UTC: 00:00:00
SID: UNAUTHEN...
SYNC_ID: --
ENCRYPTION: ACTIVE (AES-256)
DEFCON: Lvl 4
● LIBR_ENGINE: DETECTED_DIP [$14,500 RECOVERED] ● ENTITY_RESOLUTION: FLAGGED_CRYPTO_TRANSFER [COINBASE -> UNKNOWN_WALLET] ● INTEL_ANALYSIS: BLOCKED_HOSTILE_TEXT [RISK_LEVEL: HIGH] ● ALERT: NEW_OFFSHORE_NODE_IDENTIFIED ● SYSTEM_STATUS: ENCRYPTION_ACTIVE (AES-256) ● LIBR_ENGINE: DETECTED_DIP [$14,500 RECOVERED] ● ENTITY_RESOLUTION: FLAGGED_CRYPTO_TRANSFER [COINBASE -> UNKNOWN_WALLET]
Compliance

Privacy Policy

Effective Date: January 15, 2026

Exit Protocol Inc. ("we," "our," or "us") is committed to protecting the privacy and confidentiality of your data. This Privacy Policy describes how we collect, use, store, and protect your information when you use the Exit Protocol forensic intelligence platform.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your email address and a hashed password. We do not store passwords in plaintext.

1.2 Financial Data

Through direct file upload (PDF bank statements, financial discovery documents), third-party API integrations (Clio Manage, Plaid), or manual entry, we receive financial transaction records, account balances, and related data necessary to execute forensic tracing protocols. This includes dates, descriptions, debit/credit amounts, and running balances extracted via spatial-grid OCR.

1.3 Communications Data

If you use the communication analysis features (AI Judge, BIFF Filter, War Room), we process message text you provide for sentiment analysis and tone rewriting. This data is stored only within your active case context and processed ephemerally — it is not retained beyond the analysis session.

1.4 Uploaded Evidence & Document Metadata

Documents uploaded to the Evidence Vault are encrypted at rest and hashed (SHA-256) for chain-of-custody verification. When the Shadow Report module is used, we also extract and analyze document metadata including:

  • XMP Metadata: Author, producer software, creation/modification timestamps embedded in the PDF structure.
  • EXIF Data: GPS coordinates, camera models, and image creation dates from embedded images (extracted via Pillow).
  • Ghost Text Layers: Hidden, unsearchable text beneath redaction blocks in improperly flattened PDFs.

This metadata is processed solely for the purpose of providing the Shadow Report analysis and is stored within your case context.

1.5 Automatically Collected Data

We collect standard server logs including IP address, browser type, device information, and access timestamps for security monitoring and platform performance.

1.6 Demo Sandbox Data

If you use the Demo Sandbox, you interact with synthetic financial data only. No personal or real financial information is collected during sandbox usage.

2. How We Use Your Data

Purpose Data Used Processing Type
LIBR forensic tracing Financial transactions, account balances Deterministic
Impeachment Engine Transactions cross-referenced against sworn affidavits Deterministic
Entity Resolution Graph Transfer recipients, shell entity identifiers Deterministic
Leakage Analysis Income data vs. lifestyle spending AI-assisted
Sentinel anomaly detection Transaction descriptions, amounts, timestamps Deterministic
AI Judge & BIFF analysis Communication text AI (Ephemeral)
Grand Strategist narratives Aggregated case facts, timeline events AI (Ephemeral)
Shadow Report Document structure, XMP metadata, EXIF data Deterministic
Evidence integrity verification File hashes (SHA-256, MD5) Deterministic
Account authentication Email, hashed password Standard
Security monitoring IP addresses, access logs Standard
Exit Protocol does not, and never will, sell your personal information or your clients' sensitive case data to third-party data brokers or marketing agencies.

3. Data Processing Methods

3.1 Deterministic Processing

The core forensic engine — LIBR tracing, Impeachment Engine, Entity Resolution Graph, and Sentinel monitoring — processes your financial data using fixed, deterministic algorithms. These modules apply invariable mathematical rules and do not involve probabilistic AI models. Your financial data processed through these modules is never transmitted to external AI services.

3.2 Asynchronous Processing

Computationally intensive operations — including parsing large discovery sets (10,000+ transactions), executing spatial-grid OCR, and running graph theory algorithms — are processed asynchronously via Celery task queues. Your data is processed in isolated worker contexts and results are stored securely in your case upon completion.

3.3 Spatial-Grid OCR Pipeline

When you upload PDF bank statements, the platform analyzes the geometric structure of each page — mapping the spatial distance between tokens to identify tabular columns (Date, Description, Debit, Credit, Balance). Azure Document Intelligence processes pages in the cloud; Surya OCR provides a local fallback. Upon upload, the parsing core authenticates the SHA-256 integrity of the PDF to establish its chain of custody.

4. Artificial Intelligence & Zero-Training Guarantee

Exit Protocol utilizes the following AI services for specific features:

  • Google Gemini 2.0 Flash — Sentiment analysis, BIFF tone rewriting, contradiction detection, narrative generation (Grand Strategist), and judicial temperature simulation. Used for ancillary features only; not used in core forensic calculations.
  • Azure Document Intelligence — Cloud-based spatial-grid OCR for structured extraction of tabular data from PDF bank statements.
  • Surya OCR — Local-processing OCR fallback for environments where cloud transmission is not permitted.
Your data is never used to train foundational AI models. We maintain strict data handling agreements with all AI sub-processors. Your case data is transmitted ephemerally for processing and is not retained by the AI provider beyond the duration of the individual API request. The core LIBR tracing algorithm operates entirely deterministically and does not utilize any AI.

