is a native layer on SharePoint, any “Ethical Wall” or “Information Barrier” configured in Microsoft 365 is instantly enforced. There is no latency in permission updates.
Does Arivu train on customer data?
No. Customer documents are never used for model training.
How are ethical walls enforced?
Arivu relies on native SharePoint and Entra ID permissions.
Is multi-geo supported?
Yes. Arivu aligns with Microsoft 365 multi-geo deployments.
Built for Enterprise Trust
Explore how Arivu’s architecture enables secure, matter-aware Legal AI inside Microsoft 365.