The Private Agent

Where does your client data live while the AI works?

Here, it lives with you. The agent acts inside your infrastructure; the reasoning is rented per use.

Book an intro call See how it works

Outside Your Walls

The Brain Reasoning, rented per use
No data retention

Your Infrastructure

The Hands Acts in your systems
Client data stays here

Rent the brain. Keep the hands.

The three parts

Between handing client data to someone else's cloud and avoiding AI altogether, there is a third option. It rests on one separation.

Rented per use

The brain

The reasoning comes from Claude, built by Anthropic, used through its commercial API. It decides what happens next: which client to remind, what to say, whether an uploaded file is the document that was requested. It keeps none of your files. Each request shows it the context for one decision; it reasons, answers, and the exchange ends.

Firm's infrastructure

The hands

The part that acts is a small runner that lives inside infrastructure the firm controls: a machine in your office, or a private server rented in the firm's name. The hands read the engagement checklist, send the emails and texts, receive uploads, file the documents and write the log. Client documents land on the firm's storage and stay there.

Open standard

The tunnel

The brain and the hands talk through a secure tunnel built on Anthropic's open MCP standard. It carries instructions and the minimum context a single decision needs. Think of it as a phone line between the two: conversations pass through it; your filing cabinet does not.

One document request, end to end

It is ten days before a filing deadline. A client's T4 is still missing.

The runner, inside the firm's infrastructure, reads the engagement checklist and flags the missing T4.

It asks the brain, through the tunnel, for the next step. The brain sees the context for this one decision: this client, this missing slip, two email reminders already sent.

The brain decides it is time to try a different channel. It drafts a short text message in the firm's tone and includes a secure upload link. The decision returns through the tunnel to the runner.

The runner sends the text from the firm's own number, with the opt-out CASL expects. The client taps the link and uploads the T4 from their phone. No account to create, no app to install.

The document lands on the firm's storage and the runner writes the log: what happened, when, and which content was part of which decision. The engagement checklist updates. The partner sees the status without asking.

Where does client data live? On the firm's infrastructure.

Who can read it? The firm, and the model for the moments it reasons about a single step.

Can you prove it? The log was written while the agent worked.

What this does not remove

You should hear the limits from us rather than discover them on a vendor call. Three are worth naming.

The model sees what it reasons about. When a step needs the brain to read something, including checking that an upload is the T4 it claims to be, that content passes through Anthropic's API while the decision is made. Anthropic's commercial terms state that data submitted through the API is not used to train its models. That term is contractual and it matters, and you should read it the way you read any vendor's terms, including what they say about retention.

The reasoning crosses the border. API processing does not happen on your premises, and you should assume it happens outside Canada unless your agreement says otherwise. The design answer is to keep what crosses small: files rest at the firm, individual decisions travel, and the log records when a document's content was part of one.

It is more work than a toggle. A toggle arrives in an afternoon. A private agent is a project: it gets installed and operated, and someone has to answer for it. For some firms and some jobs, the toggle is the right amount of machinery. If the honest answer in your case is "start with the toggle," we will say so.

Who owns what

Two things live in two different buckets, and they stay there.

Belongs to the firm

Data, integrations, workflows

Your data, your integrations, and the workflows built for your business are always exportable, always portable. They live on infrastructure you control. If you leave, they go with you.

A service, rented per use

The intelligence layer

The part that reasons and orchestrates the agents is a service Axera operates and you rent per use. It is not code sold to you. If you stop, the service stops. Nothing has to be handed back because nothing left.

Exit is 30 days notice. The price you sign is locked for 12 months. Booking the architecture call commits you to nothing.

Proof

This already runs

The architecture on this page is not a proposal. We built and validated it before writing the brief.

The decision engine behind the document chase passes 30 automated tests. The pilot infrastructure is deployed.

The full comparison table (how this architecture stacks up against toggles, SaaS tools, and in-house builds) and the ten questions to ask any AI vendor are in The Private Agent Brief.

30 automated
tests

Live pilot infra
deployed

The Private Agent Brief: comparison table, vendor questions, and the full architecture context. PDF, sent to your inbox. Read the brief →

See whether this fits your firm

A 30-minute call. We walk this diagram against your actual systems and tell you honestly whether the toggle, the SaaS, or a private agent is the right call.

Book the call Read the brief first