REF: MR-PRIV
Privacy Policy
Last updated: July 2026
What we store
Your profile (jurisdiction, preferences, optional drafting identity), consent records, and OAuth session metadata (hashed tokens, never the raw secret). Case-law lookups may be cached server-side without your personal data attached. Conversation facts are not stored as a case file.
What we do not do
We do not sell your data. We do not use conversation content or PII in server logs. Only user ID, tool name, and timing for rate limits. We do not send marketing email.
Research cache
CourtListener and statute responses are cached in Postgres to respect API limits. Cache entries are keyed by upstream URL, not by user identity.
Your choices
Profile data can be updated through MCP tools in Claude or Cursor. Account access is invite-only and tied to your invited email and Clerk sign-in at /join. OAuth sessions can be sign out on the Connect page. Consent records are append-only for compliance and may be retained after account deletion.
Contact
Questions about this policy go to the M.Ross owner who sent your invite.