Imagine you get into a car accident and confess to your lawyer, “the light had actually turned green before I looked up, I was on my phone before that.” Under American attorney-client privilege, that sentence cannot be pulled into court. Opposing counsel can’t get it, and the judge can’t compel you to repeat it. This is the core value of the privilege doctrine: it does not protect the innocent, it lets a client plan their response honestly with a lawyer even when they really are at fault. The previous piece described how, after the February 2026 Heppner ruling, if you had said the same sentence to ChatGPT or Claude, opposing counsel could simply take the transcript and use it as evidence.
So the natural next thought is: can we design a product that fills this gap? Something like a $20/month subscription where every conversation you have on the platform is automatically covered by attorney-client privilege, without signing a new engagement letter each time, without billing by the hour, without having to decide up front which messages warrant calling a lawyer. A Netflix for legal services: a flat monthly fee replaces the friction of pay-per-matter billing.
People have thought of this. The ones who did have already hit the wall. The most famous collision was DoNotPay, which billed itself as “the world’s first robot lawyer” and charged consumers $36 every two months to have an AI help them sue landlords, draft wills, write subpoenas. In 2023 the California State Bar sent a Cease and Desist. In September 2024 the FTC sued. In January 2025 DoNotPay was fined $193,000 and ordered to notify every subscriber from 2021 to 2023 that what the company had provided was not actual legal service. The detail of how it hit the wall is a little surprising. The FTC’s central charge was not that “the AI-generated documents were low quality,” but that the company “never tested whether its AI performed at the level of a human lawyer, and never hired attorneys to supervise AI output.” The problem was not AI technology. The problem was that the lawyer supervision structure around the AI did not exist.
LegalShield (16 million members), Rocket Lawyer (36 million members, already holding an Arizona ABS law firm license), Eudia Counsel, and UK-backed Lawhive ($115M raised, Google Ventures among the investors) are all operating in this problem space. Each of them compromises on one dimension. LegalShield and Rocket Lawyer tell users explicitly that platform conversations are not privileged. Eudia serves only B2B enterprise clients. Lawhive has moved away from pure subscription and now charges per matter. None of them has simultaneously delivered “$20 price point + AI auto-response + every conversation privileged.”
The core argument of this piece is that the idea runs into an impossible triangle. The three vertices are:
Vertex A: a price point consumers will pay ($20-50/month range, corresponding to a large enough target user pool).
Vertex B: AI auto-response, without a human lawyer involved in every conversation. This is the product’s core value and the precondition for the “subscription” form itself. If every question requires a real lawyer taking over, the model collapses back into hourly billing.
Vertex C: every conversation occurs within a real attorney-client relationship. This vertex determines two things simultaneously: whether the conversations can be covered by attorney-client privilege, and whether the platform is engaged in lawful legal practice at all (otherwise it runs into UPL, unauthorized practice of law). Without an attorney-client relationship, there is no privilege and there may also be UPL exposure.
Any two of these vertices are compatible; all three together are not. Pick AB and drop C: that is the LegalShield and Rocket Lawyer route. $30-40/month, mostly AI and self-service tools, platform conversations not privileged, users told they are receiving “legal information” not “legal advice.” Pick AC and drop B: that is the traditional small-firm subscription route. Every conversation involves a human lawyer, but lawyer capacity is finite, and the per-user economics push the price above $200/month, out of consumer range. Pick BC and drop A: that is the Eudia Counsel style of AI-augmented ABS firm. Enterprise-grade AI plus real attorney supervision forms a complete Kovel architecture, but the firm only handles B2B contracts and M&A diligence, with ticket sizes well above the consumer tier.
DoNotPay tried to have all three. The result was a $193,000 FTC fine in January 2025 and Cease and Desists from multiple states. They did not find a fourth path. They simply had not yet accepted that the impossible triangle exists.
