Documentation

Architecture — the sovereignty spectrum

How Acta runs: managed, self-hosted, or on your own hardware; multi-model orchestration; ZDR and EU providers; model-agnostic by design.

The sovereignty spectrum: managed → self-host → own hardware

Acta does not force a single hosting model. It runs along a spectrum, and a firm chooses how far along it wants to sit:

  • Managed — the simplest start: the static app is hosted for you, and you bring your own provider key. A convenient opt-in default.
  • Self-hosted (recommended) — you deploy the same static app and the optional legal-sources Worker on your own Cloudflare account. Nothing about the app changes; only who operates it does.
  • Your own hardware — at the far end, inference itself can point at infrastructure you control, for firms whose risk posture requires it.
The recommended posture is full self-host: the firm holds the deployment, the storage and the provider key, and Acta is just the software running inside that perimeter.

Multi-model orchestration

Acta does not rely on a single model answering in one shot. The work is broken into stages — planning, research, drafting, and an independent check — and different models can be assigned to different stages. The point is not which model is biggest; it is that the answer is produced and then independently scrutinised before you see it.

Research is clear that models are not reliable at checking their own work, and that an independent verifier improves reliability over a single pass. That finding — not a claim that more models always beat one — is what the orchestration is for.[6]

[Source — pending verification (research pass)]

Zero data retention and EU providers

Inference runs against European model providers under zero-data-retention terms: prompts and outputs are not stored by the provider and are never used to train a model. Combined with storage that stays in the firm's own Drive or OneDrive, this keeps a matter inside European, firm-controlled boundaries end to end.[3]

[Source — pending verification (research pass)]

Model-agnostic, compounding quality

Acta is deliberately model-agnostic. The thing that makes its output defensible is not a particular model but the deterministic check that sits outside every model: a quotation either matches the official source verbatim or it does not, and that test does not change when the model does.

The practical consequence is that the workspace improves as the underlying models improve, without re-architecting and without weakening the guarantee. Better models make better drafts; the check that keeps those drafts honest stays exactly the same.

Where data flows (and where it does not)

Two flows leave the browser, and both are narrow and direct. Inference goes browser-direct to the configured European provider; official legal sources (for example EU and Spanish case-law and legislation databases) are reached through the optional legal Worker the firm itself deploys, or browser-direct where the source allows it. There is no Acta-operated relay sitting in the middle of either path.

Client matter content does not pass through any Acta server. The shared code is the same for every firm and is open to inspection — what differs between firms is only their own keys, storage and deployment.