Product documentation for the Sentinel legal compliance & eDiscovery platform
Use your browser's Print → Save as PDF to export this document.
Everything you need to ingest, search, review, and act on a matter's evidence — and to use Sentinel's AI assistant with confidence. User guides, an API reference, security details, and answers, all in one place.
Welcome to the documentation for Sentinel — an enterprise platform for legal compliance monitoring and eDiscovery. Read it top to bottom as a manual, or use the sidebar search (press /) to jump to a topic. Every page has a print link, and a single printable version bundles the whole manual into one document for PDF export.
Upload files, email archives, and media. Sentinel extracts text, runs OCR, deduplicates, and indexes everything automatically.
Keyword, semantic, hybrid, and visual search across a matter's documents and transcripts — find by exact term or by meaning.
An assistant grounded in your evidence — searches, drafts answers with verifiable citations, and helps with review, by text or voice.
A three-pane workspace with coding, tagging, bulk actions, email threading, and predictive coding (TAR/CAL).
Record and transcribe depositions, interviews, and meetings with speaker diarization and live AI assistance.
Per-tenant isolation, data residency in your Azure environment, audit logging, and citation-verified AI output.
Sentinel adapts its interface to your practice. A tenant runs in one of three practice modes — Litigation, Transactional, or Real Estate — which changes the navigation and available features. See Core Concepts → Practice modes.
A note on accuracy. This documentation describes the Sentinel product as built. Some features are practice-mode-specific or role-gated, and a small number of surfaces are still in active development — these are called out where relevant. If something in your environment differs, your administrator may have configured it differently, or you may be on a different practice mode.
Sentinel is an enterprise SaaS platform for legal compliance monitoring and eDiscovery. It gives legal and compliance teams one place to ingest large volumes of documents and communications, make them instantly searchable, review and code them, and surface the facts that matter — supported throughout by an AI assistant that is grounded in your own evidence rather than the open web.
Everything is searchable, by meaning. Every file that enters Sentinel flows through a single ingestion pipeline that extracts text (running OCR on scans and multimodal extraction on images, audio, and video), deduplicates it, and builds a searchable index. There are no feature‑specific "silos" that the search layer can't see — a document you upload to a data room, a transcript from a deposition, and an email pulled from a monitored mailbox are all findable the same way. See Core Concepts → The content pipeline.
An AI assistant you can trust. Emma, the built‑in assistant, answers questions about your matter using only what your documents actually say. When Emma references a document she does so with a citation token that is mechanically verified against the documents a tool actually returned — if a response references a document that wasn't retrieved, the system blocks it. This "citation grounding" is core to keeping AI output defensible as legal work product. See Emma → Citations and guardrails.
Your data stays in your environment. Sentinel is multi‑tenant by design, but each customer's documents live in that customer's own database and storage. AI calls that leave the environment for inference are configured to not retain your data. See Security & Compliance.
At a high level, you work in Sentinel like this:
The interface adapts to one of three practice modes per tenant:
| Mode | Primary objects | Representative features |
|---|---|---|
| Litigation | Cases, custodians | Discovery review, productions, privilege log, motions, jury selection, depositions |
| Transactional | Deals, counterparties | Deal data rooms, request lists, due‑diligence checklists, business intelligence |
| Real Estate | Properties, stakeholders | Deal pipeline, diligence, closing checklists |
Practice mode is set per tenant by an administrator (and by Sentinel during provisioning). See Core Concepts → Practice modes.
Continue to Getting Started →
This guide gets you signed in to Sentinel and oriented in the interface.
Open your tenant's Sentinel URL (your administrator or welcome email provides it) and sign in with your email and password.
Sentinel separates the login / account service (the control plane) from the application. When you sign in, the control plane verifies your identity and issues your session; the application then loads with your tenant's data.
If your account was just created — for example, you were invited by an administrator or received trial credentials — your first sign‑in may walk you through a short setup:
After signing in you land on a Home hub designed to get you moving quickly. It includes:
Most work in Sentinel happens inside a matter (a case, deal, or property transaction). Use the matter selector in the sidebar to choose your current matter. Once selected, the sidebar expands to show that matter's workspace — overview, documents/data room, review, analysis, and so on — and the URL reflects the selected matter so you can bookmark or share deep links.
You can switch matters at any time from the same selector. To see everything you have access to, open the Matters list (called Deals or Deal Pipeline in transactional / real‑estate modes).
The left sidebar is your primary navigation. What you see there depends on two things:
Common top‑level destinations:
When a matter is selected, matter‑scoped sections appear below — for example Data Room, Doc Review, Productions, Analytics, and analysis tabs.
Your role controls what you can see and do. The tenant‑level roles are:
| Role | What it's for |
|---|---|
| Admin | Tenant administrator — manages users, settings, API keys, and has access to every matter in the tenant. |
| Attorney | Case/deal team member. Sees the matters they are assigned to (or that are org‑wide). The default role for most users. |
| Deal Team | Transactional / M&A team member focused on deals and due diligence. |
| Platform Admin | Sentinel staff role for platform operations across tenants — not a customer‑assigned role. |
Within a matter, an attorney's specific access level (full, read‑only, or limited) is set when an admin assigns them to that matter. See Core Concepts → Access control.
This page is the single best place to understand how Sentinel fits together. Everything else in the documentation builds on these ideas.
A matter is the top‑level container for a piece of work and everything related to it — documents, sessions, findings, analysis, and team access. What a matter represents depends on your practice mode:
You always work in the context of a selected matter. The matter selector in the sidebar sets your current matter; the URL reflects it so you can bookmark and share deep links.
