Avocado Legal is a private research connector over a South African legal corpus. It is not a client-file vault, not a practice-management system, and not a place to upload matter documents.
This page explains what happens when you search through the MCP connector, where that traffic goes, and what remains with your AI app (for example Claude Desktop).
The boundary that matters
Two systems, two responsibilities
Avocado Legal (this service)
- Receives short search / citation queries when your AI calls an Avocado tool
- Returns quoted passages from the public / licensed legal corpus
- Does not accept uploads of briefs, pleadings, or client files
- Does not store your chat history as a conversation archive
Your AI app (Claude, Cursor, etc.)
- Holds the full chat you type — including any client facts you paste
- Decides when to call Avocado tools and how to phrase the search query
- Is governed by that vendor’s privacy policy and retention rules
- Avocado cannot see or delete chats that never leave the AI product
Where traffic goes
Path of an Avocado search
- You ask a research question in your AI app. The app may send a tool call such as “search legislation for urgency requirements”.
-
That tool call travels over HTTPS to
avocado-mcp.scholtz.dpdns.orgthrough Cloudflare’s edge tunnel to our hosted gateway. - The OAuth gateway checks that you are signed in with an approved Google account on the invite allow-list, then forwards the authenticated request to the private MCP service on the same server.
- The MCP service calls the local legal-vector retrieval API (not exposed on the public internet). The API embeds the query text and searches our vector database (Qdrant) for matching corpus chunks.
- Matching passages, metadata, and source links are returned to your AI app. The AI then shows you quotes and citations in the chat.
What Avocado processes
Queries in, corpus passages out
What we process on a search
- The query string your AI sends to the tool (and optional collection / top‑k settings)
- Your authenticated identity for access control (approved Google email via OAuth)
- Standard technical signals needed to operate HTTPS and the gateway (connection metadata)
What we return
- Text chunks already indexed from the SA legal corpus
- Document metadata (title, collection, citation fields where available)
- Source links so you can open the underlying document
The corpus itself is built from official and licensed South African legal materials (legislation, judgments, rules, selected commentary). It is not built from your firm’s client files. See the corpus map for coverage.
Search embeddings
What happens to the text that is embedded
To find similar passages, Avocado converts your search text into a numeric vector (embedding) on our server, then compares that vector to embeddings already stored for the legal corpus.
- Embedding runs locally on our VM with a pinned open embedding model. The search text is not sent to a third-party embedding API.
- The query vector is used only for that request’s similarity search against existing corpus points in Qdrant.
- The query text and its vector are not written into the corpus index. Accidental client wording does not become a new searchable document in Avocado.
- When the request finishes, that ephemeral query vector is discarded with the request. Avocado does not keep a durable “search history” archive of MCP queries today.
If something sensitive was searched
Accidental privileged or client detail
If a search query accidentally included a client name, ID number, or privileged strategy:
- On Avocado: that wording was processed for the request and is not ingested into the legal corpus. There is nothing to “un-index” from Qdrant because the query was never stored as a corpus point.
- On your AI app: the chat (and any vendor retention) may still hold the text. Use that product’s delete / forget / new-chat controls and follow your firm’s incident process for the AI vendor.
- Next steps: start a fresh chat, rephrase without identifiers, and continue with anonymised research questions. Email support if you need operator confirmation of the current retention posture for your account.
Retention
What we store today
- Allow-list — approved Google email addresses required to use the connector.
- OAuth session material — short-lived access and refresh tokens issued by our gateway after Google sign-in, tied to the approved email so subsequent MCP calls can be authenticated.
- Corpus & index data — the legal documents and embeddings we host for retrieval. These are research sources, not your matters.
- Operational status data — pipeline health used by the operator status site (ingest metrics, service health). That dashboard is separate from MCP chat content.
Recommended retention posture (current product)
- Treat MCP search queries as processed in memory for the request, not retained as a searchable user history.
- Treat query embeddings as ephemeral — used to retrieve corpus hits, then discarded; not upserted into Qdrant.
- Retain allow-list emails and OAuth tokens only as needed for access control; rotate or revoke on request when a user leaves the pilot.
- If a firm later requires durable audit logs of searches, that would be an explicit, disclosed feature — not silent logging — and this page would be updated first.
Hosting & subprocessors
Where infrastructure lives
These are the parties involved in running Avocado Legal today. Your AI chat vendor (Anthropic, OpenAI, Google Gemini, etc.) is not an Avocado subprocessor for the MCP path — that relationship is between you and that product.
Oracle Cloud Infrastructure
Hosts the VM that runs the OAuth gateway, MCP service, retrieval API, and Qdrant. Region: EU (Frankfurt).
Cloudflare
HTTPS edge and tunnel to the VM; also hosts these public setup / status Pages sites. Encrypts traffic in transit to our origin.
Sign-in only (OAuth: openid, email, profile) so we can check the allow-list. Google does not receive your legal search queries through this flow.
Not in the Avocado path
We do not send MCP search text to a third-party embedding or LLM API. Embedding and retrieval stay on the VM.
Out of scope
What Avocado does not do with your client work
- Does not provide a portal to upload or sync client documents into the corpus
- Does not train a public model on your chats or firm materials
- Does not expose Qdrant or the raw retrieval API on the open internet
- Does not replace your firm’s document management, privilege protocols, or conflict checks
- Does not control how Anthropic, OpenAI, Google, or other AI vendors retain chats in their products
Access controls
How we keep the connector private
- Invite only — accounts must be approved before the allow-list accepts them.
- Google sign-in — human authorization uses Google OAuth; unauthenticated MCP calls are rejected.
- HTTPS edge — public traffic terminates on a Cloudflare-protected hostname before reaching the gateway.
- Localhost services — vector search and the MCP origin are not published as open ports.
- Least privilege for operators — status and corpus views are separate products with their own access gates.
Firm hygiene
What we ask you to do
- Use an approved work Google account that your firm authorises for this tool.
- Phrase Avocado searches as legal research questions, not paste-dumps of privileged correspondence.
- Strip or pseudonymise client names, ID numbers, and matter references before searching when policy requires it.
- Verify every quote against the linked source document before relying on it in advice or filings.
- Read the research guide so the AI is instructed to quote sources rather than invent them.
Suggested instruction to paste into your AI chat
When using Avocado Legal, prefer anonymised research questions. Do not include client names, ID numbers, matter references, or privileged strategy in Avocado tool search queries. Search for legal principles, statutes, rules, and case law; quote sources and cite links. If a search would need client facts, ask me to rephrase without identifiers first.
Honest limits
What this page is — and is not
This is a plain-language description of the current invite-only architecture. It is not a POPIA compliance certificate, ISO report, or signed data-processing agreement. Those documents can be produced for firm procurement when you need them.
If something on this page is unclear for your risk committee, email us with the specific question (retention, subprocessors, location of hosting, breach notification). We would rather answer narrowly than over-claim.
Next
Continue setup
When you are comfortable with the boundary above, connect the MCP connector on the setup page, then use the research guide for question patterns that keep retrieval tight and source-backed.