chaim/israel-law-mcp
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
a15fe54367809d0e0ff5ad3f25b43382c53633b3
israel-law-mcp/PRIVACY.md

5.7 KiB
Raw Blame History

Privacy & Client Confidentiality

IMPORTANT READING FOR LEGAL PROFESSIONALS

This document addresses privacy and confidentiality considerations when using this Tool, with particular attention to professional obligations under Israeli legal professional rules.

Executive Summary

Key Risks:

  • Queries through Claude API flow via Anthropic cloud infrastructure
  • Query content may reveal client matters and privileged information
  • Israel Bar Association rules require strict confidentiality (חיסיון עורך דין-לקוח) and data handling controls

Safe Use Options:

  1. General Legal Research: Use Tool for non-client-specific queries
  2. Local npm Package: Install @ansvar/israel-law-mcp locally — database queries stay on your machine
  3. Remote Endpoint: Vercel Streamable HTTP endpoint — queries transit Vercel infrastructure
  4. On-Premise Deployment: Self-host with local LLM for privileged matters

Data Flows and Infrastructure

MCP (Model Context Protocol) Architecture

This Tool uses the Model Context Protocol (MCP) to communicate with AI clients:

User Query -> MCP Client (Claude Desktop/Cursor/API) -> Anthropic Cloud -> MCP Server -> Database

Deployment Options

1. Local npm Package (Most Private)

npx @ansvar/israel-law-mcp
  • Database is local SQLite file on your machine
  • No data transmitted to external servers (except to AI client for LLM processing)
  • Full control over data at rest

2. Remote Endpoint (Vercel)

Endpoint: https://israel-law-mcp.vercel.app/mcp
  • Queries transit Vercel infrastructure
  • Tool responses return through the same path
  • Subject to Vercel's privacy policy

What Gets Transmitted

When you use this Tool through an AI client:

  • Query Text: Your search queries and tool parameters
  • Tool Responses: Statute text, provision content, search results
  • Metadata: Timestamps, request identifiers

What Does NOT Get Transmitted:

  • Files on your computer
  • Your full conversation history (depends on AI client configuration)

Professional Obligations (Israel)

Israel Bar Association and the Bar Association Law

Israeli lawyers are bound by strict confidentiality rules under the Israel Bar Association Law 5721-1961 (חוק לשכת עורכי הדין) and the Israel Bar Association ethics rules.

Attorney-Client Privilege (חיסיון עורך דין-לקוח)

  • All attorney-client communications are privileged under the Evidence Ordinance [New Version] 5731-1971
  • Client identity may be confidential in sensitive matters
  • Case strategy and legal analysis are protected
  • Information that could identify clients or matters must be safeguarded

Privacy Protection Law and Client Data Processing

Under the Privacy Protection Law 5741-1981 (חוק הגנת הפרטיות) and the Privacy Protection Regulations:

  • You are the Database Owner when maintaining client databases
  • AI service providers (Anthropic, Vercel) may be holders or managers of data
  • Database registration requirements may apply under the Privacy Protection Authority regulations
  • Cross-border data transfers must comply with the Privacy Protection Regulations (Transfer of Data to Databases Outside the State's Borders)
  • The Privacy Protection Authority (הרשות להגנת הפרטיות) oversees compliance

Risk Assessment by Use Case

LOW RISK: General Legal Research

Safe to use through any deployment:

Example: "What does the Companies Law say about shareholder rights?"
  • No client identity involved
  • No case-specific facts
  • Publicly available legal information

MEDIUM RISK: Anonymized Queries

Use with caution:

Example: "What are the penalties for securities violations under Israeli law?"
  • Query pattern may reveal you are working on a securities matter
  • Anthropic/Vercel logs may link queries to your API key

HIGH RISK: Client-Specific Queries

DO NOT USE through cloud AI services:

  • Remove ALL identifying details
  • Use the local npm package with a self-hosted LLM
  • Or use commercial legal databases with proper privacy agreements

Data Collection by This Tool

What This Tool Collects

Nothing. This Tool:

  • Does NOT log queries
  • Does NOT store user data
  • Does NOT track usage
  • Does NOT use analytics
  • Does NOT set cookies

The database is read-only. No user data is written to disk.

What Third Parties May Collect

Recommendations

For Solo Practitioners / Small Firms

  1. Use local npm package for maximum privacy
  2. General research: Cloud AI is acceptable for non-client queries
  3. Client matters: Use commercial legal databases (Nevo, Takdin, Pador)

For Large Firms / Corporate Legal

  1. Negotiate privacy agreements with AI service providers under Privacy Protection Law requirements
  2. Consider on-premise deployment with self-hosted LLM
  3. Train staff on safe vs. unsafe query patterns

For Government / Public Sector

  1. Use self-hosted deployment, no external APIs
  2. Follow Israeli government information security requirements (INCD guidelines)
  3. Air-gapped option available for classified matters

Questions and Support

  • Privacy Questions: Open issue on GitHub
  • Anthropic Privacy: Contact privacy@anthropic.com
  • IBA Guidance: Consult Israel Bar Association ethics guidance

Last Updated: 2026-02-22 Tool Version: 1.0.0

Reference in New Issue View Git Blame Copy Permalink