AMARI Privacy Policy
Wisdom Agent Inc. Effective Date: May 28, 2026 Last Updated: May 28, 2026 Published at: getamari.ai/privacy
Introduction
This Privacy Policy describes how Wisdom Agent Inc. ("we," "us," "our," or "AMARI") collects, uses, and protects information when you use the AMARI document verification service, including through Claude as an MCP connector or through our REST API.
AMARI is a document verification service — we verify legal documents generated by AI tools or drafted by humans. We do not generate documents, and we do not provide legal advice. The lawyer using AMARI is responsible for the legal positions taken in their work product.
What Data We Process
Documents You Submit for Verification
When you invoke AMARI verification, we receive:
- Your document — the legal document you submit for verification
- Source documents (if provided) — reference materials you include for evidence-based verification (e.g., cited statutes, prior agreements, regulatory filings)
These are your property. We process them solely to perform the verification you requested.
Verification Results We Produce
Each verification produces:
- A verified document — your document with accepted corrections applied
- Corrections and flagged items — issues found, with before/after text and reasoning
- A quality score and decision band — the formal quality measurement
- An audit trail — a complete record of the verification process
- A certificate — SHA-256 integrity hashes for tamper evidence
These results are returned to you and are your property.
Account and Usage Data
When you create an AMARI account or use the service, we collect:
- Account information — email address, name, organization (if provided), billing information
- Authentication credentials — OAuth tokens (for Claude connector), account IDs (for REST API access), stored encrypted
- Usage metadata — timestamps of verification runs, practice area used, quality scores, finding counts, document page counts, billing amounts. No document content is included in usage metadata.
How We Process Your Documents
In-Memory Processing Only
Your documents are processed in memory during the verification run. Specifically:
- Document text is loaded into the server's working memory
- The verification process analyzes the document against the selected legal quality standards
- Verification results are assembled and returned to you
- When the verification run completes, the in-memory data is discarded
- When the server restarts, all in-memory data is destroyed
We do not write your document content to disk. We do not store your documents in a database. We do not retain your documents after the verification run completes.
Anthropic API Processing
AMARI's verification process sends your document text to the Anthropic API for processing by Claude, the large language model that powers the verification analysis. This means:
- Your document content is transmitted to Anthropic's servers during the verification run
- Anthropic processes the content to generate the verification analysis
- Anthropic's handling of this data is governed by Anthropic's own data policies and the terms of our commercial agreement with Anthropic
We maintain a commercial API agreement with Anthropic. Under this agreement, data sent through the API is not used by Anthropic to train or improve their models. We recommend reviewing Anthropic's privacy policy at anthropic.com/privacy and their commercial terms for additional detail.
Encryption in Transit
All data transmitted between your client (Claude or the REST API) and our servers is encrypted using TLS 1.2 or higher. All data transmitted between our servers and the Anthropic API is similarly encrypted.
What We Do NOT Do With Your Documents
- We never use your documents to train, improve, or fine-tune any AI model — including foundation models or any other machine learning system
- We never share your document content with any third party except Anthropic as described above, solely for the purpose of performing the verification you requested
- We never log your document content — usage logs contain metadata (timestamps, scores, page counts) but never document text
- We never sell your data to anyone, for any purpose
- We never serve advertisements based on your documents or usage
Third-Party Subprocessors
We use the following third-party services to deliver the AMARI service:
| Subprocessor | Purpose | Data Received |
|---|---|---|
| Anthropic (San Francisco, CA) | LLM API — powers the verification analysis | Document text during verification (in transit, not retained by Anthropic under our commercial terms) |
| Hetzner Cloud (Ashburn, VA) | Server hosting — runs the MCP server and REST API | Server infrastructure only; document data exists in-memory during processing |
| Stripe (San Francisco, CA) | Payment processing | Billing information (email, payment method); no document data |
| Auth0 / Okta (San Francisco, CA) | Authentication provider | Email address, login credentials; no document data |
We may change subprocessors from time to time. If we add a subprocessor that processes document content, we will update this policy and notify registered users by email at least 30 days in advance.
