Privacy Policy
CiteClerk LLC ("CiteClerk," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes what information we collect, how we use it, who we share it with, and your rights regarding your data. This policy applies to your use of citeclerk.com and all CiteClerk services.
1. Our Core Privacy Commitment
CiteClerk is designed for legal professionals who handle sensitive information. Our approach to data is minimal by design:
- Documents you upload to Check Cite are processed in memory and immediately discarded. They are never written to disk, never stored in our database, and never used for any purpose after processing is complete.
- We do not sell your personal information to any third party.
- We do not use your document content or citation queries to train AI models.
- We collect only the data necessary to provide the service.
2. Information We Collect
2.1 Account Information
When you create an account, we collect your name and email address through our authentication provider (Clerk). If you register with a .edu email for the Student tier, that email address is retained to verify eligibility. Student tier eligibility is limited to registered students at ABA-accredited law schools and expires upon the earlier of four years from initial subscription or the date you cease to be a registered student at an ABA-accredited law school.
2.2 Payment Information
Payment processing is handled entirely by Stripe. CiteClerk does not collect, store, or have access to your credit card number, bank account details, or other sensitive payment information. We receive only a payment confirmation and subscription status from Stripe.
2.3 Usage Data
We collect data about how you use CiteClerk, including:
- Citations generated and citation search history (stored to power your citation History feature). This history may include case names and citation strings you search. We treat your citation and search history as confidential and do not sell it, share it for advertising, or use it to train AI models.
- Feature usage patterns (which tools you use, citation types generated)
- Citation counts and monthly usage for quota enforcement
- General usage timestamps and session metadata
2.4 Technical Data
We automatically collect standard technical information including IP address, browser type, device type, and referring URLs. This data is used for security, abuse prevention, and service improvement.
2.5 What We Do NOT Collect
- Content of documents uploaded to Check Cite — these are discarded immediately after processing
- The full text of briefs, motions, or any other legal documents you submit
- Privileged attorney-client communications
- Any data beyond what is listed above
3. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the CiteClerk service
- Process payments and manage your subscription
- Enforce subscription tier eligibility (including .edu verification for Student tier)
- Display your citation History
- Send transactional emails (account creation, payment receipts, service notices)
- Enforce usage limits and prevent abuse
- Respond to support requests
- Comply with legal obligations
We may also use anonymized and aggregated data — data that has been de-identified so that it does not identify you and cannot reasonably be used to identify you — for analytics, product improvement, and understanding how CiteClerk is used. This does not include the content of documents you upload, which is discarded after processing, and we do not use your document content or citation search history to train AI models.
We do not use your data for advertising or sell it to data brokers.
4. Subprocessors — Third Parties We Share Data With
CiteClerk uses the following third-party service providers to operate the service. Each receives only the data necessary for their specific function:
Clerk (clerk.com): Authentication and user account management. Processes your name, email address, and session data.
Stripe (stripe.com): Payment processing and subscription management. Processes your payment information directly. CiteClerk does not receive or store your payment credentials.
Vercel (vercel.com): Application hosting and deployment. Processes request metadata in connection with serving the application.
Neon (neon.tech): Database hosting. Stores your account data, citation history, and usage metadata.
Vercel KV / Redis: Session management and rate limiting. Stores temporary session tokens and usage counters.
OpenAI (openai.com): AI-assisted citation processing for certain query types. Query text may be sent to OpenAI for processing. Document content from Check Cite is never sent to OpenAI.
Google (Gemini API): AI-assisted citation processing fallback. Same limitations as OpenAI above.
Anthropic (anthropic.com): AI-assisted citation processing fallback. Same limitations as OpenAI above.
Free Law Project / CourtListener (courtlistener.com): Legal case database used for citation lookup and verification. Citation query strings (case names, reporter citations) may be sent to CourtListener's API. Document content, account information, and personal data are never sent to CourtListener.
Crawlbase: Headless browser service used as a fallback for webpage content extraction in the Webpage citation and Check Cite features. URLs submitted for webpage citation may be processed by Crawlbase. Document content is not sent to Crawlbase.
We do not share your data with any other third parties except as required by law.
