Spellbook
Rally Now, Inc. (Spellbook) · EFROS US AI Vendor Governance Index entry
Composite governance score
D = thin posture. Deploy only for low-risk, non-regulated workloads under strict scope.
About this vendor
Generative AI contract drafting and review assistant integrated with Microsoft Word. Targets small-to-mid law firms with focused contract workflows.
- Enterprise tier
- Spellbook Associate, Spellbook Partner
- Vendor homepage
- https://www.spellbook.legal
Twelve-axis governance scoring
Each axis is scored Yes / Partial / No / N/A against public evidence — vendor trust portals, BAAs/DPAs, SOC 2 report cover pages, published methodology documents. N/A applies when the axis is structurally inapplicable (foundation models, for example, defer Section 1557 to the downstream healthcare deployer).
| Axis | Status | EFROS note | Source |
|---|---|---|---|
| BAA / DPA available | Yes | Spellbook signs BAAs for enterprise customers where required. | Spellbook Security |
| Training-data opt-out | Yes | Spellbook does not train on customer documents. Tenant isolation enforced. | Spellbook Privacy |
| US data residency option | Partial | Spellbook hosted on US/Canada cloud infrastructure. Explicit US-only residency configuration not documented as of May 2026. | Spellbook Security |
| SOC 2 Type II report | Partial | Spellbook is SOC 2 Type II under audit / completed; report distribution via direct enterprise request. | Spellbook Security |
| ISO/IEC 42001 attestation | No | No ISO/IEC 42001 attestation. | Public posture review |
| NIST AI RMF self-attestation | No | No public NIST AI RMF self-attestation. | Public posture review |
| Colorado AI Act readiness | No | No Colorado AI Act-specific public statement. | Public posture review |
| HHS-OCR Section 1557 readiness | N/A | Legal-vertical positioning. | Spellbook positioning |
| FRB SR 11-7 readiness | N/A | Legal-vertical positioning. | Spellbook positioning |
| ABA Formal Op 512 readiness | Partial | Spellbook publishes general legal-ethics alignment documentation; explicit ABA Op 512 mapping less detailed than top-tier legal-vertical vendors. | Spellbook documentation |
| Subprocessor list public | Partial | Subprocessor information available via enterprise request; not self-serve public. | Spellbook Security |
Trust-center maturity
Security page documents core controls. Trust-portal maturity below cloud-platform and top-tier legal-vertical peers.
Source: spellbook.legal/security
Deep dive
Overview
Spellbook targets a smaller-firm market than Harvey, Lexis+ AI, or CoCounsel. The governance posture reflects the smaller-vendor scale: solid fundamentals on the dimensions that matter most for contracts (BAA, no-train) but less mature on trust-portal documentation, sector-specific governance, and AI-specific certifications.
Strengths
- BAA-eligible for enterprise
- Default no-train
- Word-integrated workflow lowers adoption friction
Weaknesses
- Less mature trust portal
- No explicit US-only residency configuration
- Subprocessor list NDA-gated
- ABA Op 512 mapping less detailed than top-tier legal vendors
Best-fit use case
Small-to-mid firms (5-50 attorneys) focused on transactional / contract work, where Word-integration and per-attorney pricing match the budget and workflow.
Avoid when
Firms with strict regulatory scrutiny (especially BigLaw or in-house teams under heavy compliance scrutiny) that need top-tier trust documentation.
Operator's take
Deploy Spellbook when small-to-mid firms (5-50 attorneys) focused on transactional / contract work, where Word-integration and per-attorney pricing match the budget and workflow. The composite score of 45 (grade D) reflects a mixed posture for regulated US workloads. Skip the vendor when firms with strict regulatory scrutiny (especially BigLaw or in-house teams under heavy compliance scrutiny) that need top-tier trust documentation. In every deployment, treat the cells above as a snapshot — the acquisition that gets to production safely is the one that re-verifies the trust-center posture before contract signature and rebuilds the matrix at renewal.
How this scoring is computed
The composite score blends eleven scoreable axes (BAA, training opt-out, US data residency, SOC 2, ISO/IEC 42001, NIST AI RMF, Colorado AI Act, Section 1557, SR 11-7, ABA Op 512, subprocessor transparency) with the trust-center maturity score. Axes marked N/A are excluded from the denominator so vendors are not penalized for sector-inapplicable axes. The vendor's primary sector amplifies the most relevant axes — healthcare vendors weight Section 1557 ×2, legal vendors weight ABA Op 512 ×2, banking vendors weight SR 11-7 ×2 — so the composite reflects what matters in the actual buying context.
Read the full methodology →Disagree with this scoring?
EFROS publishes scoring rationale per cell with a public source. If you have evidence that a specific axis should score differently — a new BAA, a new certification, a documented policy change — submit a formal challenge below. We re-score and publish the result with the next quarterly edition (or as a mid-quarter changelog entry if the change is material).
Disagree with a score?
Every cell in the EFROS Index is source-cited. If you have a public source that contradicts a score for Spellbook, submit a formal challenge — we re-verify against the source and respond within 14 days.
Similar vendors (same category or sector)
Vendors in the same category as Spellbook, padded with vendors that share its primary sector. All scored on the same twelve axes — useful for head-to-head shortlisting.
Where Spellbook shows up in the rest of the Index
Spellbook is scored in every state and (where applicable) sector slice of the Index. Use these views to compare Spellbook against its peers from a state or sector lens rather than category.
Take the scoring into production
The Index tells you the posture. These engagements turn the posture into a deployable program — vendor selection, governance policy, sector overlay, audit-ready evidence.