Zero-Training Data Policy

Exit Protocol processes highly sensitive financial discovery, including sworn affidavits, bank ledgers, and cryptocurrency routing identifiers. We maintain a strict, uncompromising Zero-Training Policy regarding your case data.

  • No Foundational Model Training: Your uploaded documents, parsed ledgers, and entity resolution graphs are never used to train, fine-tune, or improve Google Gemini, Surya OCR, Azure Document Intelligence, or any internal Exit Protocol algorithms.
  • Ephemeral Processing: Data processed through our AI-assisted features (such as the Grand Strategist or BIFF Filter) is transmitted securely via enterprise API endpoints that legally prohibit data retention for model training.

Subpoena Defense & Discovery Requests

Because our platform handles privileged attorney work product and sensitive marital dissolution data, Exit Protocol actively resists broad, unauthorized third-party discovery requests. We will not voluntarily disclose your forensic traces or uploaded ledgers to opposing counsel or civil litigants unless compelled by a valid, jurisdictionally sound court order.

Notice to Counsel: In the event we are served with a subpoena regarding your account, our policy is to provide you with prompt written notice (unless legally prohibited) so that your legal counsel may file a motion to quash or secure a protective order before any data is released.

5. Third-Party Data Sharing

5.1 Clio Manage

When you authenticate via Clio, we receive a temporary access token that permits read-only transmission of your firm's matters and documents (matter:read, document:read scopes). This token is encrypted at rest and automatically refreshed. We never overwrite, modify, or delete any data on your Clio account.

5.2 Plaid

When connecting financial institutions via Plaid, we operate strictly in a read-only capacity, retrieving transaction history and account balances. We never initiate financial transactions on your behalf.

5.3 No Data Sales

We do not sell, rent, or trade your personal information or case data to any third party. We share data only with the sub-processors identified in Section 4, and only to the extent necessary to provide the Service.

6. Data Retention & Deletion

Your data is retained for as long as your account is active and your cases remain open. Upon deletion of a case, all corresponding forensic artifacts — including transaction data, uploaded evidence, AI-generated analyses, OCR-extracted ledgers, entity graphs, and data synced from Clio or Plaid — are permanently removed from our active servers.

Routine backup archives are purged on an automated 30-day schedule. After this period, deleted data is irrecoverable.

You may request full account and data deletion at any time by emailing legal@exitprotocols.com.

7. Encryption & Security

  • Encryption at Rest: All evidence files and sensitive database fields (transaction descriptions, financial memos) are encrypted using AES-256 (Fernet) before storage.
  • Dual-Hash Integrity: Every uploaded document is hashed with both SHA-256 and MD5 upon ingestion. These hashes are embedded in Forensic Reports to provide cryptographic proof that evidence has not been altered.
  • Cryptographic Report Sealing: Certified Forensic Reports are sealed with a unique SHA-256 hash of the underlying data snapshot. Any modification to the report — even a single digit — will invalidate the hash.
  • Transport Security: All data in transit is protected by TLS 1.2+ encryption.
  • Access Controls: Role-based access control (Paralegal, Forensic Accountant, Auditor) with optional IP whitelisting.
  • Audit Logging: All user actions are recorded in immutable audit logs. Enterprise users may forward logs to external SIEM platforms.

8. Sovereign Mode (Enterprise)

For firms utilizing our Sovereign deployment, the entire application is containerized via Docker and deployed as an air-gapped system on your own infrastructure using a "Bring Your Own Key" (BYOK) model. In Sovereign Mode:

  • No case data or financial information ever leaves your firm's secure perimeter.
  • No data is transmitted to Exit Protocol's cloud infrastructure.
  • All OCR processing occurs locally via Surya OCR (no cloud AI calls).
  • The deployment complies with attorney-client privilege requirements and data sovereignty regulations.

9. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Deletion: Request that we delete your personal data and all associated case information.
  • Right to Portability: Request your data in a structured, commonly used format.
  • Right to Opt-Out: Opt out of non-essential data processing (note: core forensic processing is essential to providing the Service).
  • Right to Correction: Request correction of inaccurate personal data.

To exercise any of these rights, contact us at legal@exitprotocols.com. We will respond within 30 days.

10. Children's Privacy

Exit Protocol is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that a user is under 18, we will promptly delete their account and all associated data.

11. Cookie Policy

Exit Protocol uses essential session cookies to maintain your login state and CSRF protection. These cookies are strictly necessary for the Service to function and cannot be disabled.

We do not use third-party tracking cookies, advertising pixels, or analytics services that profile your browsing behavior across other websites.

12. Data Breach Notification

In the event of a security breach that compromises your personal data, we commit to notifying affected users via email within 72 hours of discovery. Notification will include the nature of the breach, the data potentially affected, and the steps we are taking to remediate the issue.

13. Contact Us Regarding This Policy

For questions, data access requests, or if you require an audit of your data footprint, direct inquiries to:

Exit Protocol Inc.
Privacy & Compliance

This policy was last updated on January 15, 2026. We will notify you of material changes via the email address associated with your account.

SECURITY ALERT: DATA EXPORT BLOCKED // INTERNAL USE ONLY