Trust & Transparency
A complete account of how Atlas handles your contributions, what it stores, who can see what, and the security posture of the runtime. This page is regenerated live on every load — counts and security facts reflect the actual state of the system, not stale documentation.
Mission & Ownership
Atlas is a working tool for The Sedona Conference WG11 Brainstorming Group on Unique Procedural Aspects of Data Breach Class Actions. Its sole purpose is to help this group produce a higher-quality publication faster — nothing else.
- The output belongs to The Sedona Conference, not to any individual contributor and not to Brush Cyber. Every word that leaves Atlas as a deliverable flows through Sedona's normal publication process.
- Brush Cyber claims no ownership of the work product, the prompts, or the contributors' input. No commercial use, no derivative product, no marketing reuse.
- The platform itself (the code, the prompts, the schema) will be made open and available to any BG participant who asks, after the project closes.
- No one is named or attributed in the AI training context. The group voice fabric (described below) is depersonalized by design.
How Atlas Uses Your Input
Every contribution moves through a fixed, auditable pipeline. There is no hidden background processing.
- Receive — your text/transcript/file lands in the
contributionstable with your user-ID, target section, and timestamp. Stored in plain text in the project's PostgreSQL database. - Knowledge Fabric retrieval — Atlas pulls (a) matching authorities from the BG's vetted source corpus, (b) adjacent section snippets, and (c) three random depersonalized style exemplars. Fully deterministic; recorded as Stage 0 in the audit trail.
- Draft — Claude (Sonnet 4.5) rephrases your input in WG11 voice, citing only authorities that exist in the source corpus.
- Critique — OpenAI (GPT-4o) checks legal accuracy and Bluebook citation form; Gemini (2.5 Flash) checks for drift from your original intent. They run in parallel.
- Reconcile — Claude takes both critiques and produces a final draft you can edit. A confidence score and plain-English notes accompany it.
- Your decision — you accept, edit, or discard. Nothing reaches the section draft without your click.
Provider data handling: Anthropic, OpenAI, and Google Gemini all contractually exclude API inputs from model training under their commercial API terms. Inputs travel via TLS to the provider, are processed, and the response returns. No provider has standing access to the database.
Voice Dictation Privacy
The "Dictate" mode in My Workspace is intentionally engineered to keep audio off our servers.
- Speech-to-text runs entirely in your browser, using your device's built-in speech engine (the W3C Web Speech API). Chrome and Edge route to Google's on-device pipeline; Safari uses Apple's. No Atlas component touches the audio.
- No audio is recorded, transmitted, or stored by Atlas at any point.
- Only the final transcript text reaches the server, where it is treated identically to typed text — no voice attribution, no acoustic analysis, no separate audio log.
- You can edit the transcript freely before submitting. Voice is purely a typing accelerant.
Fair Use, IP & Attribution
- This is collaborative work for The Sedona Conference. All contributions are made for the purpose of advancing the WG11 publication.
- Brush Cyber does not own the output. Brush Cyber operates the platform; the work product is Sedona's.
- No contributor is held out as the "owner" of any idea in the publication. Sedona's standard collaborative attribution model applies.
- Sources cited are public-domain authorities (cases, statutes, rules) and the BG's own vetted source corpus. Cases and statutes are quoted under the well-established fair-use framework for legal analysis and commentary.
- The AI providers are used as drafting assistants only. The publication's substance, conclusions, and editorial judgment remain entirely with the BG and its members.
- No commercial reuse. Atlas exists to enhance the BG's capacity to produce a better deliverable. There is no plan, intent, or right to commercialize the output, the platform, or the data.
Sedona Conformance
Atlas is operated as a working tool that aligns with The Sedona Conference's collaborative norms and code of conduct. Use of this platform is optional, and participation does not constitute any new contractual commitment beyond what BG members already operate under as Sedona participants.
- The site is structured to conform to Sedona's collaborative-process norms, including consensus-driven drafting, transparent attribution to the BG (not individuals), and editorial neutrality.
- By using Atlas, you are not entering a new agreement — you are using a workspace that conforms to the standards your existing Sedona participation already presumes.
- If anything in Atlas's behavior conflicts with Sedona's norms, please raise it with the BG chair; the platform will be adjusted.