There are also special matter types:
Documents in a matter live in two complementary surfaces:
Both are display/grouping layers over the same underlying indexed content (see below), so search and Emma see everything regardless of which surface a document came in through.
The most important architectural idea in Sentinel: every file that enters the system goes through one unified ingestion pipeline and becomes searchable. There is no feature that stores content "off to the side" where search can't see it.
When a file is uploaded (or arrives via a monitored mailbox, a client‑upload link, or a docket import), it flows through a multi‑stage pipeline:
Two ideas underpin this:
Ingestion is asynchronous, so a freshly uploaded document moves through visible states such as queued, processing / extracting (parse, OCR, or multimodal extraction), embedding, and complete — at which point it appears in search results. Files that can't be processed (unsupported or empty) are marked failed/skipped with a reason you can review. Large uploads and media files naturally take longer than small text documents.
Sentinel offers several search modes over a matter's content (and transcripts):
See Search & Research for how to use them, and Emma for asking questions in natural language.
Emma is Sentinel's built‑in AI assistant. She can search your documents, answer questions about a matter, analyze communications, navigate the app, code and tag documents, and summarize sessions — by text or by voice.
Emma's defining trait is citation grounding: she may only reference a document using a citation token that a tool actually returned during the conversation, and her responses are mechanically checked against those tokens. If a response references a document that wasn't retrieved, it is blocked rather than shown. This keeps AI output grounded in your real evidence. See Emma — the AI Assistant.
A session is a recorded deposition, interview, or meeting. Sentinel transcribes the audio with speaker diarization (who said what), and the transcript becomes searchable like any other content. During live or ambient sessions, Sentinel can surface AI "leads" — related documents, possible contradictions, and follow‑ups — in real time. See Sessions & Transcription.
Findings are the notebook of a matter: notes, theories, legal issues, contradictions, and other entries, each optionally linked to the evidence that supports it. Findings are created conversationally — Emma proposes a finding mid‑conversation and you accept, edit, or dismiss it. See Findings.
A tenant runs in exactly one practice mode, which reshapes the navigation and available features:
| Mode | Objects | Distinctive surfaces |
|---|---|---|
| Litigation | Cases, custodians | Discovery & document review, productions, privilege log, motions, jury selection, depositions, communication & issue analytics |
| Transactional | Deals, counterparties | Deal data rooms, due‑diligence request lists, deal checklists & templates, business intelligence |
| Real Estate | Properties, stakeholders | Deal pipeline, diligence, closing checklists (transactions ribbon) |
Practice mode is a per‑tenant setting that an administrator controls (and that Sentinel sets during provisioning). Changing it changes what every user in the tenant sees. A few surfaces are practice‑mode‑specific and are noted in their guides.
Sentinel follows an "administrators assign attorneys to matters" model:
Mutating actions (creating, editing, deleting within a matter) require full access. Assignments can be removed, which immediately revokes access. See Administration → Matter assignments & access levels.
Each customer is a tenant. A tenant's documents live in that tenant's own database and storage — customer data is not commingled across tenants. A central platform layer handles cross‑tenant concerns like accounts and tenant registration, but not customer document content. See Security & Compliance for the full posture.
With these concepts in hand, the User Guides cover each feature in depth. Start with Matters, Cases & Deals.
A matter is the container for a piece of work and everything tied to it. In Litigation mode a matter is a case; in Transactional mode it's a deal; in Real Estate mode it's a property transaction. The concepts below apply to all three; where they differ, it's noted.
Open Matters from the sidebar (labeled Deals or Deal Pipeline in transactional / real‑estate modes) to see the matters you have access to. Administrators see all matters in the tenant; other users see the matters they've been assigned to plus any organization‑wide (enterprise data‑lake) matters.
From the list you can open a matter, and — depending on your role — create a new one. Transactional and real‑estate modes also offer a pipeline view that arranges deals by stage.
Use the matter selector in the sidebar to set your current matter. Doing so expands the sidebar to that matter's workspace and updates the URL so you can bookmark or share a deep link. You can switch matters at any time.
A matter opens to an overview and a set of tabs that organize its work. The exact tabs depend on practice mode and matter type, but generally fall into three groups:
How matters are created depends on practice mode and your workflow:
Newly created matters start empty; add documents (see Data Rooms & Uploading Documents) and assign team members (admins, via the Team tab) to begin work.
Matters carry a status (e.g. active, closed/archived) and a priority. Closed or archived matters are typically hidden from default lists but remain accessible. Closing a matter does not delete its content.
The Data Room is a matter's primary document repository — received evidence and discovery documents in litigation, or deal documents in transactional and real‑estate work. Everything you put here is ingested and indexed automatically (see Core Concepts → The content pipeline), so it becomes searchable and available to Emma.
Select a matter, then open Data Room from the matter's sidebar section. Transactional and real‑estate modes also expose a Data Rooms catalog where you pick a deal to open (or create) its room.
You can add documents several ways:
After upload, each document is processed asynchronously. You'll see it move through processing states (queued → extracting/OCR → embedding → complete) and appear in search once complete. See Core Concepts → What you see while a document is processing.
Within a data room you can organize documents into folders, search and filter them, tag them, and open any document for review. For full review features — coding, bulk actions, email threading — open Document Review.
You can collect documents from a client or third party without giving them an account. Sentinel mints a secure upload link you send to the client; files they upload land in the matter and flow through the same ingestion pipeline. Uploaded files carry provenance — the originating link, the uploader, and an integrity hash — and are marked as a client upload so reviewers can see where a document came from. The upload's processing status is visible to the inviting attorney so you can confirm when the client's documents have finished indexing.
