Blind Justice

Inspiration

Legal professionals handle some of the most sensitive information in the world, including contracts, NDAs, merger agreements, litigation files, and privileged client communications. However, most LegalTech and AI-powered document tools today rely on centralized storage and traditional vector databases, where raw text or reconstructable embeddings can be exposed to administrators, cloud providers, or inversion attacks.

We were inspired by a fundamental question:
Can AI assist legal reasoning without ever seeing the underlying data?

Blind Justice was built to challenge the assumption that intelligence requires visibility, and to prove that privacy-first, zero-trust AI systems are not only possible, but necessary for the legal domain.

What it does

Blind Justice is a Zero-Trust Legal AI Data Room that enables law firms and legal teams to securely store, analyze, and query confidential legal documents using AI, without exposing raw data at any point in the system.

Key features include:

Secure document vault for contracts, NDAs, and legal files
Privacy-preserving AI-powered question answering
End-to-end encryption where raw document text is never stored or visible
Role-based access control for lawyers, reviewers, and administrators
Admin-level blindness, ensuring even system operators cannot view sensitive data
Graph-based relationship mapping between clauses, entities, and legal concepts
Immutable audit logs for compliance and traceability

The platform ensures that legal data remains blind to the infrastructure itself, living up to the name Blind Justice.

How we built it

Blind Justice follows a strict zero-trust architecture, designed to minimize trust assumptions at every layer.

Frontend

Built with React + Vite for fast, modern, and responsive UX
Secure authentication flows and role-aware dashboards
Document vault, AI query interface, and graph-based visualizations

Backend

FastAPI (Python) for authentication, authorization, and orchestration
JWT-based authentication with fine-grained role-based access control
Secure document ingestion and encrypted processing pipeline

Security & Storage Layer

Raw documents are processed locally, chunked, embedded, encrypted using AES-256-GCM, and then stored
Plaintext documents are never persisted
Protection against vector inversion and embedding leakage attacks
PostgreSQL for secure metadata storage and access control
CyborgDB used as a secure, privacy-preserving data layer for storing and querying encrypted embeddings and representations

AI & Intelligence Layer

Retrieval-Augmented Generation pipeline operating only on secured representations
LLMs generate answers without direct access to raw legal text
Graph layer models relationships between clauses, entities, and concepts without exposing document content

Audit & Compliance

Immutable audit logs tracking document access, queries, and system actions
Designed for compliance-heavy environments such as law firms and enterprises

Challenges we ran into

Designing AI workflows where models never directly access raw text
Preventing vector database inversion while retaining semantic search capabilities
Balancing strong cryptography with low-latency query performance
Enforcing zero-trust principles even for administrators and operators
Structuring legal documents to support graph-based reasoning while preserving privacy

Each challenge required rethinking conventional AI and database design patterns.

Accomplishments that we're proud of

Built a functional legal AI system where raw documents are never exposed
Achieved true zero-trust access, including admin-level blindness
Integrated CyborgDB to securely manage encrypted embeddings and queries
Designed a RAG pipeline resistant to common data leakage vectors
Delivered a production-grade architecture rather than a demo-only prototype

What we learned

Security-first AI design fundamentally changes system architecture
Traditional vector databases can be dangerous without cryptographic safeguards
Zero-trust is not just encryption, but eliminating unnecessary trust assumptions
Legal AI systems demand auditability, explainability, and strict access control
Privacy-preserving AI is harder to build, but significantly more impactful