Data Retention
| Data Type | Retention |
|---|---|
| Document text (in-memory) | Discarded when the verification run completes |
| Verification results | Returned to you; not retained by AMARI after delivery |
| Account information | Retained while your account is active; deleted within 30 days of account closure upon request |
| Usage metadata | Retained for billing and analytics; no document content included |
| Authentication tokens | Encrypted at rest; revoked upon account closure |
If you want your account and usage data deleted, email privacy@getamari.ai. We will confirm deletion within 30 days.
How We Use Usage Metadata
We use usage metadata (verification counts, quality scores, page counts, practice area usage, timestamps) for:
- Billing — calculating charges for Professional tier users
- Service improvement — understanding which practice areas are used most, how verification quality trends over time, and where to invest in improvements
- Aggregate analytics — generating anonymized statistics that contain no document content and cannot be traced to individual users or documents
We do not use usage metadata for advertising, profiling, or any purpose unrelated to operating and improving the AMARI service.
Your Rights
For All Users
- Access — you can request a copy of the account and usage data we hold about you
- Correction — you can request correction of inaccurate account information
- Deletion — you can request deletion of your account and associated usage data
- Portability — verification results are returned to you at the time of each run; we do not retain a copy
Additional Rights Under GDPR (EU/EEA Users)
If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):
- Legal basis for processing — we process your document data on the basis of contractual necessity (performing the verification service you requested). We process usage metadata on the basis of legitimate interest (operating and improving the service).
- Right to restrict processing — you can request that we restrict processing of your data in certain circumstances
- Right to object — you can object to processing of your data based on legitimate interest
- Right to lodge a complaint — you can file a complaint with your local data protection authority
- Data transfers — your data is processed in the United States. We rely on standard contractual clauses for transfers from the EU/EEA to the US.
Additional Rights Under CCPA/CPRA (California Users)
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights:
- Right to know — you can request disclosure of the categories and specific pieces of personal information we have collected
- Right to delete — you can request deletion of your personal information
- Right to opt out of sale — we do not sell personal information
- Non-discrimination — we will not discriminate against you for exercising your rights
Security Measures
We maintain commercially reasonable security measures to protect your data:
- Encryption in transit — TLS 1.2+ for all connections
- In-memory processing — document data is never written to persistent storage
- Access controls — employee and contractor access to systems is limited on a need-to-know basis
- Authentication — OAuth 2.0 for Claude connector; account IDs encrypted at rest
- Incident response — we maintain procedures for detecting, investigating, and responding to security events
Security Incident Notification
If we become aware of any unauthorized access to, disclosure of, or loss of your data, we will notify you within 72 hours. This notification will include a description of the incident, the data affected, and the steps we are taking to address it.
If you are a data controller under GDPR or other data protection laws, you remain responsible for determining whether and how to notify supervisory authorities or data subjects. We will cooperate with you to investigate and remediate the incident.
Children's Privacy
AMARI is a professional document verification service intended for use by legal professionals. We do not knowingly collect personal information from children under 13 (or under 16 in the EU/EEA). If we learn that we have collected personal information from a child, we will delete it promptly.
Claude Connector Specific Information
When you use AMARI as a connector on Claude:
- Authentication — you authenticate via OAuth 2.0 when adding the connector, or provide your account ID in the conversation. Your OAuth token is stored by Anthropic within their Claude infrastructure, encrypted at rest.
- Document flow — when you invoke
amari_verifyin a Claude conversation, Claude sends your document text to our MCP server. We process it as described above and return results to Claude, which presents them in your conversation. - Anthropic's role — Anthropic operates Claude and routes the MCP tool call to our server. Anthropic's handling of your conversation data (including any documents you upload to Claude) is governed by Anthropic's own privacy policy and your agreement with Anthropic. AMARI's privacy policy governs only the data we receive and process through our MCP server.
- No data sharing between connectors — your AMARI verification data is not shared with other Claude connectors or other users' AMARI sessions.
Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes — particularly changes to how we handle document data — we will notify registered users by email at least 30 days in advance and post the updated policy at getamari.ai/privacy with a revised "Last Updated" date.
Contact
For privacy-related questions or requests:
- Email: privacy@getamari.ai
- Mail: Wisdom Agent Inc., New Haven, Connecticut, United States
- Security concerns: security@getamari.ai
For general support: support@getamari.ai
Wisdom Agent Inc. · getamari.ai · © 2026 Wisdom Agent Inc. All rights reserved.