The Privacy Promise
ShieldDrop never sees your files — they process entirely inside your browser and are never transmitted to our servers.
We collect only what is strictly necessary to operate your account: your email address and subscription status.
We do not track you, profile you, sell your data, or share anything with advertisers or third parties. Ever.
1. Scope
This Privacy Policy applies to all products in the ShieldDrop Legal Suite — ShieldDrop, CaseBrief, TrialMind, VaultDictate, VaultNotes, DocketForge, ShieldRedact, DeadlineCalc, ChainKeep, LegalTranslate, CourtBridge, ClauseGuard — and all web properties at shielddroplegal.com.
2. Files You Upload — Zero Retention
- Processed in RAM only. No uploaded file is ever written to disk, database, or object storage.
- Never read by humans. Processing is fully automated. No employee can access your file content.
- Destroyed after delivery. Memory is discarded the moment your processed file is returned to your browser.
- No fingerprints retained. We do not store file names, sizes, checksums, or any file-identifying metadata.
This architecture is compatible with attorney-client privilege and work product doctrine requirements under ABA Model Rule 1.6 and ABA Formal Opinion 477R.
3. Account and Subscription Data
For subscribers we store: email address (billing and service notifications), Stripe payment tokens (never raw card data), subscription status, and plan tier. Referral codes are stored in your browser localStorage only and are never transmitted to our servers.
4. AI Tools — CaseBrief, TrialMind, LexAI, ClauseGuard
Text you submit to AI tools is sent to third-party LLM APIs (Groq, OpenRouter) solely to generate analysis and is returned to you immediately. We recommend: do not paste real client names, SSNs, or case numbers. Use pseudonyms or placeholder identifiers. We do not store AI inputs or outputs beyond your active session.
5. Analytics and Cookies
ShieldDrop uses no third-party analytics, no tracking pixels, no advertising cookies, and no behavioral profiling of any kind. We operate with zero external tracking tools. Cookies in use: session authentication (expires on browser close, required for login), Stripe payment tokens (required for billing). Browser localStorage values (theme preference, referral code) are stored locally in your browser only and are never transmitted to any server.
6. Third-Party Service Providers
7. Security
All data in transit is TLS 1.2+ encrypted. Infrastructure is hosted on Railway in the United States. Production access requires MFA and least-privilege controls. Because we do not store your files, the attack surface for a client document breach is eliminated at the architecture level — we cannot leak what we do not have.
8. Your Rights
- Access: Email privacy@shielddroplegal.com to receive all account data we hold (email, subscription status, plan tier).
- Deletion: Request account deletion at any time. Account data removed within 30 days.
- CCPA: We do not sell personal information. California residents may contact us for CCPA requests.
- GDPR: Residents of the EU/EEA may contact us for data subject requests under GDPR Article 15–22.
9. Children's Privacy
The Service is intended for licensed legal professionals 18 years of age or older. We do not knowingly collect data from minors.
10. Changes to This Policy
Material changes will be communicated to subscribers at least 14 days before taking effect. Continued use of the Service after that date constitutes acceptance of the updated policy.