Data Processing Addendum: Business customers, including law firms and institutions, may request a Data Processing Addendum (DPA) governing CiteClerk's processing of personal data on their behalf. Contact legal@citeclerk.com to request a DPA.
5. Data Retention
Uploaded documents (Check Cite): Zero retention. Processed in memory and immediately discarded. Not written to disk or database.
Generated citations and History: Retained until you delete them or close your account.
Account data: Retained while your account is active and for 30 days after account deletion, then permanently deleted.
Payment records: Retained for 7 years as required by law. Managed by Stripe.
Subscription consent records: Records of your consent to automatic renewal terms are retained for 3 years, or 1 year after your subscription terminates, whichever is longer, as required by applicable subscription law.
Usage and analytics data: Retained for 12 months in aggregate, anonymized form.
Technical logs: Retained for 90 days for security and debugging purposes.
6. Data Security
We implement security measures designed to protect your information, including:
- Encryption of data in transit using TLS
- Encryption of data at rest
- Least-privilege access controls limiting who can access data
- Audit logging of access to systems handling personal data
- Ongoing vulnerability management and security review
However, no system is completely secure. We cannot guarantee absolute security of your data.
If we become aware of a data breach that affects your personal information, we will notify you without undue delay and within the timeframe required by applicable law.
7. Your Rights
You have the following rights regarding your personal data:
Access: You may request a copy of the personal data we hold about you.
Deletion: You may request deletion of your account and associated personal data. Upon requesting deletion, your account is deactivated immediately. Citation history and personal data are permanently purged within 30 days.
Correction: You may update your account information through account settings.
Export: You may request an export of your citation history.
Opt-out of marketing: We send only transactional emails. There are no marketing emails to opt out of.
To exercise any of these rights, contact us at legal@citeclerk.com.
8. California Privacy Rights
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete personal information, and the right to non-discrimination for exercising your privacy rights. CiteClerk does not sell personal information. To exercise your CCPA rights, contact us at legal@citeclerk.com.
9. Do Not Track
CiteClerk does not respond to browser Do Not Track signals. We do not engage in cross-site tracking, behavioral advertising, or the tracking behaviors those signals are designed to prevent. Our data collection is limited to what is described in this policy.
10. International Users
CiteClerk is operated from the United States. If you access CiteClerk from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country. By using CiteClerk, you consent to this transfer and processing.
11. European and UK Privacy Rights (GDPR)
If you are located in the European Economic Area (EEA) or the United Kingdom, the following applies. CiteClerk LLC acts as the data controller for personal data processed through the service. We process your personal data on the following lawful bases: performance of our contract with you (to provide the service), our legitimate interests (to operate, secure, and improve the service), your consent (where applicable), and compliance with legal obligations.
You have the right to access, correct, delete, restrict, or object to the processing of your personal data, and the right to data portability. You also have the right to lodge a complaint with your local data protection authority. To exercise these rights, contact legal@citeclerk.com. Because CiteClerk processes data in the United States, international transfers are made in reliance on appropriate safeguards where required. Business customers requiring Standard Contractual Clauses may request them at legal@citeclerk.com.
12. Business Transfers
If CiteClerk LLC is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will require any successor to honor the commitments in this Privacy Policy, and we will notify you of any change in ownership or use of your personal data.
13. Government and Law Enforcement Requests
CiteClerk may disclose your information if required to do so by law, subpoena, court order, or other valid legal process. Where we are legally permitted to do so, we will make reasonable efforts to notify you before disclosing your information in response to such a request, so that you may seek to protect your rights. We may be prohibited from notifying you in certain circumstances, such as when a court order or law forbids it.
14. Children's Privacy
CiteClerk is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.
15. Cookies
CiteClerk uses essential cookies and local storage necessary for authentication and session management. We do not use advertising cookies or third-party tracking cookies. You may disable cookies in your browser settings, but doing so may prevent you from logging in.
16. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a prominent notice in the application at least 14 days before changes take effect. The effective date at the top of this policy reflects the date of the most recent update.
17. Contact Us
For privacy questions, data requests, or concerns, contact us at:
CiteClerk LLC
Email: legal@citeclerk.com
Website: https://citeclerk.com
CiteClerk LLC | https://citeclerk.com | Effective June 1, 2026