Trust & Security
Case bundles hold medical records, PHI, and privileged litigation material — the most sensitive documents you handle. This page is the plain-English version of how CitePage protects them: never used to train AI, never sold, encrypted in transit and at rest, deletable at any time, and isolated to your account. We're also honest about what we don't yet claim.
The short version
The detail, in plain English
Your case records are used for one thing only: producing your chronology. They are never used to train or fine-tune any AI model, never sold, and never shared or repurposed for advertising or any other business.
The AI that reads your records is Anthropic's Claude API, and Anthropic is contractually barred from training on the data we send it. Their commercial terms are explicit:
In other words, no-train isn't just our promise — it's backed by our AI provider's contract with us.
Everything you upload travels over TLS/HTTPS, so records are encrypted on the wire between your browser and CitePage. Once received, they're stored on encrypted infrastructure — our host, Fly.io, encrypts its storage volumes at rest.
We want to be precise rather than impressive: this is transport encryption plus encrypted-at-rest storage. We do not currently claim application-level or field-level encryption of individual record contents, and we won't describe our security as something it isn't.
You can delete any case and its source files at any time from your account. When you delete a case, its uploaded records are removed from active storage.
We're also rolling out an option to auto-delete the original records as soon as the chronology is built, so that all we keep is the cited timeline you rely on — not the raw bundle. Our direction is to hold sensitive source material for as short a time as your workflow allows.
Every account's records, chronologies, and audit logs are isolated to that account. One expert's case material is never visible or accessible to another customer.
Access to production systems is limited to what's needed to run and support the service, and we design access around the principle that your privileged material stays yours.
CitePage organizes facts and cites them to their source pages. It flags conflicts, gaps, and causation questions for your judgment — but it never writes a conclusion.
We do not practice law or medicine, and CitePage is not legal or medical advice. Every opinion, and every word that carries your name, is authored and signed by you.
CitePage keeps an exportable audit trail of AI-assisted actions on your case, so that if your methodology is ever questioned in discovery, you can produce an organized record instead of scrambling.
That trail is for your defense — it is part of your case data, isolated to your account, and handled under the same no-train, no-sale, deletable terms as the rest of your records.
Who touches your data
We keep our vendor list small on purpose. These are the third parties that process data on our behalf to run the service. Each is bound to handle data only to provide their function to us.
| Subprocessor | What they do | Data & location |
|---|---|---|
| Anthropic | AI processing — the Claude API reads your records to build the chronology | Case content sent for processing; contractually barred from training on it |
| Fly.io | Application hosting and storage of your case data | Uploaded records and chronologies, stored on encrypted volumes (United States) |
| Cloudflare | Content delivery (CDN) and privacy-friendly, cookieless website analytics | Website traffic only; aggregate, cookieless analytics — no user records |
| Porkbun | Domain registration and DNS | DNS only — no user data or case records pass through it |
We'll keep this list current. If we add or change a subprocessor that processes customer content, we'll update this page.
Honest about the roadmap
We are not going to overstate our compliance posture. A signed Business Associate Agreement (BAA) for customers who need one, and formal third-party security certifications, are in progress — not finished.
So, plainly: CitePage does not today claim to be "HIPAA compliant," and we are not "SOC 2 certified." We've built the service around the practices those frameworks care about — no training on your data, encryption, isolation, deletion, and a minimal vendor list — and we're working toward the formal agreements and audits. When they're real, we'll say so here, with specifics. Until then, we won't.
Talk to a human
We'd rather answer a hard question than have you guess. Email us and a person will reply.
Questions? security@citepage.com or hello@citepage.com.
Related: Privacy Policy · Terms of Service · Data Processing Addendum.
Try it free
Upload one consented case bundle. Get a page-cited chronology back, handled under exactly the terms on this page. You author every opinion.