Skip to main content

Your firm's website and intake should work together.

See what's breaking

Legal

Data boundary

Peak Leverage is built to operate at the website and intake-operations layer, not inside legal strategy or case work. This page describes what data we expect to handle and where the line should sit.

Last updated 2026-05-26

What we handle

Our service is designed to touch website, intake, and operations data. That can include:

    Prospective-client form submissions (name, contact details, practice-area selection, and limited issue descriptions a prospect chooses to provide on a public intake form)Routing and qualification flags that the firm configuresPage views, conversion events, and intake-funnel performance metricsCRM and case-management system integration metadata (record IDs, status changes, timestamps) when needed for routing and reportingAggregate firm performance data used for monthly review reporting

What we try to keep out of scope

The system should stay outside the privileged path. We do not request access to:

    Attorney-client communications exchanged through the firm's email, secure messaging, or case-management platformWork product, including legal research, drafts, internal strategy notes, and case filesTrust account or escrow dataSettlement amounts beyond what a firm chooses to publicly disclose and approve for marketing useCo-counsel or expert-witness communications

How the boundary is enforced

Integrations with case-management platforms (Clio, MyCase, Filevine, PracticePanther, and others as added) should use scoped API credentials limited to the create and update paths required to deliver an intake record into the firm's matter pipeline. We avoid requesting scopes covering document libraries, matter content, secure messaging, billing detail, or trust accounting unless a future written scope explicitly requires it. The exact scope set is provided to the firm before any token is generated; the firm authorizes the OAuth grant from inside its own platform. Tokens can be revoked by the firm at any time without contacting us.

Incident escalation

If we encounter material in a system that appears to be privileged, work-product, or outside the agreed scope, we stop work in that area and report to the firm's primary contact for direction. We do not assume permission to review content the firm did not explicitly route through the website and intake pipeline.

Records retention

Default retention is set in the engagement terms. The firm may request deletion of specific records or a full export of its data on termination, subject to operational, legal, payment, and backup constraints. Exports are delivered in a structured format.

What this page is not

This page describes our operational boundary, not legal advice about a firm's malpractice exposure. Firms remain responsible for their own conflicts-of-interest screening, privilege determinations, and retention obligations.