Skip to main content

Privacy Policy

Last updated: March 2026

Privacy by Design

Workers’ Rights is built with a local-first architecture. Your data, evidence catalog, timeline entries, and journal notes are stored in your browser’s local storage. Data is only transmitted externally when you explicitly opt in to AI-powered features.

Data We Do Not Collect

Workers’ Rights does not collect, store, or transmit:

  • Your details, timeline events, or journal entries
  • Evidence descriptions or document metadata
  • Your employer’s name or your workplace information
  • Your Rights Check assessment answers or results
  • Any personally identifiable information required to use the core platform

Local Storage

All data you enter into Workers’ Rights is stored in your web browser’s local storage (or IndexedDB) by default. This data does not leave your device unless you explicitly opt into features like cloud sync, AI-powered analysis, or data export. Clearing your browser data will permanently delete locally stored information.

Encryption & Sync Trust Model

When you sign in with an account, your situation details, timeline events, evidence metadata, and journal entries are encrypted in your browser before they are uploaded for cloud sync. The encrypted data is stored on our servers and is unreadable without the encryption key.

Important honesty note: to make cross-device sign-in work without a separate passphrase prompt, we store a copy of your encryption key on our servers, tied to your authenticated account. Any device you sign in on can fetch that key and decrypt your data. This means Workers’ Rights (as the service operator) has the technical ability to decrypt your data server-side. We do not inspect, sell, or share it, and our code is structured to keep plaintext off the server in normal operation — but this is not a zero-knowledge design.

If you want stronger protection (only you can decrypt, even against us), you can choose a custom passphrase in Settings. In that mode, only the salt and a sentinel value are uploaded; the passphrase itself stays on your device and must be re-entered on each new device.

Optional Account Features

If you choose to create an account (optional), we collect only the minimum information needed to provide account services: your email address and an encrypted authentication token. Account creation is never required to use the Rights Check or any core platform feature.

AI-Powered Document Analysis (Opt-In)

Workers’ Rights offers an optional AI-powered document analysis feature. This feature is opt-in only — you will be asked for explicit consent before any data is transmitted. When you choose to use AI analysis, the following data is sent to Anthropic (our AI provider) for processing:

  • Your narrative description
  • Text extracted from your uploaded documents
  • File names and dates associated with your evidence

This data is processed by Anthropic’s API to organize your documents, identify key dates, and build your timeline. Anthropic does not store your data after processing. You can use the entire platform without this feature — all other analysis runs entirely on your device.

Analytics

We use Google Analytics 4 (GA4) to collect anonymous, aggregated usage analytics such as page views and feature usage counts. This helps us improve the platform. GA4 may collect:

  • Pages visited and general feature usage (e.g., “evidence uploaded,” “rights check completed”)
  • Browser type, device type, and general geographic region
  • Session duration and referral source

Analytics data contains no personal details, evidence content, or personally identifiable information. You can opt out of analytics by using a browser ad blocker or the Google Analytics opt-out extension.

Third-Party Services

Workers’ Rights does not sell or share your data with third parties. The following third-party services are used to operate the platform:

  • Anthropic — AI document analysis (opt-in only, as described above)
  • Google Analytics — anonymous usage analytics
  • Google Maps / Places — attorney directory search (your search location is sent to Google)
  • Vercel — hosting and deployment
  • Supabase — optional cloud sync (if you create an account)

Links to external resources (such as EEOC.gov, state agency websites, or attorney directory sites) are governed by those sites’ own privacy policies.

Data Portability

You can export your data at any time using the built-in export features. Your data belongs to you, and you maintain full control over it at all times.

Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated “Last updated” date.

Questions about our privacy practices? Contact us at privacy@workers-rights.com