Privacy Policy

Last Updated: February 5, 2026

Introduction

This Privacy Policy explains how Ibid. ("we," "our," or "us") collects, uses, and discloses information when you use our legal citation service, available at ibid.law, including our web application, document processing tools, Chrome browser extension, and Microsoft Word add-in (collectively, the "Service").

Information We Collect

Information You Provide

• Account Information: When you sign in using Google OAuth, we receive and store your email address, name, and profile picture URL from your Google account. We also store OAuth tokens (access token, refresh token, and token expiry) necessary to maintain your session and, where applicable, to access Google services on your behalf (such as Google Drive for export features).
• User Content: We store the citations, sources, projects, and other content you create and save through the Service.
• Uploaded Documents: When you use document processing features, you may upload documents (such as .docx files) containing text content. Uploaded documents are stored in cloud storage (Cloudflare R2) and retained until you explicitly delete the associated processing job. Extracted results (citation data, sourcepull tables, processing statistics) are stored in our database and associated with your account.
• Search Queries: When you use search features, your search terms (which may include case names, party names, statute numbers, or other legal references) are sent to third-party legal databases to retrieve results.

Information Collected Automatically

• Session Data: We use session cookies to maintain your login state and remember your preferences.
• Limited Technical Data: We may collect basic logs and technical information (such as approximate time of access, browser type, and IP address) to operate, secure, and troubleshoot the Service.
• IP Address at Terms Acceptance: When you accept our Terms of Service, we record your IP address and the date and time of acceptance as part of our legal compliance records.
• Processing Statistics: When you use document processing features, we collect and store processing metadata such as the number of footnotes processed, citations extracted, processing duration, and AI token usage. This data is associated with your account.

Information Collected by Browser Extension

If you use our Chrome browser extension:

• The extension reads the URL and metadata (page title, Open Graph tags, and similar publicly available metadata) of web pages you choose to cite. This information is sent to our servers to generate a citation.
• The extension may scan page content locally (in your browser) for citation patterns. This scanning happens entirely on your device and the results are not transmitted to our servers.
• The extension stores your authentication state and preferences locally using Chrome's storage API.

Information Collected by Word Add-in

If you use our Microsoft Word add-in:

• The add-in has permission to read and write content in your Word document in order to insert citations at your cursor position.
• The add-in communicates with our servers to authenticate your account, fetch your saved sources, and retrieve citation data. It does not send the full contents of your Word document to our servers.

Third-Party Services and Data Sharing

The Service integrates with various third-party services. When you use features that rely on these services, certain data may be transmitted to them:

Authentication

• Google OAuth: We use Google OAuth for authentication. Google provides us with your email, name, and profile picture. We also request access to Google Drive (limited to files created by the app) for export functionality. Your use of Google OAuth is subject to Google's Privacy Policy.

AI Service Providers

When you use AI-assisted features (such as document processing and citation extraction), portions of your document content are transmitted to third-party AI service providers for processing:

• What data is shared: Text content from documents you upload, primarily individual footnote text. We transmit the content necessary for the specific processing task.
• Purpose: Your content is shared solely to provide citation extraction functionality. It is not shared for advertising, profiling, or any unrelated purpose.
• Providers: We may use one or more of the following: OpenAI, Google Vertex AI (Gemini), Together AI, or other providers. We may change providers at any time.
• No model training by providers: Under the standard commercial API terms of major providers, customer data submitted via API is not used to train or improve their AI models.
• Retention by providers: AI service providers may temporarily retain your content for operational and trust-and-safety purposes, typically no more than 30 days, after which it is automatically deleted. We do not control provider retention practices.
• Data location: Your content may be processed on servers in the United States or other locations operated by AI service providers.