You can invite an outside party — opposing counsel, a client, a co‑counsel — to view a data room without a tenant account:
Guest access is re‑checked on every request, so revoking a guest takes effect immediately. Guest sharing is managed from the data room's access controls; see Administration → Data‑room guest sharing.
Emailing documents (a lighter alternative). For a one‑off send where the recipient doesn't need ongoing access, you can generate short‑lived, read‑only download links for selected documents and send them by email. This is separate from inviting a guest into the room.
The data room holds the documents you work with. When you need to formally hand documents to another party — Bates‑numbered and stamped — you build a production from selected documents. See Productions & eDiscovery.
Regardless of how a document arrives — manual upload, client portal, docket import, or a monitored mailbox — it goes through the same ingestion pipeline and ends up in the same searchable index. There are no separate, unsearchable stores. This is why a deposition transcript, a produced PDF, and a synced email are all findable the same way and all visible to Emma. See Search & Research.
Document Review (Doc Review) is the full‑screen workspace for reviewing, coding, and tagging documents in a matter. It's the heart of discovery review in litigation and document diligence in deals.
Document Review uses a three‑column layout:
You can apply these to a single document, or in bulk to many documents at once — for example, tagging every email from a custodian within a date range.
The left pane's filters narrow the working set. You can combine keyword search with facets (sender, custodian, date, tag, flag, type) and save a search to return to it. You can also ask Emma to set the filters for you — e.g. "show me unreviewed documents mentioning the merger from Q2 2022" — and she'll apply them in place. See Emma.
Emma can act inside the review workspace: advance to the next document, mark responsiveness or toggle a flag, apply or remove tags (individually or in bulk), and surface coding suggestions. This lets you drive review by voice or chat while keeping your hands on the document.
For large review sets, Review Intelligence provides predictive coding — Technology‑Assisted Review (TAR) / Continuous Active Learning (CAL):
Predictive coding helps prioritize the most likely‑relevant documents and measure review completeness. Projects show status (draft, running, validating, paused, completed, failed) as they progress.
Review Analytics summarize the work: tag usage by category, how many documents are coded, and review progress. Drilling into a tag lists the documents that carry it and jumps you into review pre‑filtered to that tag. See also Relationship Intelligence & Calendar for communication analytics.
Documents identified as privileged or work product can be recorded in the matter's privilege log, with the privilege basis and redaction status, ready to export for a privilege assertion. See Productions & eDiscovery → Privilege log.
Sentinel makes everything in a matter searchable through one index, and offers several search modes so you can match the way you're searching to what you're looking for.
| Mode | Best for | How it works |
|---|---|---|
| Keyword | Exact strings, names, Bates numbers, Boolean (AND/OR/NOT, phrases) | Full‑text search over extracted text; fast and precise. |
| Semantic | Conceptual / paraphrased questions ("documents about regulatory pressure") | Matches by meaning using vector embeddings, even when wording differs. |
| Hybrid | Most natural‑language questions | Combines keyword precision with semantic recall — a strong default. |
| Visual | Visual content: signatures, handwriting, diagrams, photos, scanned receipts | Searches the multimodal embeddings of images and scanned pages — things plain text search can't find. |
Results come back ranked, each with a snippet and a link to open the document. Scores are mode‑relative — a higher score is better within a mode, but scores aren't comparable across modes.
You can narrow results with filters such as custodian, sender email, and document type, on top of any mode. In the Document Review workspace these become faceted filters you can stack and save.
Search spans a matter's indexed content, including:
Because all of these flow through the same ingestion pipeline, they're searchable the same way and to the same depth.
The Privileged Chat / Research surface is the unified place to ask questions in natural language and get answers grounded in your documents. It has two layouts:
Emma searches your evidence for you, summarizes what she finds, and answers with verifiable citations — clickable references that open the underlying document. She will tell you plainly when retrieval finds little or nothing rather than filling the gap with general knowledge. See Emma — the AI Assistant for the full picture, including voice and guardrails.
Research conversations are matter‑scoped (or global when no matter is selected). You can start new threads, browse and search your history, and export a conversation. You can also ask Emma to save a chat to the matter's case files so it's retained and searchable later.
Emma is Sentinel's built‑in AI assistant. She helps you find documents, answer questions about a matter, analyze communications, navigate the app, code and tag documents, and review sessions — by text or by voice. Emma is powered by Anthropic's Claude (currently Claude Sonnet 4.6) and is grounded in your matter's evidence rather than the open web.
Emma works through a set of tools. Grouped by what they accomplish:
There is no separate manual "notes" feature — asking Emma to save the chat is how you retain a conversation for later reference.
Emma is built for defensible legal work, so her output is constrained:
[cite:c1]) that a tool actually returned during the
conversation. These tokens map to real documents and render as clickable chips
that open the document.Emma is the general assistant. Sentinel also has feature‑specific AI:
A session is a recorded deposition, witness interview, or meeting. Sentinel records it, transcribes it with speaker diarization (identifying who spoke), makes the transcript searchable, and can surface AI assistance live as the session happens.
Open Sessions from the sidebar to see a matter's recorded sessions and to start a new one. When creating a session you choose the matter, the participants, and how it will run (for example a live video meeting or an in‑room ambient recording).
Sentinel transcribes session audio and assigns speaker labels so the transcript reads as a back‑and‑forth rather than an undifferentiated block. Transcripts are then chunked and embedded like any other content, so you can:
During a live or ambient session, Sentinel can act as a quiet second chair. As the transcript streams in, the ambient intelligence system watches for signals — possible contradictions with earlier testimony or documents, mentions of key people or topics, and other follow‑ups — and surfaces them as leads in a side panel, with related documents, so the attorney can follow up in the moment.
