docs: add legal disclaimer and privacy notice for professional use

2026-02-22 19:57:03 +01:00
parent 2476300c7e
commit 6c9c600f64
1 changed files with 182 additions and 0 deletions
--- a/PRIVACY.md
+++ b/PRIVACY.md
@@ -0,0 +1,182 @@
 # Privacy & Client Confidentiality
 **IMPORTANT READING FOR LEGAL PROFESSIONALS**
 This document addresses privacy and confidentiality considerations when using this Tool, with particular attention to professional obligations under Israeli legal professional rules.
 ---
 ## Executive Summary
 **Key Risks:**
 - Queries through Claude API flow via Anthropic cloud infrastructure
 - Query content may reveal client matters and privileged information
 - Israel Bar Association rules require strict confidentiality (חיסיון עורך דין-לקוח) and data handling controls
 **Safe Use Options:**
 1. **General Legal Research**: Use Tool for non-client-specific queries
 2. **Local npm Package**: Install `@ansvar/israel-law-mcp` locally — database queries stay on your machine
 3. **Remote Endpoint**: Vercel Streamable HTTP endpoint — queries transit Vercel infrastructure
 4. **On-Premise Deployment**: Self-host with local LLM for privileged matters
 ---
 ## Data Flows and Infrastructure
 ### MCP (Model Context Protocol) Architecture
 This Tool uses the **Model Context Protocol (MCP)** to communicate with AI clients:
 ```
 User Query -> MCP Client (Claude Desktop/Cursor/API) -> Anthropic Cloud -> MCP Server -> Database
 ```
 ### Deployment Options
 #### 1. Local npm Package (Most Private)
 ```bash
 npx @ansvar/israel-law-mcp
 ```
 - Database is local SQLite file on your machine
 - No data transmitted to external servers (except to AI client for LLM processing)
 - Full control over data at rest
 #### 2. Remote Endpoint (Vercel)
 ```
 Endpoint: https://israel-law-mcp.vercel.app/mcp
 ```
 - Queries transit Vercel infrastructure
 - Tool responses return through the same path
 - Subject to Vercel's privacy policy
 ### What Gets Transmitted
 When you use this Tool through an AI client:
 - **Query Text**: Your search queries and tool parameters
 - **Tool Responses**: Statute text, provision content, search results
 - **Metadata**: Timestamps, request identifiers
 **What Does NOT Get Transmitted:**
 - Files on your computer
 - Your full conversation history (depends on AI client configuration)
 ---
 ## Professional Obligations (Israel)
 ### Israel Bar Association and the Bar Association Law
 Israeli lawyers are bound by strict confidentiality rules under the Israel Bar Association Law 5721-1961 (חוק לשכת עורכי הדין) and the Israel Bar Association ethics rules.
 #### Attorney-Client Privilege (חיסיון עורך דין-לקוח)
 - All attorney-client communications are privileged under the Evidence Ordinance [New Version] 5731-1971
 - Client identity may be confidential in sensitive matters
 - Case strategy and legal analysis are protected
 - Information that could identify clients or matters must be safeguarded
 ### Privacy Protection Law and Client Data Processing
 Under the **Privacy Protection Law 5741-1981 (חוק הגנת הפרטיות)** and the Privacy Protection Regulations:
 - You are the **Database Owner** when maintaining client databases
 - AI service providers (Anthropic, Vercel) may be **holders** or **managers** of data
 - Database registration requirements may apply under the Privacy Protection Authority regulations
 - Cross-border data transfers must comply with the Privacy Protection Regulations (Transfer of Data to Databases Outside the State's Borders)
 - The **Privacy Protection Authority (הרשות להגנת הפרטיות)** oversees compliance
 ---
 ## Risk Assessment by Use Case
 ### LOW RISK: General Legal Research
 **Safe to use through any deployment:**
 ```
 Example: "What does the Companies Law say about shareholder rights?"
 ```
 - No client identity involved
 - No case-specific facts
 - Publicly available legal information
 ### MEDIUM RISK: Anonymized Queries
 **Use with caution:**
 ```
 Example: "What are the penalties for securities violations under Israeli law?"
 ```
 - Query pattern may reveal you are working on a securities matter
 - Anthropic/Vercel logs may link queries to your API key
 ### HIGH RISK: Client-Specific Queries
 **DO NOT USE through cloud AI services:**
 - Remove ALL identifying details
 - Use the local npm package with a self-hosted LLM
 - Or use commercial legal databases with proper privacy agreements
 ---
 ## Data Collection by This Tool
 ### What This Tool Collects
 **Nothing.** This Tool:
 - Does NOT log queries
 - Does NOT store user data
 - Does NOT track usage
 - Does NOT use analytics
 - Does NOT set cookies
 The database is read-only. No user data is written to disk.
 ### What Third Parties May Collect
 - **Anthropic** (if using Claude): Subject to [Anthropic Privacy Policy](https://www.anthropic.com/legal/privacy)
 - **Vercel** (if using remote endpoint): Subject to [Vercel Privacy Policy](https://vercel.com/legal/privacy-policy)
 ---
 ## Recommendations
 ### For Solo Practitioners / Small Firms
 1. Use local npm package for maximum privacy
 2. General research: Cloud AI is acceptable for non-client queries
 3. Client matters: Use commercial legal databases (Nevo, Takdin, Pador)
 ### For Large Firms / Corporate Legal
 1. Negotiate privacy agreements with AI service providers under Privacy Protection Law requirements
 2. Consider on-premise deployment with self-hosted LLM
 3. Train staff on safe vs. unsafe query patterns
 ### For Government / Public Sector
 1. Use self-hosted deployment, no external APIs
 2. Follow Israeli government information security requirements (INCD guidelines)
 3. Air-gapped option available for classified matters
 ---
 ## Questions and Support
 - **Privacy Questions**: Open issue on [GitHub](https://github.com/Ansvar-Systems/israel-law-mcp/issues)
 - **Anthropic Privacy**: Contact privacy@anthropic.com
 - **IBA Guidance**: Consult Israel Bar Association ethics guidance
 ---
 **Last Updated**: 2026-02-22
 **Tool Version**: 1.0.0