Privacy Policy

Last updated: May 2026

Our Core Commitment

Citations.law is designed for lawyers. We understand that the documents you work with are protected by attorney-client privilege and must remain confidential. This isn't just a policy — it's the foundation of our architecture.

Document Processing

What happens when you upload a document

• Your document is processed in real time on our servers for citation extraction and verification.
• Your document is never stored on our servers after processing is complete.
• Your document is never sent to any third-party service, AI provider, or cloud API.
• Your document is never used for training, analytics, or any purpose other than returning your verification results.

OCR processing for scanned documents

When a scanned PDF requires optical character recognition (OCR), that processing happens locally on our servers using open-source tools. No document content is ever sent to external OCR services.

Why this matters

Because we never store or transmit your documents:

• There is nothing on our servers that could be subpoenaed
• There is no risk of data breach exposing client files
• Attorney-client privilege is preserved at every step
• Work product protection is maintained

Account Information

When you create an account, we collect:

• Email address — for account login, verification, and essential communications
• Name — for account identification
• Password — stored using industry-standard bcrypt hashing; we never store plaintext passwords

We do not sell, share, or disclose your account information to third parties except as required by law.

Verification Results

Citation verification reports are generated in real time and delivered to your browser. We do not retain copies of your verification results.

Cookies and Sessions

We use a single session cookie to maintain your login state. We do not use tracking cookies, advertising cookies, or analytics that monitor your behavior on the site.

Data Security

All connections to Citations.law are encrypted via HTTPS/TLS. Account passwords are hashed using bcrypt. Access to our servers is restricted and monitored.

Data Retention

• Documents: Not retained. Processed in memory and discarded.
• Verification results: Not retained on our servers.
• Account information: Retained while your account is active. Deleted upon account deletion request.

Your Rights

You may at any time:

• Request deletion of your account and all associated data
• Request a copy of the personal information we hold about you
• Correct inaccurate account information

To exercise these rights, contact info@citations.law.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email.

Contact

Privacy questions? Contact us at info@citations.law.