After a session you have:
All of this is searchable and available to Emma alongside the rest of the matter's content.
In an ambient session you can pull up exhibits (documents from the matter) during the session and keep a list of objectives — the questions or topics you intend to cover — so the session stays on track.
Sessions involve recordings of people. Handle consent and recording in accordance with the law of the relevant jurisdiction and your firm's policies. Transcripts and recordings are stored within your tenant like other content; see Security & Compliance.
Findings are a matter's working notebook — the place to capture notes, theories, legal issues, contradictions, and other analysis, each optionally linked to the evidence that supports it. Findings are how the team records what it has concluded from the documents, separate from the documents themselves.
Findings are created conversationally. As you work with Emma in the matter, she can propose a finding mid‑conversation — surfaced as an inline card. You accept, edit, or dismiss it. Accepted findings collect in a side rail where you can edit, pin, or delete them.
This keeps analysis flowing from the investigation itself: when Emma identifies a contradiction or a key fact while answering a question, capturing it is one click.
A finding typically has:
Because findings can link to the documents that support them, a matter's findings become a navigable map of "what we believe and why." Linked evidence is clickable, taking you straight to the supporting document, and keeps conclusions defensible.
Findings created with linked evidence are part of the matter's analysis. (Note that free‑text notes you write directly, without attaching evidence, are browsable in the Findings tab but aren't part of the document search index — the evidence they link to is.)
Sentinel uses AI to turn a matter's documents into two things that make a large record comprehensible: document summaries and an extracted case timeline.
Every document that goes through the ingestion pipeline gets a short, fact‑grounded AI summary — a few sentences describing what the document is and its key points. Summaries appear in search results, document previews, and the review pane, so you can triage a document before opening it.
Summaries are generated automatically during ingestion. They're written to be concise and to stick to what the document actually says.
The timeline is a chronology of events in a matter, including events extracted from the documents themselves. Rather than only showing events you enter by hand, Sentinel can read across the matter's content and assemble an ordered timeline of what happened and when.
Timeline extraction reads across the matter's indexed content, groups related material, and uses AI to identify discrete events — each with a date, participants, a short description, and a risk level (for example: critical, medium, cleared, or neutral) with an explanation. Overlapping events are merged into a single ordered timeline.
You typically run timeline extraction on demand for a matter, and can re‑run it to incorporate newly added documents. For very large matters, extraction can be scoped to a date range to keep events granular.
Summaries help you understand individual documents quickly; the timeline helps you understand the matter as a sequence of events. Both are grounded in the matter's actual content and update as new documents are ingested. They feed — and are fed by — your Findings and Search & Research.
AI summaries and extracted events are aids for orientation and triage, not a substitute for reading the underlying documents. Always verify against the record before relying on them.
For transactional and real‑estate practices, Sentinel provides due‑diligence tooling that tracks what a deal needs and auto‑completes as documents arrive: deal checklists, document request lists, and templates.
These features are specific to transactional and real‑estate practice modes.
A deal checklist is a structured list of due‑diligence items for a deal, organized into sections (legal, financial, tax, and so on). Each item tracks a status (e.g. pending, in progress, waiting, complete, not applicable, or waived), how it's satisfied, and any documents connected to it.
Checklists are created from templates — reusable, deal‑type‑specific lists (for example, a purchase & sale checklist or a closing‑variant checklist). Templates are reference data maintained per tenant.
Administrator note: real‑estate checklist templates are seeded into a tenant as a setup step. If the checklist picker is empty or the recommendation card never appears, the templates likely haven't been seeded yet — see your administrator. (Without templates the feature is simply inert; nothing breaks.)
From the deal's Checklists tab, apply a template to create the checklist. Sentinel can also recommend the most appropriate template for a deal: it ranks templates against the deal and its documents and surfaces a recommendation card while the deal has no checklist yet.
The standout feature is auto‑match. Sentinel compares the deal's data‑room documents to the checklist items and, where it finds a match, generates a plain‑English rationale and an AI verdict about whether the document actually satisfies the item:
The result is a checklist that fills itself in as diligence documents land, with a visible reason for every completion you can review and override.
On the checklist detail page you can:
A request list is a list of documents you're requesting for a deal — diligence requests organized by requesting/responding party and due date. Use request lists to track what's been asked for and what's outstanding, alongside the checklist that tracks what's been satisfied.
A typical diligence flow:
The Motions workspace (litigation) is where you work a motion end to end: bring in the relevant brief, extract and verify its citations, organize the authorities, and assemble a response — with an AI Motion Agent that helps and keeps the citation record honest.
Motions is a litigation‑mode feature. It is an actively developing workspace: some steps are fully shipped while others are being built out, and the workspace shows each step's status as you go.
From a litigation matter, open Motions to see the motions for that matter, each with its citation count, status, and date. Open one to enter its workspace, or start a new motion.
The workspace is organized as a sequence of steps:
Sentinel verifies the citations in a motion against legal sources and records the result, so you don't file on a case that doesn't say what the brief claims. Each citation gets a verdict evaluated across multiple dimensions (jurisdiction, recency, how on‑point it is, strength, and so on), with a short explanation and a status indicating whether it checks out, is uncertain, or is a problem.
The set of verifications forms a citation ledger — a gate that tracks which citations are confirmed versus blocking, and whether the motion is ready to file. A printable certificate records the verification status of a motion's citations.
