Work Product, Privilege, and Data Handling
Attorneys regularly use research tools, analytical software, and consultants in trial preparation. LitigationPrep is one such tool. This page explains how we handle your data and addresses common questions about privilege and discoverability.
Is my use of LitigationPrep protected as attorney work product?
The work product doctrine protects materials prepared in anticipation of litigation. Under Federal Rule of Civil Procedure 26(b)(3) and its state equivalents, documents and tangible things prepared by or for a party or its representative in anticipation of litigation are ordinarily protected from discovery.
LitigationPrep is designed for use at attorney direction in anticipation of litigation. When used in that context, the outputs -- attack vectors, cross-examination strategy, and Daubert analysis -- may support work-product protection, particularly opinion work product. Whether protection applies in any specific matter is a determination you must make based on the facts, jurisdiction, and applicable rules.
We are not your lawyers and this is not legal advice. Apply your own professional judgment about what materials to generate, how to label them, and how to store them within your practice.
What information do we store?
When you generate an Expert Vulnerability Report, we store:
• The expert's name, credentials, and proceeding type you submitted
• The methodology summary and opinions you described
• The generated report output
• The timestamp and your account identifier
When you use the Cross-Examination Simulator, we store:
• The session configuration (expert name, demeanor, case context)
• The full session transcript
• The end-of-session scoring and analysis
• The timestamp and your account identifier
We do not store: client names, case numbers, underlying facts of your matter, documents you have not submitted, or any information beyond what you explicitly enter.
For both EVR reports and simulator sessions, you can opt out of saving by selecting "Do not save this report" or "Do not save this session" before generating. In that case, nothing is written to our database. The content is generated and displayed only in your current browser session.
Is my input used to train AI models?
No. Information you submit, whether for EVR reports or simulator sessions, is not used to train or fine-tune any AI model, including the models that power LitigationPrep. Your input is passed to the model to generate your output and is not used by us for any purpose beyond providing the service.
Who can see my reports?
Reports saved to your account are accessible only through your authenticated session. We do not share report contents with other users, third parties, or opposing counsel. Our staff does not review individual reports unless you contact support with a specific issue and consent to review.
How should I think about what to input?
LitigationPrep is most effective when given specific, accurate information about the opposing expert's methodology and opinions. The more precise your input, the more targeted and actionable the attack vectors.
That said, exercise the same judgment you would with any outside service used in litigation preparation. You do not need to include client names, sensitive underlying facts, or identifying case information to generate effective analysis. The expert's methodology and opinions are what drive the output.
What about jurisdiction-specific rules on outside services?
Some jurisdictions and practice contexts have specific rules about data handling, cloud services, and client confidentiality. Bar ethics rules in your jurisdiction may govern what tools you use and how. We recommend reviewing your applicable rules of professional conduct, particularly those addressing competence, confidentiality, and supervision of nonlawyer assistance, before using any litigation support tool including this one.
TLS 1.2 minimum on all connections. No unencrypted transport accepted at any layer.
AES-256-GCM via Supabase (PostgreSQL). All persistent application data encrypted at rest by default.
Documents submitted for processing are never written to disk. Processing is in-memory only. No document content persists beyond the active session. Uploaded content is not stored, indexed, or retrievable after processing completes.
LitigationPrep application data is access-controlled by authenticated user session. Operator and administrative access to application data is governed by internal access controls. Staff with database administrative credentials can access application data. We do not routinely review user session content.
Account deletion available at any time from account settings. Deletion removes all associated data permanently and immediately. No retention after deletion.
Supabase -- database and authentication (US region). Anthropic -- AI inference only; receives de-identified text, not raw case documents; zero data retention policy applies. Vercel -- application hosting. Stripe -- payment processing only; no case data transmitted. Elider -- document processing and de-identification, Railway-hosted, receives uploaded documents for in-memory processing. CourtListener -- federal case law database, queried for Daubert analysis, receives expert name and proceeding type.
Your data is not used to train AI models. Anthropic processes requests under a zero data retention agreement. No case inputs, outputs, or usage patterns are used for training purposes by any subprocessor.
SOC 2 Type II is on our compliance roadmap as we scale to enterprise. Our current security posture is documented here. Firms requiring a SOC 2 report prior to procurement may contact legal@litigationprep.app to discuss timing and alternatives.
LitigationPrep is not a HIPAA-covered entity. Reports analyze opposing expert methodology from information you provide -- not patient records. No PHI is submitted or processed. No BAA is required or offered.
If you have questions about our data handling practices or need additional information for your firm's vendor review process, contact us at legal@litigationprep.app.