The rest of this piece lays out the constraint behind each edge. Why the AB edge cannot reach C (the realism Kovel demands of “attorney supervision”), why the AC edge cannot reach B (the unit economics of subscription law firms), and why the BC edge cannot reach A (the absolute cost of ABS compliance infrastructure). After reading, when someone next pitches “a $20/month AI law firm,” you can quickly locate which corner of the triangle they are entering from and which edge they are giving up.
Start with the AB edge. Suppose you have already achieved “consumer price point + AI auto-response” and now want to add vertex C, “every conversation within an attorney-client relationship.” Why does this not work?
Under the framework the Heppner ruling confirmed, attorney-client privilege requires three elements simultaneously: the communication must occur between lawyer and client; the user must have a reasonable expectation of confidentiality; the communication must be for the purpose of obtaining legal advice. AI is not a lawyer, so the first element fails automatically. The only remaining path is the door Judge Rakoff left open in Heppner: invoke the agent theory established by United States v. Kovel in 1961. If a lawyer retains a non-lawyer (accountant, translator, legal assistant, technical expert) to assist in providing legal services, and that agent works under the lawyer’s direction and supervision and is bound by confidentiality, then the client’s communications with the agent can share the privilege chain.
Applied to an AI subscription law firm, this means that for all user conversations to be protected, the product must be designed in the following form. Each time a user opens a conversation, the system must substantively match them to a real licensed attorney. The AI is that attorney’s “tool.” The conversation happens under the attorney’s direction and supervision, and the attorney bears legal responsibility to the client for the conversation. What the user says to the AI must be interpretable as “expressing something to the lawyer via the AI,” and what the AI generates must be interpretable as “advice given by the lawyer with AI assistance.”
Ogletree, Venable, and Akerman all reach the same conclusion: this path is doctrinally possible, but only with an enterprise-grade AI contract (no training on user data, zero data retention, explicit confidentiality terms) plus genuine attorney direction and supervision plus a written Kovel-style engagement. The technical conditions can be secured by contract and architecture. What is genuinely hard is “genuine attorney direction and supervision.”
Where does the difficulty sit? If the platform has one million subscribers, each asking one or two questions a month, that is one to two million “AI conversations under attorney supervision” per month. For those conversations to actually have attorney involvement, you either route each conversation to a human attorney for review (which forces you off the AB edge, into vertex C and out of A), or you let a small group of attorneys “broadly supervise” an AI system. This latter form of “statistical supervision” has no case law support under Kovel. Kovel itself involved a single attorney retaining a single accountant for a single specific client.
This is also the root of DoNotPay’s UPL exposure. Their “robot lawyer” had no attorney involved in any meaningful sense in user conversations, so they could neither claim privilege nor comply with UPL rules (state bars found this constituted “non-lawyer practice of law”). The only way to keep C while staying on the AB edge is to put a lawyer into every conversation, and the cost of that is the subject of the next edge.
With the AB edge analyzed, shift to the AC edge. Suppose you give up on “AI auto-response” and accept that a real attorney participates in every conversation (securing vertex C) while holding to $20/month (vertex A). This edge has been walked for fifty years, in the form of traditional subscription law firms and LegalShield-style membership models. The question is whether you can deliver the density of experience that an AI subscription firm imagines.
Reference data for subscription firms comes from the incumbents. Rally Legal’s analysis of subscription economics, drawing on One400 data, puts subscriber utilization rates at 25-30%. That means $20/month × 1,000 subscribers = $20,000/month of revenue, corresponding to roughly 250-300 actively using subscribers. If each of them wants a 30-minute attorney consultation per month, that is 125-150 hours of attorney time per month. A full-time licensed Arizona attorney works roughly 160-180 hours per month, so those 1,000 subscribers essentially consume one attorney’s full capacity.
The pivotal question is what that attorney costs. A licensed Arizona attorney, even a junior one, earns at least $80,000-120,000 per year, which is $6,700-10,000 per month in total cost. Add the Compliance Lawyer annual fee of $9,000 (about $750/month amortized), the ABS annual license fee of $9,000, enterprise-grade AI infrastructure and ZDR contracts, plus software development, customer support, marketing, insurance, and E&O liability coverage. Put these together, and 1,000 subscribers × $20 = $20,000/month of revenue probably cannot cover one attorney plus the compliance stack.