The motion workspace has its own AI assistant, the Motion Agent — a litigation‑associate persona focused on the single motion in front of you. It is read‑only with respect to the record: it explains and plans, but it does not silently change verifications, draft and bind authorities, mark a motion complete, or trigger paid research spend on its own. Instead it:
This keeps an attorney in control of every step that affects the filing while still giving you an AI second chair.
Jury Selection (litigation) is a courtroom workspace for voir dire — managing the venire, capturing impressions, planning strikes with defensible rationale, and arranging the panel. It's a full‑screen surface built for use during jury selection.
Jury Selection is a litigation‑mode feature.
For each juror you can capture impressions during questioning — including by voice at the counsel table — and record attitudes and experiences relevant to your case. The detail view is where your read on each juror lives.
Jury Selection helps you plan and track strikes:
A seating chart lets you arrange jurors into the box (drag and drop) so you can see the panel as it forms and plan around your remaining strikes.
Because selection is fast and high‑stakes, the workspace is designed to stay out of your way — full‑screen, quick entry, and guards so that an in‑progress voice capture isn't lost to an accidental navigation.
This guide covers the discovery‑production side of litigation: building productions you hand to other parties, tracking received productions, maintaining a privilege log, and bulk‑importing documents through eDiscovery intake.
These are litigation‑mode features.
A production is a formal set of documents handed to another party, with Bates numbering and stamping. In the Productions workspace you:
Bates defaults (prefix, padding) can be set tenant‑wide in tenant settings; you can override per production.
When you receive a production from an opposing party, track it under Received Productions. You can review opposing documents in the same review workspace (filtered to the opposing set) and tie received items back to your document requests.
RFP Coverage links received production items to your requests for production and tracks which requests have been satisfied — so you can see, at a glance, what the other side has and hasn't produced against each request.
The Privilege Log records documents withheld or redacted on privilege grounds. Each entry captures the document's metadata, the privilege type (e.g. attorney‑client, work product), the basis, whether it's a full or partial redaction, and review status. The log is a searchable, sortable table you can filter and export (for example to serve a privilege log on opposing counsel).
Documents are typically added to the privilege log during Document Review as reviewers make privilege calls.
For large collections, predictive coding prioritizes and measures review. See Document Review → Predictive coding.
eDiscovery Intake is the path for bringing large volumes of documents into a matter — bulk uploads and email archives that flow through the same ingestion pipeline (parse → split → OCR/extract → embed → complete) as everything else, so the collection becomes searchable and reviewable. See Core Concepts → The content pipeline.
These two features help you stay on top of the people and schedule around a matter: Relationship Intelligence monitors the contacts that matter and surfaces relevant news, and the Calendar keeps your events together with a briefing on who you're meeting.
Relationship Intelligence tracks the contacts connected to your work — opposing counsel, executives, counterparties, advisors — and aggregates relevant alerts (such as news) about them. It works across matters.
Alerts are grouped by how much attention they need (for example: needs attention, opportunities, market intel, and caught up), each showing its source, headline, sentiment, category, and a relevance signal. You can mark alerts as read, acted‑on, or dismissed, and filter what you see.
A Contacts view holds the underlying relationship database you can browse and maintain.
Related to relationships, communication analytics analyze the communications within a matter — who talked to whom, email threads and patterns, and anomalies. These help you understand the human network in the evidence and spot unusual activity. Emma can answer the same questions conversationally (see Emma).
The Calendar brings your matter‑related events into one place — interviews, sessions, depositions, and manual events — and can sync with an external calendar provider (such as Google Calendar or Microsoft 365) when enabled.
A distinctive touch is the relationship briefing: when you look at an event's attendees, Sentinel enriches each attendee with what it knows from Relationship Intelligence — their company, title, recent news, and last outreach — so you walk into a meeting prepared.
You can create events scoped to a matter and add attendees. Calendar sync settings control which provider (if any) to connect.
The Knowledge Base is a searchable reference of regulations and compliance frameworks you can consult while working a matter — useful for compliance monitoring and investigations.
The knowledge base holds regulations with their title, description, and citation, and can be organized by violation type. Administrators can seed it with common frameworks (for example FCPA and SOX) so the team has a consistent reference.
The knowledge base is reference material — the regulatory backdrop against which compliance work happens. It complements:
This page covers the tenant administration features — managing users and access, API keys, settings, the audit log, and guest sharing. Most of these are admin‑only and appear under the Administration section of the sidebar.
Administrators manage the tenant's users: creating accounts, assigning roles, and handling account recovery.
| Role | What it grants |
|---|---|
| Admin | Full tenant administration; access to every matter in the tenant. |
| Attorney | Standard team member; access to assigned and org‑wide matters. The default role. |
| Deal Team | Transactional / M&A focus on deals and diligence. |
| Platform Admin | A Sentinel‑staff role for cross‑tenant operations — not assigned to customer users. |
From user management an admin can:
Sentinel's access model is "admins assign attorneys to matters." A user who isn't an admin sees a matter only if:
Each assignment carries an access level:
| Access level | Can view | Can modify |
|---|---|---|
| Full | Yes | Yes |
| Read‑only | Yes | No |
| Limited | A restricted subset | No |
Admins manage assignments from a matter's Team view. Removing an assignment revokes access immediately. Mutating actions within a matter require full access.
Rollout note for admins: when matter‑level access controls are first applied to a populated matter, users without an assignment lose access until assigned. Audit assignments before tightening access so the right people keep the access they need.
