Blackfort Technology
Local AI for Practices and Law Firms

Practices & Law Firms

Local AI for Practices and Law Firms

ChatGPT and similar tools are convenient — but a real risk when patient or client data is involved. We set up an AI assistant that runs entirely within your practice or firm. No server room, no IT team required.

Request Consulting
Welcoming reception and waiting area of a modern practice

Cloud AI vs. local AI for practices and law firms

Cloud AI (ChatGPT & co.)

  • Patient or client data leaves your practice/firm
  • Possible unlawful disclosure under Section 203 StGB, depending on setup
  • Servers usually located outside Europe
  • Processing by a third party, terms of service can change

Local AI (our approach)

  • Data stays entirely on your own device
  • No third party with access to content
  • Device is physically on your premises, no offshore exposure
  • One device, one point of contact, a transparent flat fee

Why cloud AI is a risk for practices and law firms

If you work as a doctor, dentist, psychotherapist, lawyer, notary or tax advisor in Germany, you are bound by professional confidentiality under Section 203 of the German Criminal Code (StGB). Entering patient or client data into a cloud AI tool such as ChatGPT can already constitute an unlawful disclosure, depending on the provider's setup — regardless of what its terms of service promise. On top of that, the GDPR classifies health and client data as special categories of personal data requiring additional protection.

Many practices and firms use AI tools today regardless, often without being fully aware of the legal exposure — usually under time pressure or because no real alternative was available. A legally sound approach is local processing on your own infrastructure: the AI runs entirely on your premises, no external provider, no server abroad, no data ever leaving your practice or firm.

Contrary to common assumption, this no longer requires a server room or an IT department. A single, compact device is enough for most practices and firms — we handle selection, setup and ongoing support so you don't have to become an IT expert yourself.

What we actually set up for you

Compact AI workstation on a desk in a practice office

Three steps, one point of contact: first, we clarify what you want to use the AI for — documentation, draft letters or findings, research across your own files — and which device is sufficient. You don't need to wade through hardware offers yourself; we handle selection and ordering support as part of the same setup fee, while you purchase the hardware directly from the manufacturer or retailer.

For a practice or firm with up to around 10 staff, a single device is enough — one that sits in the office like a normal computer, no server room, no special power connection required. Depending on your requirements, we recommend either a compact AI workstation or a particularly quiet Apple Mac Studio. Which option fits you best is something we clarify in an initial conversation.

After setup, we handle ongoing support: updates, functional checks and a point of contact for questions. Setup (consulting, selection, installation) is a transparent flat fee starting at €2,500, ongoing support starts at €250 per month — no hidden hourly billing.

Who this is for: medical professions and legal/financial advisory professions

Tidy consultation desk, symbolic of confidential practice and law firm work

Medical professions: medical practices, dentists, orthodontists, veterinarians, pharmacies and psychotherapists — wherever patient data deserves particular protection, a local AI assistant is a natural fit for documentation or draft findings.

Legal and financial advisory: law firms, notary offices, tax advisors and auditors — for draft correspondence, client communication or research across your own files, without client data ever leaving the firm.

The law names each of these professions individually under Section 203 StGB — this isn't an analogy, it's directly applicable law for every one of them.

Our Services

  • Needs assessment and device selection (AI workstation or Mac Studio)
  • Support through ordering and delivery — you remain the owner of the hardware
  • Setup of the AI model, connection to your own documents (RAG), and security hardening
  • Onboarding and training for your team
  • Ongoing maintenance, updates and functional checks
  • A point of contact for questions — no in-house IT department required

Applicable Regulations

  • Section 203 StGB
  • GDPR Art. 32
  • Professional codes of conduct (BRAO, StBerG, etc.)

Industry-Specific Consulting

Talk to our experts about your specific requirements and regulatory obligations.

Request Consulting

What your AI assistant handles for you

Included as standard

  • Chat assistant with access to your own documents — only the folders you choose to share
  • Drafting: email and correspondence drafts, summaries, clinical or file notes
  • Direct export as a Word or PDF document from the chat
  • Multiple user accounts with individual access rights

Optional extensions

  • Dictation: spoken notes are converted to text locally
  • Generating PowerPoint presentations and Excel spreadsheets from your data
  • Fine-grained, role-based access rights at the file level
  • Web search available on demand — e.g. for current case law or guideline updates, switched on deliberately rather than left open by default

The AI never modifies or deletes files on its own — every change goes through a human approval step. When web search is enabled: queries should not contain patient or client data, since that is the one point where data deliberately leaves the device.

Christian Gebhardt, Founder & CEO Blackfort Technology

Why Blackfort, not just any IT provider

Setting up local AI infrastructure is one thing — operating it securely is another. Christian Gebhardt, founder of Blackfort Technology, is the lead author of the official penetration testing guide for language models published by the Alliance for Cyber Security (an initiative of the German Federal Office for Information Security, BSI), and a permanent member of its AI expert working group.

  • Lead author of the ACS/BSI guide "Penetration Testing of Large Language Models"
  • Permanent member of the AI expert working group of the Alliance for Cyber Security
  • Hands-on experience operating local language models in his own lab
  • One point of contact instead of a hotline — personal support from consulting through to maintenance
View the guide on allianz-fuer-cybersicherheit.de

Frequently Asked Questions

Am I even allowed to use ChatGPT in my practice or firm?

Legally risky if patient or client data is involved — professional confidentiality under Section 203 StGB and the GDPR set narrow limits here. A locally operated solution avoids the problem from the outset, because no data ever leaves your practice or firm.

How do you make sure no data really goes outside?

We set up the device with network segmentation and access controls and rule out unintended internet access by the AI software — the device processes your data entirely offline with respect to the AI model. This hardening is part of our core infrastructure security expertise, not a feature bolted on afterwards.

Does Blackfort specialise in AI security, or just in setting it up?

Both. Christian Gebhardt is the lead author of the official ACS/BSI guide on penetration testing of language models and a member of the responsible expert working group — we don't just build local AI, we also know how to test it against prompt injection, jailbreaks and data exfiltration.

What does a local AI assistant cost for my practice or firm?

You pay for the hardware directly from the manufacturer or retailer — we guide the selection so you neither overspend nor undersize it. Our setup service (consulting, selection, installation) is billed as a transparent flat fee starting at €2,500, with ongoing support starting at €250 per month.

Do I need my own IT department for this?

No. That is exactly what this service is for — we handle selection, setup and ongoing support, so you have one point of contact instead of coordinating several vendors yourself.

How quickly can this be set up?

Depends mainly on hardware delivery time — the setup itself usually takes a few days.

Is a single device really enough for my practice?

For the typical size of 2 to 10 concurrent users, yes. If you expect significant growth, we discuss in the initial conversation which of the two device options gives you more headroom.

Kontakt aufnehmen

Ready to address your industry-specific security requirements?

Sprechen Sie mit uns über Ihre Sicherheitsanforderungen – konkret, ohne Verpflichtung und auf Augenhöhe.

Get in Touch