Security Posture live
Transport / Network
- ✓HTTPS enforced
- ✓HSTS enabled
- TLS: Let's Encrypt (auto-renewing)
- Edge: Replit mTLS edge
Authentication & Sessions
- ✓SSO via Replit OIDC (Single Sign-On)
- ✓Email allowlist enforced (20)
- ✓Auth bypass disabled in prod
- Cookie: HTTP-only, Secure, SameSite-Lax, signed (itsdangerous)
Data at Rest
- Store: PostgreSQL (managed, encrypted at rest)
- Backups: Automatic daily snapshots; point-in-time recovery available
- All workspace data wiped on request and at project close
AI Pipeline
- Providers: Anthropic Claude, OpenAI GPT-4o, Google Gemini
- All three providers contractually exclude API inputs from model training
- Browser-native dictation; audio never leaves device — only transcript text reaches the server
- Group style fabric stores accepted text without user_id or section binding
- ✓Per-stage audit trail persisted
Code & Supply Chain
- Stack: Python 3.11 / FastAPI / SQLAlchemy
- Direct dependencies: 22 (see SBOM)
- pip + lockfile; vendor SDKs pinned at minor version
- Full source, prompts, and audit trail released to any participant on request
Software Bill of Materials
Every direct Python dependency, with its version constraint. Generated live from requirements.txt.
| Package | Constraint |
|---|---|
| anthropic | >=0.96.0 |
| bcrypt | >=4.0,<5.0 |
| fastapi | >=0.115,<0.130 |
| flask-dance | (any) |
| flask-login | (any) |
| google-genai | >=1.73.0 |
| itsdangerous | >=2.2.0 |
| jinja2 | >=3.1.4 |
| markdown-it-py | >=3.0.0 |
| oauthlib | (any) |
| openai | >=2.32.0 |
| passlib | >=1.7.4 |
| psycopg2-binary | >=2.9,<3.0 |
| pydantic | >=2.9,<3.0 |
| pyjwt | (any) |
| pypdf | >=6.10.0 |
| python-docx | >=1.1.2 |
| python-dotenv | >=1.0.1 |
| python-multipart | >=0.0.12 |
| python-pptx | ==1.0.2 |
| sqlalchemy | >=2.0.36,<2.1 |
| uvicorn | >=0.30,<0.40 |
What Is Actually Stored Right Now
Live counts at page-load time. Verifiable by any BG member with read access.
Your Rights & Deletion
- Withdraw any contribution at any time — use the "Discard" action on any of your contributions.
- Request full deletion of your account and all your contributions at any point. Send the request to the BG chair; it will be honored within 24 hours and confirmed in writing.
- At project close, the entire database is wiped and the platform is shut down unless the BG explicitly directs otherwise.
- You may request the full source code of Atlas — including prompts, schema, and audit-trail tables — at any point. Anyone who participated in the BG is entitled to the complete codebase on request after the project closes.
- You may export your own contributions as raw JSON or markdown at any time via My Workspace.
FAQ
Are my contributions used to train AI models?
No. All three providers (Anthropic, OpenAI, Google Gemini) contractually exclude API inputs from training under their commercial API terms. Atlas uses only those API tiers — never the consumer products that allow training reuse.
Who can see what I submit?
You can see all of your own submissions. The BG chair can see all submissions for editorial purposes (consistent with normal Sedona collaborative-drafting practice). Other members see accepted contributions as part of the section draft, but do not see in-flight or discarded contributions. The depersonalized style fabric (described above) shows snippets of accepted writing without any user attribution.
What happens to my voice when I dictate?
Nothing — Atlas never receives audio. Speech-to-text runs in your browser using your device's built-in engine. Only the final transcript text reaches the server, and it is treated identically to typed text. There is no voice recording, log, or biometric.
Does Brush Cyber claim ownership of any of this?
No. Brush Cyber operates the platform as a service to the BG. The publication and its substance belong to The Sedona Conference. The platform code itself will be made available to any BG member who requests it after the project closes.
Is this an "agreement" I'm entering by using Atlas?
No new agreement. You are using a workspace that conforms to the standards your existing Sedona participation already operates under. Use of Atlas is optional; you can continue to contribute by email or any other channel the BG accepts.
How are citations protected from AI hallucination?
The drafting model is constrained to cite only authorities present in the BG's
vetted source corpus (currently 69 sources).
If the contributor mentions an authority not in the corpus, the model writes
[citation needed] rather than fabricating. A second AI model
(OpenAI GPT-4o) reviews every draft for citation form and hallucination flags before
you ever see it.
What if I find a bug or a privacy concern?
Raise it with the BG chair directly, or open an issue against the source repository once it's released. Anything substantive will be addressed and the change documented in the audit trail.