Legal Data Sources

When you search for legal sources or use autopull features, your search queries and citation data are sent to the relevant third-party services:

• CourtListener API — case law search and lookup. Subject to CourtListener's terms.
• Google Scholar — case law search (used as a supplemental source). Search queries are sent to Google Scholar's public web interface.
• GovInfo API — federal statutes, Congressional reports, statutes at large, U.S. Reports, and other government publications.
• eCFR API — Code of Federal Regulations lookup.
• Federal Register API — Federal Register document search.
• Congress.gov API — Congressional Research Service reports and legislative materials.
• Legiscan API — state and federal bill tracking and legislative data.
• USPTO Open Data Portal API — patent application and patent number lookup.
• Zotero Translation Server (self-hosted) — URL-based citation metadata extraction. This is a service we host; your URLs are not sent to a third party.

Infrastructure Providers

• Cloudflare R2: Uploaded documents are stored in Cloudflare R2 cloud storage. Cloudflare processes this data as a storage provider under their terms of service.
• Railway: Our application and database are hosted on Railway. Railway processes data as an infrastructure provider under their terms of service.
• Meilisearch: We use Meilisearch (self-hosted) for searching our index of law review article citation metadata. This index contains published citation data, not user-submitted content.

How We Use Your Information

We use the information we collect to:

• Provide, operate, maintain, and improve the Service
• Authenticate your account and manage your session
• Store and organize your citations, sources, and projects
• Process your uploaded documents and extract citations
• Look up source information from third-party legal databases
• Respond to your requests and provide support
• Send you service-related communications (such as important account or Terms of Service notices)
• Analyze aggregated, de-identified usage data and output patterns to improve and develop the Service, including training or fine-tuning our own machine learning models
• Generate aggregated, anonymized statistics about Service usage
• Help detect, prevent, and address technical and security issues
• Comply with legal obligations

How We Share Your Information

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• AI Service Providers: When you use AI-assisted features, we share portions of your document content with third-party AI providers solely to process and analyze your content for citation extraction. See "AI Service Providers" above for details.
• Legal Data Sources: When you search or use autopull, your search queries and citation data are shared with the relevant legal databases listed above.
• Infrastructure Providers: We share information with vendors who help us operate the Service (hosting, cloud storage, database), and only as needed for them to provide those services.
• Legal Requirements: We may disclose information if required by law or in response to valid legal requests.
• Business Transfers: If we are involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction.

Data Storage and Security

• We maintain reasonable administrative, technical, and physical safeguards designed to protect your information.
• We use HTTPS encryption for all data transmitted between your device and our servers.
• Session cookies are marked as HttpOnly and Secure (in production) to prevent unauthorized access.
• OAuth tokens are stored in our database and used only for maintaining your session and accessing authorized Google services.
• No security measure is perfect, and we cannot guarantee the security of your information.

Data Retention

• We retain your account information and user content for as long as your account is active or as needed to provide the Service.
• Uploaded documents are stored in Cloudflare R2 and retained until you explicitly delete the associated processing job. We may also remove documents after extended periods of inactivity.
• Extraction results (citation data, sourcepull tables, processing statistics) are stored in our database as part of your account and retained until you delete the job or your account.
• Content submitted to AI providers is retained by those providers for a limited period (typically no more than 30 days), after which it is automatically deleted by the provider.
• Terms of Service acceptance records (version accepted, date, and IP address) are retained as legal compliance records.
• You may delete individual processing jobs and their associated data through the Service. You may request deletion of your entire account and associated data by contacting us.
• We may retain certain information as required by law or for legitimate business purposes.
• Aggregated, de-identified data used for Service improvement may be retained indefinitely.

Your Rights

Depending on where you live, you may have certain rights regarding your personal information, such as:

• Access: Request access to your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your personal information and uploaded documents
• Data Portability: Request a copy of your data in a portable format

To exercise these rights, please contact us at .

Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your login session
• Remember your preferences
• Help operate, secure, and troubleshoot the Service

We do not use third-party analytics services, advertising trackers, or behavioral tracking technologies. You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of the Service.

Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately and we will promptly delete the information.

International Users

The Service is operated from the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers (including AI providers and cloud storage) operate. By using the Service, you consent to the transfer of your information to these jurisdictions.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on this page, updating the "Last Updated" date, and, where we are required to do so, requesting your renewed acceptance through the Terms of Service acceptance flow. You are advised to review this Privacy Policy periodically.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at .