Privacy & Security
Last updated July 2026 · pre-launch draft, under legal review
The short version
- The public decisions you browse here are public records — reading them involves no personal data beyond ordinary web logs.
- If you upload a Statement of Reasons (SOR), it goes into private, encrypted storage, is visible only to your signed-in account, and is automatically deleted on a short clock — or immediately, whenever you press Delete.
- We don’t sell data. We don’t run advertising trackers. We keep a tamper-evident log of every action taken on your upload.
What we collect
- Account basics — your email and sign-in identity, handled by our sign-in provider (Clerk). We never see or store your password.
- Your uploads — the SOR PDF you choose to upload, the text extracted from it, and the analysis built on that text.
- Usage events — counts of actions (a search ran, a case loaded). These are recorded without document contents or personal details.
- An audit trail for your uploads — when a document was uploaded, processed, viewed, and deleted. The trail records events, never contents.
How uploads are protected
Hosted on AWS infrastructure in U.S. Regions using encryption at rest, encryption in transit, least-privilege access controls, and AWS compliance resources available through AWS Artifact. In plain terms:
- A private vault. Uploads live in a dedicated storage area with public access blocked at the platform level — completely separate from the public decision files.
- Encrypted, always. Every uploaded file is encrypted at rest with a key we control, and all transfers require encrypted connections.
- Minimal keys. The application’s credentials can reach only this one storage area and nothing else.
- Expiring links. Files move only through single-purpose links that expire within minutes.
- Sign-in required. Uploading requires an account, and your uploads and results are visible only to you.
- File safety. Only PDF files are accepted (we verify the actual file contents, not just the name), with a 25 MB limit. Uploads are never executed and never shown to other users.
How long we keep uploads — and how to delete them
- Uploads not attached to a purchase are automatically deleted 14 days after upload.
- Uploads attached to a purchased report are kept 30 days, then deleted.
- You can delete any upload immediately from your results page or your account. Deletion removes the stored document, the extracted text, and every derived record. The audit trail keeps only the fact that a deletion happened — never the content.
The AI step, plainly
To read your SOR’s allegations, the extracted text is processed by commercial AI services under their business API terms, which state that API inputs are not used to train their models. The analysis you see — similar past decisions and their outcomes — is computed from the public record by our own database, not written freehand by an AI.
What we don’t do
- No selling or renting of your data. Ever.
- No advertising trackers or third-party ad cookies.
- No use of your uploads to improve our models or anyone else’s.
- No sharing of your uploads with other users, for any reason.
Payments
When paid features launch, payments will be processed by Stripe. Card numbers go directly to Stripe and never touch our servers.
Contact & changes
Questions, or want your account and all its data removed? Contact us at the support address published at launch [placeholder — set before launch]. If this policy changes, the date at the top changes with it, and material changes will be announced on the site.
Private research tool. Not affiliated with DOHA, DCSA, DoD, or the U.S. Government. See also the Terms of Service and Disclaimers.