For programmatic and service‑to‑service access, the tenant supports long‑lived API keys (in addition to browser sessions). Manage them from the API Keys admin page:
API‑key management itself can only be done with a browser (JWT) session — an API key cannot create or revoke other keys. See the API Reference → Authentication for the technical details.
The Tenant Settings page controls tenant‑wide configuration:
The Audit Log is an admin view of tenant activity for compliance and defensibility. It records actions such as sign‑in successes and failures, sign‑ outs, support sessions, and document/matter operations — with the user, a timestamp, and context (IP and user agent where applicable). The log is built to be reliable: recording an event never blocks the underlying action.
AI‑assistant actions through the API / connector are also audited at the tool‑call level — what was called, by whom, with what arguments, and how long it took — which supports the "what did the assistant see, when, on whose behalf?" question.
Tenants can require 2FA. When required, users enroll an authenticator app on first sign‑in and enter a code at each login. Admins can reset a user's 2FA for recovery. (2FA is enforced at the account/login layer.)
Admins and attorneys can invite external, read‑only guests to a data room without giving them accounts, and manage or revoke that access. Guest sessions re‑check access on every request, so revocation is immediate. See Data Rooms → Sharing a data room with an external guest.
The Usage view shows consumption — for example AI usage and related cost — so admins can monitor spend.
Sentinel connects to outside systems to bring data in and to extend the platform. This page covers mailbox monitoring, court/docket import, the AI connector, and bug reporting.
Sentinel Sync monitors Microsoft 365 mailboxes and streams their messages and attachments into a matter, where they flow through the normal ingestion pipeline and become searchable.
How it works for an administrator:
Sentinel Sync runs as a dedicated service with its own secure, per‑tenant credentials; messages are deduplicated so the same email isn't ingested twice. Connecting or disconnecting a monitored mailbox is an administrative action.
Sentinel can create litigation cases and pull docket entries directly from court data sources, so you can start a matter from a real docket instead of entering it by hand.
Two providers back a single "Add court dockets" experience:
From the Import Court Cases surface you search for a case, then create the matter (and optionally pull documents). Imported docket entries appear on the matter's Court Docket tab, where Emma can help you find specific filings (e.g. "the operative complaint" or "any motions to dismiss"). See Matters → Court Docket.
If the court‑import option doesn't appear, the provider may not be configured for your tenant.
Sentinel exposes a secure connector that lets an external AI client — such as an enterprise Claude deployment — work with a matter's documents through a defined set of tools (search, retrieve, summarize, verify citations, tag/code, create findings, and more). The connector speaks the Model Context Protocol (MCP), authenticates with an API key, enforces the same matter‑access rules as the app, and audits every tool call.
This is how you connect Sentinel to a compatible AI assistant outside the product while keeping access controlled and logged. For the full tool catalog and auth details, see the API Reference.
Users can report a problem from within the app — by button or by asking Emma — which files a structured report (including context such as the matter and a screenshot) to Sentinel's issue tracker. This gives the team the detail needed to diagnose an issue quickly. The feature requires a per‑tenant configuration to be enabled.
Transactional emails Sentinel sends — such as account invitations, credentials, and notifications — go out through an email delivery service. This is platform infrastructure rather than something you configure per matter.
Sentinel exposes a tenant REST API and a secure AI connector (Model Context Protocol). The connector is the supported way for an external AI client to work with a matter's documents; the REST API primarily serves Sentinel's own web app and service clients.
This reference covers authentication, API‑key management, the public health endpoints, the connector tool catalog, and a representative set of REST endpoints.
Base URL. In production, Sentinel's web UI (a static site) and its API are on different hosts. Call the tenant API host, not the web‑app host. Your tenant's API base URL is available from your administrator. All API paths below are under
/api.
Every /api/* request must be authenticated. Two schemes are supported.
Authorization: Bearer <jwt>
Short‑lived (15‑minute) JSON Web Tokens issued by Sentinel's control plane when a user signs in. Used by the web app. These carry the user's identity, role, and tenant.
Authorization: ApiKey sk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Long‑lived, revocable keys for programmatic and service clients. Key facts:
sk_live_ followed by 32 hex characters (40 characters total,
128 bits of entropy).sk_live_a1b2) is stored for display so you can identify
a key without seeing the secret.For OAuth‑based clients (such as an enterprise Claude marketplace connector), an
OAuth client_credentials flow issues an API key that is then presented as a
bearer token (Authorization: Bearer sk_live_...).
API‑key management endpoints accept only a Bearer JWT — an API key cannot create or revoke keys. This prevents a leaked key from minting more keys.
| Method | Path | Auth | Purpose |
|---|---|---|---|
POST |
/api/api-keys |
JWT only | Create a key (name, optional role ≤ caller's, optional expiresInDays). Returns the raw key once. |
GET |
/api/api-keys |
JWT only | List keys (admins: all tenant keys; others: own). Returns public fields only — never raw keys. |
DELETE |
/api/api-keys/:id |
JWT only | Revoke a key (owner or admin). Idempotent. |
Creating, listing, and revoking keys is also available in the app at the API Keys admin page (see Administration → API keys).
| Method | Path | Returns |
|---|---|---|
GET |
/api/version |
{ service, commit, buildTime } — the running build. |
GET |
/api/health |
Health status (including DB), plus the same build identifiers. |
These are handy for verifying exactly what's deployed.
