The latest articles on DEV Community by GregoryT (@devgreg). https://dev.to/devgreg https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3974680%2F6bb453ad-3e9f-4e6e-878a-e0a1b89b84d4.png https://dev.to/devgreg en GregoryT Tue, 09 Jun 2026 07:30:00 +0000 https://dev.to/devgreg/ndashield-how-i-built-a-privacy-first-ai-legal-triage-tool-on-cloudflare-and-nextjs-4i2g https://dev.to/devgreg/ndashield-how-i-built-a-privacy-first-ai-legal-triage-tool-on-cloudflare-and-nextjs-4i2g <p>Building with AI is easy. Building with AI when handling highly confidential, legally binding legal documents is an absolute minefield.<br> When I set out to build <strong>NDAshield</strong> (an automated tool that scans NDAs, applies a 0-100 risk "Burn Score," and generates redlines), the biggest hurdle wasn't the AI wrapper—it was <strong>data privacy</strong>.<br> Here is a look under the hood at how I structured a solo-founder SaaS architecture to be fast, secure, and compliant with EU strict data privacy regulations.</p> <h2> 1. The Architectural Blueprint </h2> <p>To minimize overhead and handle global traffic with zero cold starts, I bypassed traditional heavy server setups:</p> <ul> <li>Framework: Next.js</li> <li>Edge Infrastructure: Cloudflare</li> <li>Auth &amp; DB: Clerk + Supabase</li> <li>AI Layer: Google Gemini (primary processing for massive context window and speed) with an automated fallback pipeline to OpenAI.</li> </ul> <h2> 2. Achieving Zero-Footprint Processing (In-Memory) </h2> <p>To comply with GDPR and earn the user trust required for document analysis, I built a zero-storage pipeline.<br> When a user uploads a PDF or DOCX, the document is streamed and kept entirely in temporary memory. The text is parsed, chunked, passed to the secure API endpoint of our LLM providers (with data-sharing/training toggles strictly turned off), and the structured JSON output is sent back to the client. Once the session terminates or 90-day system logs clear, the footprints vanish. No local database stores the raw text of the contract.</p> <h2> 3. Prompt Engineering for Law vs. Reality </h2> <p>Generic ChatGPT prompts give terrible contract summaries like: <em>"This is a standard NDA protecting both parties."</em><br> That's dangerous. To make the output actionable, the backend enforces structural constraints:</p> <ol> <li> <strong>Quantification:</strong> Every clause is mapped against an aggressive risk matrix to compute an aggregate 0-100 Burn Score.</li> <li> <strong>Verification:</strong> The model is strictly forbidden from summarizing a problem unless it can output an exact, verbatim quote from the uploaded text to prove it.</li> <li> <strong>Actionability:</strong> Instead of just pointing out a flaw, the system generates clean counter-proposals (redlines) and drafts a formal negotiation email.</li> </ol> <h2> Lessons Learned as a Solo Developer </h2> <p>Launching a legaltech micro-SaaS teaches you that tech is only 30% of the battle; trust and positioning make up the other 70%. By ensuring the app is fully EU-hosted (Poland) and entirely transparent about what happens to data, user hesitation drops drastically.<br> We just went live on Product Hunt today to gather initial usage feedback. If you're building in the AI or Edge space and want to chat about handling file processing at the edge or tuning structured JSON outputs, let's talk in the comments!<br> Check out the live build here: <a href="//nda-shield.com">nda-shield.com</a></p> <div class="crayons-card c-embed text-styles text-styles--secondary"> <div class="c-embed__content"> <div class="c-embed__body flex items-center justify-between"> <a href="https://www.producthunt.com/products/ndashield-ai-nda-risk-analysis-in-45s?launch=ndashield-ai-nda-risk-analysis-in-45s" rel="noopener noreferrer" class="c-link fw-bold flex items-center"> <span class="mr-2">producthunt.com</span> </a> </div> </div> </div> ai programming career saas