And this calculation assumes “30 minutes of attorney consultation per subscriber per month,” which is already a restrained usage assumption. The “AI subscription law firm” fantasy has users expecting unlimited frequency to talk with an AI about any legal matter. If average usage rises to 2-3 hours per subscriber per month, the same attorney capacity only serves 200-300 subscribers, corresponding to $4,000-6,000/month of revenue. The math gets worse.
LegalShield, a subscription legal services company with fifty years of operating history, provides a reverse calibration. Their base individual subscription runs $29.95/month (annual) to $35.95/month (monthly), 16 million members, more than 900 provider firm attorneys. Note that they do not promise privilege. Their service is explicitly described as “attorney referral and consultation.” The user’s conversations with platform support are not privileged; only the phone call with a provider firm attorney is potentially a privileged communication. The reason they can run on $30 is precisely that their product is not “all-conversation privilege” but rather “pay a monthly fee to buy access to an attorney phone hotline.” The front-of-platform interactions (queries, document templates, non-urgent consultation) are lightweight non-privileged interactions; only when something goes wrong does a phone call trigger a real attorney-client relationship. On the impossible triangle, LegalShield stands clearly on the AB edge, having given up C.
Rocket Lawyer’s $39.99/month subscription has the same shape. Platform AI Q&A and “Legal Pro” consultation are officially declared “private and secure, but not covered by attorney-client privilege.” Only when a user separately signs the RLPS Services Agreement and pays additional fees do they get truly privileged legal advice. In other words, Rocket Lawyer already fully owns an Arizona ABS license and AI infrastructure, and they still choose not to put all platform conversations inside the privilege perimeter. That is a commercial decision, not a limit of legal capacity. This choice matters: if “$39.99/month + all-conversation privilege” were actually buildable, Rocket Lawyer would not be leaving it to a competitor.
Finally the BC edge. Suppose you give up the consumer price point and focus on “AI auto-response + attorney-client coverage for every conversation.” This is the technically most rigorous choice and the legally cleanest path. The question is how high it pushes the price, and why it drifts away from the consumer segment.
Start with the basic regulatory constraint. American legal practice has a rule called ABA Model Rule 5.4, adopted almost verbatim in most states. The ABA text forbids lawyers from sharing fees with non-lawyers, forbids non-lawyers from holding ownership in law firms, forbids non-lawyers from directing a lawyer’s professional judgment. This rule is a hard constraint for anyone trying to combine “non-lawyer tech company + attorney services”: you cannot have a Delaware-incorporated tech company hold equity in a law firm; you cannot route part of attorney revenue back to the platform as “subscription share”; you cannot have a platform product manager set KPIs on a lawyer’s legal judgment.
Among the fifty states, only two have relaxed this rule. Arizona abolished Rule 5.4 entirely on January 1, 2021 and set up the Alternative Business Structure (ABS) regime permitting non-lawyer ownership and management of law firms. Utah established a two-year regulatory sandbox in 2020. Stanford’s five-year retrospective in 2025 reports that more than 150 ABS firms are currently operating in Arizona. Rocket Lawyer received an Arizona ABS license in September 2024 and set up Rocket Legal Professional Services (RLPS). In early 2025 the AI startup Eudia’s law firm subsidiary Eudia Counsel also received an ABS license. UK-backed Lawhive registered a firm in Arizona and, on the back of a $60M Series B led by Google Ventures, is acquiring American consumer law firms; Matters and Models reports they are “adding roughly one attorney per day.”
Arizona comes with two additional constraints. First, an ABS must retain an Arizona-licensed Compliance Lawyer at $9,000 per year and submit semi-annual compliance reports. Second, the Arizona Supreme Court amended its rules in late 2024 to require that ABS firms actually provide legal services within Arizona, rather than operate purely as “cross-state referral” structures (Bloomberg Law coverage). This new rule directly targets operators that “use an Arizona shell to cover fifty states.”