The connector lets a compatible AI client operate on a matter through a defined tool set. It speaks the Model Context Protocol, so the client discovers each tool's input schema automatically. Key properties:
| Tool | Purpose |
|---|---|
list_matters |
List the matters the caller can access (cases and deals). |
get_matter |
Get a single matter's details (title, status, priority, type, description). |
get_matter_summary |
An AI executive summary of a matter. |
search_documents |
Search a matter's documents. mode is required: keyword, semantic, hybrid, or visual. Optional filters: custodianName, senderEmail, documentType. Returns ranked hits with snippets. |
get_document_text |
Full extracted text + metadata for a document, with a viewer link. |
get_case_timeline |
The matter's chronology of events with risk levels. |
get_focus_issues |
High‑priority issues/contradictions tracked on the matter. |
get_detected_issues |
AI‑detected risks and inconsistencies. |
get_privilege_log |
Privileged / work‑product documents recorded for the matter. |
get_email_threads |
Email conversations grouped by thread. |
get_thread_messages |
Messages within a single email thread. |
list_recorded_statements |
Recorded video/audio statements (e.g. interviews) for a matter. |
get_recorded_statement |
A single recorded statement's transcript and metadata. |
search_recorded_statements |
Search across recorded‑statement transcripts. |
verify_citations |
Validate document references in a draft against the matter's documents. |
Write tools require full access to the matter.
| Tool | Purpose |
|---|---|
tag_documents |
Add or remove tags on a set of documents. |
tag_documents_by_query |
Tag documents matching a search query. |
code_documents |
Assign or clear a review code on a set of documents. |
code_documents_by_query |
Code documents matching a search query. |
create_finding |
Create a notebook entry (note, theory, legal issue, contradiction, etc.) with optional linked evidence. |
add_to_focus_issue |
Append analysis to an existing focus issue. |
The connector's tool set (used by external clients) is related to but distinct from Emma's in‑app tools (which also include navigation and review‑UI actions). See Emma.
Beyond the endpoints above, the tenant API backs the web app across matters, documents, search, productions, administration, and integrations. A representative selection:
| Area | Example endpoints |
|---|---|
| Matters | GET /api/matters, GET /api/matters/:matterId, document sub‑routes under a matter |
| Tenant settings | GET /api/tenant-settings, PUT /api/tenant-settings (admin) |
| Users & access | GET/POST /api/users, password/2FA reset, matter team assignment (admin) |
| Audit | GET /api/audit-logs (admin) |
| Data‑room sharing | guest‑share verification and email‑link endpoints |
| Court import | GET /api/court-import/providers, GET /api/court-import/search, bulk‑create |
| Mailbox sync | GET /api/sentinel-sync/status, monitored‑user authorization |
These first‑party endpoints exist primarily to serve Sentinel's own client and may evolve. For a stable, supported integration, prefer the connector and the API‑key auth above. If you need a documented contract for a specific REST endpoint, contact Sentinel.
Sentinel handles privileged and confidential legal data, so security and data handling are central to the product's design. This page describes the posture in plain terms. It reflects how the platform is built; for contractual specifics (your DPA, the current subprocessor list, and any certifications), contact Sentinel.
Sentinel is multi‑tenant, but customer data is not commingled:
Sentinel runs on Microsoft Azure. A tenant's application, database, and document storage live in Azure resources dedicated to that tenant. This keeps customer content within a known, controlled cloud environment rather than spread across ad‑hoc third‑party stores.
For customers requiring isolated network connectivity into their environment, Sentinel can deploy a private network bridge (an overlay edge router) so traffic doesn't traverse the public internet.
Sentinel uses AI models for inference (Emma, embeddings, extraction, transcription, summaries). The data‑handling posture:
The practical summary: customer content is stored and managed within the tenant's Azure resources, and where content is sent to a model provider for inference, it's over secure channels under terms that don't retain it for training.
Access is enforced at multiple layers:
Third parties that may process customer data, by category (the authoritative, current list is maintained by Sentinel and provided with your DPA):
| Category | Provider |
|---|---|
| Cloud hosting, storage, database, OCR, speech, some inference | Microsoft Azure |
| AI assistant inference | Anthropic (Claude) |
| Embeddings & multimodal extraction (ZDR) | Google Cloud (Vertex AI / Gemini) |
| Transactional email delivery | Email delivery provider |
| In‑app issue / bug reporting | Issue‑tracking provider |
Additional providers may apply to optional features (for example telephony or payments) only when those features are enabled.
Sentinel is built toward enterprise compliance expectations — segregation of duties in its release process, comprehensive audit logging, least‑privilege access, and tenant isolation. For the current status of formal attestations (such as SOC 2) and your specific contractual commitments, contact Sentinel.
This page is a plain‑language description of the platform's security design, not a contract or a certification. Authoritative security commitments are made in your agreement and supporting documentation.
Sentinel is an enterprise platform for legal compliance monitoring and eDiscovery. It ingests documents and communications, makes them searchable, provides a review workspace, and offers an AI assistant (Emma) grounded in your matter's evidence. See Introduction.
Open your tenant's Sentinel URL and sign in with your email and password. New accounts may be prompted to set a new password and enroll in two‑factor authentication on first login. See Getting Started.
Use the Forgot password link to reset your password. For a lost 2FA device, ask a tenant administrator to reset your 2FA so you can re‑enroll.
Two reasons: your tenant's practice mode (Litigation, Transactional, or Real Estate) changes whole sections of the app, and your role controls whether you see administration tools. See Core Concepts → Practice modes.
Documents (PDF, Office files), images, audio, and video, plus email containers (PST, MBOX, MSG) and archives (ZIP), which Sentinel splits into their individual items. See Data Rooms & Uploading Documents.
Ingestion is asynchronous. A document moves through processing states (queued → extracting/OCR → embedding → complete) and becomes searchable once complete. Large files and media take longer. See Core Concepts → What you see while a document is processing.
