DEV Community

Cover image for How I Migrated PRISM to Azure OpenAI and Built Cryptographic Data Deletion in 48 Hours
Victor Okefie
Victor Okefie

Posted on

How I Migrated PRISM to Azure OpenAI and Built Cryptographic Data Deletion in 48 Hours

#security #azure #legaltech #buildinpublic

After a discovery call with a legal tech consultant
who has spent ten years in the field, one thing
became completely clear: before a lawyer evaluates
capability, they evaluate data custody.
Standard OpenAI infrastructure was not built to
answer the questions a law firm's security team asks.
Azure OpenAI is.
This is how I migrated PRISM in 48 hours —
and what I built on top of the migration.

Why Azure OpenAI Over Standard OpenAI

  • The contractual difference: zero data retention is a Microsoft commitment, not an application policy
  • Content logging disabled by default
  • Regional data residency and what it means for GDPR
  • Enterprise SLA and why it matters for legal clients
  • The migration process: what changed in the codebase and what stayed identical
  • Code snippet: Azure OpenAI client initialisation vs standard OpenAI client

RLS Isolation — Mathematical Impossibility

  • What Row Level Security actually means at the database level
  • Why application-layer access controls are insufficient for legal document contexts
  • How RLS is implemented in PRISM's PostgreSQL layer
  • The key principle: isolation enforced where it cannot be bypassed
  • Code snippet: RLS policy implementation for document isolation

Cryptographic Deletion and the Destruction Receipt

  • The problem with standard deletion confirmation
  • SHA-256 hashing of document content before deletion
  • Timestamp generation and receipt assembly
  • How the receipt is stored and delivered to the user
  • Why this is audit-admissible where a confirmation is not
  • Code snippet: destruction receipt generation logic

The Glass Box — Real-Time Inference Transparency

  • The problem: legal professionals cannot trust what they cannot observe
  • How Glass Box works: streaming inference stages to the UI in real time
  • The four stages and how they are triggered
  • Implementation: server-sent events for stage updates
  • Why this is different from a loading spinner
  • Code snippet: stage streaming implementation

The Security Command Center

  • What the Data Custody tab shows and why
  • Audit trail architecture: what is logged, when, and how it is surfaced
  • The principle behind it: data custody is a continuous record, not an on-demand report

Security is not a layer you add to an AI product.
It is the foundation you build everything on top of.
Left of Bang on security means the breach is
prevented before it is possible, not detected
after it has happened.
That is the only standard worth building to
when the documents inside your system carry real stakes.
PRISM v1.1 is live.

Top comments (0)