Then there is the second independent obstacle Rakoff cited in Heppner: the privacy policy. Rakoff stated that Anthropic’s consumer Claude privacy policy permits disclosure of data to government regulators, and that alone was enough to defeat privilege. If your subscription law firm uses the OpenAI or Anthropic API as its foundation, OpenAI’s terms of service also permit disclosure upon subpoena (OpenAI’s second-half 2025 transparency report shows 62 content requests involving 84 accounts were complied with). To preserve privilege, your ABS firm must sign an enterprise-grade zero-data-retention agreement (ZDR agreement) with the AI vendor and expose that agreement as part of its terms of service.
Add these costs up. Enterprise-grade AI infrastructure and ZDR contracts ($5,000-20,000/month starting range), Arizona-licensed attorney supervision ($6,700-10,000/month per attorney, scaling linearly with active user count), Compliance Lawyer and ABS annual license ($1,500-2,500/month), E&O liability insurance (consumer litigation risk well above enterprise), Kovel-style engagement infrastructure (every conversation requires an auditable record of attorney direction), and data compliance plus interstate service limits (this is no longer a nationally uniform product). Eudia Counsel’s choice is to target B2B enterprise clients, because enterprise clients will pay tens to hundreds of thousands of dollars per year for a Kovel-grade architecture, so all compliance costs are absorbed by the high ticket size.
The only known attempt to take this path down to the consumer segment is Lawhive, whose response is to acquire traditional law firms and layer AI automation on top. Compliance costs are amortized over the existing firm’s revenue base, and AI is used to gradually compress attorney time cost. This is a clever financial architecture, but the unit economics are not pure subscription, they are per-matter billing. On the impossible triangle, Lawhive actually stands somewhere along BC in a compromised position, giving up the subscription form itself, let alone a $20/month consumer price point.
All three edges are blocked, and the instinctive next move is to change the question. If making the judge “able to reach it but unable to use it” (the privilege path) is this hard, can we make the judge “unable to reach it at all”? In other words, build the product as end-to-end encrypted with ephemeral messages, so the platform server retains no conversation and a subpoena served on the company pulls nothing out.
Technically this is not a hypothesis, it is an already mature product category. Signal founder Moxie Marlinspike launched Confer in December 2025, using E2EE + passkey + WebAuthn PRF + Trusted Execution Environment + remote attestation so that even Confer cannot read user conversations. OpenSecret’s open-source project Maple AI runs models inside secure enclaves. Proton Lumo uses bidirectional asymmetric encryption to achieve zero-access encrypted chat history, deleted immediately after processing. Pricing sits in the consumer range, and both Confer and Lumo have free tiers. When Signal itself receives a subpoena, the only things it can produce are account registration date and last connection date. This architecture is real and usable, not vaporware.
This path is blocked not because the technology cannot be built, but because the law does not allow you to use it when you most need to.
The key distinction: what you actually want is “the court cannot produce it as evidence.” That requires two sub-conditions to hold simultaneously.
Sub-condition one: a third-party platform cannot produce your data. E2EE and ephemeral messaging can deliver this. Confer and Lumo genuinely cannot produce plaintext when served, because the server does not have it. This is cleaner than OpenAI’s ZDR contract. ZDR is “contractually agreed non-retention”; E2EE is “physically incapable of retention.” Technically this condition is fully satisfied.
Sub-condition two: the court cannot compel “you yourself” to produce that data. This is where the ephemeral path hits a wall. The wall is not technology, it is not Rule 5.4 regulation of law firms, it is the evidence preservation rules of American civil procedure. Federal Rule of Civil Procedure 37(e) plus the common-law duty to preserve state that once you “reasonably anticipate litigation,” you have an obligation to preserve all relevant electronically stored information. Receiving a demand letter, receiving a government subpoena, or even simply having a dispute escalate to the point where you recognize that litigation is possible, all trigger this duty. From that moment you must actively turn off all auto-delete features. It is not “technically impossible to delete,” it is “legally impermissible to let it auto-delete.”
