Security & data handling.
SaneCite is for teams whose most sensitive documents are the ones they have to share. So the design goal is restraint: draft only from the evidence you provide, expose as little as possible to any AI model, keep nothing longer than needed, and never train on your data.
Evidence-bound by design
SaneCite drafts an answer only when your uploaded documents support it, and every supported answer is tied to the exact source excerpt it came from. Questions without support are returned as “needs review,” never guessed. The model phrases answers from evidence that was already selected — it does not invent facts or reach outside your documents.
Minimal exposure to AI models
When an AI model is used to phrase an answer, it receives only the short evidence excerpts selected for that one question — not your full documents, and not your other files. Your complete uploads are never handed to a model wholesale.
No training, no resale
Your uploads and drafted answers are never used to train models, and never sold or shared for advertising. They are used only to produce your filled questionnaire and review package.
Storage, retention & deletion
Uploads are stored encrypted at rest, in the United States, only for as long as needed to process your request. Upload files are deleted after review, and the temporary result file used for delivery is deleted once delivery completes. You can request immediate deletion at any time and get confirmation.
Uploaded files are untrusted input
Documents you upload are treated strictly as data. Text inside an uploaded file can never change SaneCite’s instructions, expand which sources are used, or trigger actions — a deliberate defense against prompt-injection hidden in documents.
Subprocessors
The third parties that may process your data, and why.
| Provider | Purpose | Location |
|---|---|---|
| Cloudflare | Site hosting, encrypted temporary upload storage (R2), and AI text formatting (Workers AI) | United States |
| Resend | Delivery of result notifications | United States |
This reflects the current pilot. We update this list before adding any new provider, and we’ll share a data-processing agreement (DPA) and subprocessor notice on request.
What we don’t claim
SaneCite is an early pilot, not a certified platform. We do not yet hold SOC 2 or ISO 27001, and we won’t pretend otherwise on a security page. If a specific control matters to your review, ask — you’ll get a straight answer about exactly where we stand.
Questions, DPA, or deletion
Email hi@saneapps.com for a data-processing agreement, a deletion request, or anything your own security review needs.