Privacy policy

Last updated: June 15, 2026.

The short version: your message files are read and processed entirely in your browser and are never uploaded to us or anyone else. The only information we ever receive is what you choose to type into the contact form.

Your message exports and exhibits

When you use the builder or the verify page, the files you choose are read by your own browser using the local File API, processed in memory, and turned into a PDF on your device. They are never sent to a server. We have no upload endpoint, no database, and no account system, so there is nowhere for your messages to go. This isn't only a promise - the site is served with a strict Content-Security-Policy that prevents the page from connecting anywhere except the static asset hosts listed below, so the browser itself blocks any attempt to transmit your file content. You can confirm it by watching your browser's network tab while you build an exhibit.

Nothing is stored, either: we don't use cookies, localStorage, sessionStorage, or any other persistence for your message content (or anything else). Refreshing the page erases your session entirely.

AI Review Lab (optional feature)

The AI Review Lab is an optional feature that uses browser-based AI to rank your pasted messages by possible relevance to a claim. It has different network characteristics from the Builder — read this section carefully.

• All the AI code runs from our own site, not a remote CDN. Both the Transformers.js library and the ONNX runtime's loader code are built into ExhibitKit and served from our own origin — no external JavaScript executes in the same browser context as your pasted messages. The AI Lab's Content-Security-Policy allows JavaScript code generation (unsafe-eval) because the ONNX runtime requires it for browser inference; this permission applies only to the AI Lab page and is not granted to the Builder, Verify, or any other page on the site. No third-party script host is listed, so code generation can only run on scripts served from our own origin.
• Only binary data is fetched from CDNs. On first use your browser downloads two kinds of binary file: the ONNX WebAssembly runtime (~21 MB) from jsDelivr, and the public Xenova/all-MiniLM-L6-v2 model weights (~23 MB) from Hugging Face. These are data files — they are fetched by your browser, not sent from it, and the WebAssembly runs inside the browser's wasm sandbox, not as page script. They reveal your IP to those CDN hosts, as with any web resource.
• The AI Lab is designed so your message text is not uploaded. The embedding (the AI ranking step) runs entirely on-device using WebAssembly. The page's Content-Security-Policy limits outbound connections to the Hugging Face and jsDelivr hosts and explicitly omits our own origin, so scripts cannot POST message content back to ExhibitKit. However, CSP limits which hosts scripts may contact, not whether any particular request happens to carry your text — so our privacy claim here is that the page is carefully designed not to do that, rather than a mathematical guarantee.
• Your browser may cache the model files. The browser's Cache API stores the downloaded model files so subsequent visits skip the ~23 MB download. These are public model weights, not your messages.
• No message text is written to persistent storage. The AI Review Lab does not use localStorage, sessionStorage, IndexedDB, or cookies for your messages. Closing or refreshing the tab erases your session.
• The AI Lab is separate from the official PDF builder. The court-ready exhibit pipeline (Builder, Verify) makes zero network requests while processing your files and is the stronger privacy guarantee. Use the Builder for evidence preparation; the AI Lab is an optional review helper only.

The contact form

The contact form is the one place data is intentionally sent. When you submit it, your name, email (if provided), topic, and message are sent to our hosting provider, Netlify, which stores the submission and notifies us so we can reply. We ask you not to include private message content or evidence in it. We use what you send only to respond to you; we don't sell it or use it for marketing.

Ordinary web-hosting data

Like any website, when your browser loads ExhibitKit it makes normal web requests that the servers involved can see (such as your IP address and browser type):

• Netlify hosts the site and may keep standard server access logs.
• cdnjs (Cloudflare) serves the jsPDF library, Google Fonts serves the fonts, and jsDelivr serves the optional extended PDF font if you turn it on. Loading those assets reveals your IP to those CDNs, as with any site that uses them.

We don't add any analytics, trackers, advertising, or third-party scripts beyond those asset hosts. After your first visit the app is cached by a service worker and works offline, so it can run without contacting anything at all.

Children

ExhibitKit isn't directed at children and doesn't knowingly collect information from them.

Changes

If this policy changes, we'll update the date above. Questions? Contact us.

This policy describes how the website handles data and is not legal advice.