A string of cases has already attached this rule to ephemeral-messaging products. Herzig v. Arkansas Foundation for Medical Care (W.D. Ark. 2019): an employee installed Signal and enabled disappearing messages only after being sued; the court found this to be “intentional bad-faith destruction of evidence” and “abuse of judicial process.” FTC v. Noland (D. Ariz. 2021): executives of a suspected pyramid scheme switched to Signal auto-delete after receiving an FTC investigation; the court issued an adverse inference instruction (permitting the jury to assume deleted content was unfavorable). Pable v. Chicago Transit Authority (Seventh Circuit 2025): the plaintiff deleted Signal messages discussing the case, and the case was dismissed outright. FTC v. Amazon (2024): the FTC alleges that Bezos and Amazon executives used Signal auto-delete during the antitrust investigation; trial is set for March 2027. Google v. Epic Games: Google’s chat history being turned off by default was found to be spoliation; the court issued an adverse inference instruction, which directly helped Epic win the antitrust judgment. DOJ and FTC jointly updated guidance in January 2024 stating explicitly that ephemeral messaging is subject to the preservation duty, and DOJ has gone so far as to describe such applications as “designed to hide evidence.”
In these cases the technology is off-the-shelf and the usage is something any ordinary person would think of. What they lost was not technical feasibility. What they lost was a legal duty. The courts are uniform: using a tool that auto-destroys conversations to discuss case matters during a period when preservation is owed is, in itself, an act of destroying evidence. The act of using the tool is the violation, not the fact that “the data happens to not exist.”
Translating this to product form: the lawful usage window for ephemeral AI exists only during periods when you do not reasonably anticipate litigation. During those periods, what you discuss physically does not exist afterward, not stored by the platform, not used for training, not reachable by subpoena, and no one can accuse you of intentional destruction. But once a demand letter arrives, a subpoena is served, a regulatory investigation opens, the product form has not changed, the features have not changed, continuing to use it simply switches from lawful to unlawful.
This loops back to confirm a detail of the Heppner ruling that is often overlooked. Heppner’s 31 Claude conversations were generated after he received the grand jury subpoena. If he had been using something like Confer at that point, the conversations would physically not be on the server or on his computer, technically clean, but the duty to preserve had already been triggered, and the act of destruction itself would still be unlawful and could still support an obstruction-of-justice charge by the FBI. The technology takes no blame. The timing does.
So ephemeral messaging does not bypass the triangle. It opens a parallel quadrant of everyday privacy outside the triangle. That quadrant has real demand, real players, and reasonable pricing under $20. The question it answers is “I don’t want the platform to steal/train on/sell my conversations,” not “I want these conversations to be unreachable in a future lawsuit.” The two are often conflated, but the legal consequences diverge completely. Confer, Lumo, and Maple AI are reasonably positioned as “Signal for AI chat,” targeting the same privacy consumer profile that Signal does, not litigants.
Draw a boundary for this path: you can promise “we cannot produce it,” you cannot promise “you are legally exempt from producing it.” Making the latter promise gets you hit by the FTC the same way DoNotPay was (misleading users into destroying evidence they were required to preserve could constitute conspiracy to commit obstruction of justice). Honestly marketed, it is a very good privacy product, but it is not the answer to the Heppner problem.
There is no “hidden fourth path” in the middle of the triangle. What you can do is push one edge to its limit, or wait for the regulatory regime itself to change.
One path is an Arizona-only ABS serving only Arizona residents. Narrowing the client pool to a single state satisfies the new rule (ABS must actually provide services within Arizona), attorney resources are manageable, and the compliance architecture can be kept light. The market size is capped: Arizona’s total population is 7.3 million, and using LegalShield’s 1-2% consumer penetration as a ceiling, that is 70,000-150,000 possible subscribers, or $1.4-3 million in monthly revenue at $20/month. Enough for a small company, not enough for a VC-scale growth story.