Keyword matches exact terms; semantic matches by meaning; hybrid combines both; visual searches the content of images and scanned pages. See Search & Research.
Yes. Scanned PDFs and images run through OCR, and images/audio/video go through multimodal extraction, so their content is searchable.
Emma may only cite documents that a tool actually returned, and her responses are mechanically verified — a response that references an unretrieved document is blocked. She also says so plainly when retrieval finds little, instead of padding from general knowledge. See Emma → Citations and guardrails.
No. Emma can only access matters you have access to.
Yes — Emma supports real‑time voice in addition to text.
No. Inference is performed under commercial terms that don't use your content for training, and embedding/extraction runs with zero data retention. See Security & Compliance → How AI providers handle your data.
An administrator assigns them, with an access level of full, read‑only, or limited. Admins can access any matter; some matters are org‑wide. See Administration → Matter assignments & access levels.
From user management, an admin can create users, reset passwords and 2FA, and deactivate accounts. See Administration → Users and roles.
Long‑lived, revocable keys for programmatic/service access — including the AI connector. Manage them on the API Keys admin page; the raw key is shown only once. See Administration → API keys and the API Reference.
Practice mode is a tenant‑wide setting managed centrally (set during provisioning). Talk to Sentinel or your administrator if it needs to change — it reshapes the experience for everyone in the tenant.
Yes — Sentinel Sync monitors Microsoft 365 mailboxes and ingests their mail into a matter. See Integrations → Microsoft 365 mailbox sync.
Yes — import from CourtListener (free, U.S. federal) or UniCourt (broader, when configured). See Integrations → Court and docket import.
Use the in‑app "Report a problem" option, or ask Emma. It files a structured report (with context) to Sentinel's issue tracker.
In your tenant's own database and storage on Microsoft Azure, isolated from other tenants. See Security & Compliance.
No — see the AI data‑handling section in Security & Compliance.
Key activity and every AI tool call are audited for compliance and defensibility. See Administration → Audit log.
For the current status of formal attestations and your specific contractual commitments, contact Sentinel. See Security & Compliance → Compliance direction.
Yes. Open the single printable version and use your browser's Print → Save as PDF, or print any individual page (its sidebar and nav are hidden in print).
Key terms used throughout Sentinel and this documentation.
Ambient intelligence — AI that watches a live or recorded session's transcript and surfaces leads (related documents, possible contradictions, follow‑ups) in real time. See Sessions & Transcription.
Bates number — a sequential identifier stamped on produced documents for unambiguous reference. Set via a prefix and padding when building a production.
Case — a litigation matter. See Matter.
Case files — firm‑authored work product (drafts, research, pleadings) kept distinct from discovered evidence in a matter.
Citation grounding / citation token — Emma may only reference a document via a
citation token (e.g. [cite:c1]) that a tool actually returned; responses are
verified against those tokens so fabricated references are blocked. See
Emma.
Content pipeline — the multi‑stage ingestion process (parse → split → OCR/extract → embed → complete) every file goes through to become searchable. See Core Concepts.
Custodian — a person whose documents/communications are collected in discovery.
Data room — a matter's primary document repository. In Sentinel, the matter is its data room. See Data Rooms.
Deal — a transactional or real‑estate matter. See Matter.
Deal checklist — a template‑driven due‑diligence checklist that can auto‑complete as documents arrive. See Deal Checklists.
Diarization — labeling a transcript by speaker (who said what). See Sessions.
Embedding — a vector representation of content's meaning that powers semantic and visual search.
Emma — Sentinel's built‑in AI assistant. See Emma.
Enterprise data lake — an organization‑wide matter every tenant user can access.
Finding — a notebook entry (note, theory, legal issue, contradiction, etc.), optionally linked to supporting evidence. See Findings.
Guest (data‑room guest) — an external party invited to view a data room read‑only, without a tenant account.
Hybrid search — search combining keyword precision and semantic recall.
Matter — the top‑level container for a piece of work and everything related to it. A case (litigation), deal (transactional), or property transaction (real estate). See Matters, Cases & Deals.
Matter assignment — an admin granting a user access to a matter at an access level (full, read‑only, or limited).
MCP (Model Context Protocol) — the protocol Sentinel's AI connector speaks so external AI clients can use its tools. See API Reference.
OCR (optical character recognition) — recovering text from scanned PDFs and images during ingestion.
Personal data lake — a personal matter owned by a single user.
Practice mode — the per‑tenant setting (Litigation, Transactional, or Real Estate) that reshapes navigation and features. See Core Concepts.
Privilege log — a record of documents withheld or redacted on privilege grounds, with basis and status. See Productions & eDiscovery.
Production — a formal, Bates‑stamped set of documents handed to another party. See Productions & eDiscovery.
Request list (DRL) — a list of documents requested for a deal, tracked by party and due date. See Deal Checklists & Request Lists.
Semantic search — meaning‑based search using embeddings.
Session — a recorded deposition, interview, or meeting that Sentinel transcribes and analyzes. See Sessions.
Sentinel Sync — the service that monitors Microsoft 365 mailboxes and ingests their mail. See Integrations.
TAR / CAL — Technology‑Assisted Review / Continuous Active Learning; predictive coding for large review sets. See Document Review.
Tenant — a single customer organization on Sentinel, with isolated data.
Visual search — search over the visual content of images and scanned pages (signatures, diagrams, photos) via multimodal embeddings.
Zero Data Retention (ZDR) — a configuration where an AI provider doesn't retain submitted content after processing. See Security & Compliance.