A second path is tiered pricing. A $20/month base subscription provides “AI information” (not legal advice, no privilege claim); an $80-150/month upgrade provides “AI conversations under attorney supervision” (privilege, but requiring a separate engagement). This is what Rocket Lawyer does today. The real question is what value the $20 tier actually delivers. If it is just “a ChatGPT wrapper,” why wouldn’t users just subscribe to $20 ChatGPT Plus? Rocket Lawyer’s answer is a large library of legal document templates combined with AI chat. Without that content inventory, the $20 tier struggles to stand on its own.
A third path is reframing “subscription” as “insurance”. This is the model LegalShield has run for fifty years. The monthly fee is the premium for “being able to call a lawyer when something goes wrong,” not the subscription for “chatting with an AI lawyer every day.” This path does not need to solve AI auto-privilege, because the user’s core value is not the chat experience, it is “a lawyer who really picks up the phone when something actually goes wrong.” In this model AI is customer-service automation, not the product itself.
A fourth path is waiting for legislation. Georgia Tech privacy scholar Peter Swire has proposed an “AI privilege” legislative framework, limited to the narrow case where “a chatbot explicitly takes on the role of a lawyer or doctor.” If Congress or a handful of states legislate such privilege over the next few years, the product design constraints loosen substantially. There is no confirmed legislative timeline, so betting a startup on this is betting on a traffic light with no known arrival time.
Back to the opening idea: “$20/month subscription, everything you tell me counts as something you told a lawyer.” One-line answer: this product requires all three vertices at once, and under current legal and economic constraints it does not exist. All three pairwise combinations have been market-tested and each is a viable business model, but none corresponds to the imagined “consumer + AI auto-response + all-conversation privilege” position.
This does not mean there is no room for innovation. Real opportunities lie in pushing one edge to its limit. First, doing the AB-edge “insurance-style monthly fee + attorney phone hotline when something breaks” better (AI handles intake and triage, not lawyering itself); Rocket Lawyer and LegalShield still have room before the ceiling. Second, going deep on BC within Arizona alone (compliance cost amortized across in-state volume, the cleanest legal form); market size is capped by Arizona’s 7.3 million people. Third, B2B enterprise legal services (the Eudia path), where a high ticket size covers Kovel-grade architecture.
For the impossible triangle to loosen meaningfully for consumer-facing players, at least one of two things probably needs to happen: states outside Arizona also open up Rule 5.4 (currently only the Utah sandbox, which is temporary by design), or the legislature recognizes some form of “AI privilege.” Until one of those happens, “$20/month, everything protected” is a product intuition, not a product blueprint an architect can actually draw.
The next time someone pitches this idea, the question to ask is: which vertex are you planning to give up? If the answer is “none,” that is the DoNotPay path, and there is already a $193,000 fine and multi-state Cease and Desist as a warning. If the answer is “giving up C,” that is the position LegalShield already occupies, and new entrants must explain why they beat a 16-million-member incumbent. If the answer is “giving up A,” it is no longer a consumer product; find B2B clients. If the answer is “giving up B,” you are back at traditional solo practice with AI as a tool, not as the product protagonist.
Is this problem worth caring about? My judgment is yes. The real question Heppner opened is not “Heppner was unlucky.” The real question is that ordinary people doing everyday AI use have no legal firewall at all. The gap is broad enough and common enough that sooner or later someone will push an institutional or product response. The response does not have to take the shape of “$20/month all-conversation privilege.” It could be several states legislating AI privilege. It could be enterprise-grade AI infrastructure trickling down to consumers. It could be subscription firms merging with traditional attorney networks. What is worth betting on is not “build this product today,” but watching which of three things moves first: Arizona ABS licensing expanding to other states, the first affirmative Kovel ruling in an AI context, and any state proposing AI privilege legislation. Whichever moves first will change the constraints of the impossible triangle itself, and will change the range of product blueprints that can be drawn.