Our Commitment to Data Security and Privacy

At CiteCount, we understand that your academic work represents countless hours of effort and original thinking. This document outlines our comprehensive approach to ensuring the safety and privacy of your data through transparent technical practices and security-first design principles.

Security illustration

About the Development Team

CiteCount was developed by Chris, an IBDP student from the May 2025 examination session, who identified a critical gap in existing word processing tools. The lack of specialized word counting functionality in platforms like Google Docs and Microsoft Word, particularly for academic documents with citations inspired the creation of this purpose-built solution. As a student navigating the same challenges faced by our users, we prioritize the security concerns inherent in handling academic content, especially regarding plagiarism detection systems and institutional policies.

Our Security Framework

We recognize that entrusting your academic work to any digital tool requires confidence in its security architecture. CiteCount employs industry-standard practices and transparent methodologies to protect your intellectual property and maintain the integrity of your work throughout the word counting process.

Zero-Server Architecture: Complete Client-Side Processing

CiteCount operates on a zero-server architecture, meaning all text processing, analysis, and word counting operations execute entirely within your web browser. Your documents never leave your device, and no data is transmitted to external servers for processing or storage.

Core Security Advantages

  • Absolute Data Privacy: Your academic work remains exclusively on your device. There is no server-side storage, logging, or transmission of your content, eliminating exposure to potential data breaches or unauthorized access.
  • Zero Third-Party Exposure: CiteCount does not integrate advertising networks, analytics services that collect content data, or any external dependencies that could compromise document privacy.
  • Plagiarism Detection Isolation: Since your text never enters any database or external system, it cannot be indexed, stored, or flagged by plagiarism detection services through our platform.
  • Immediate Data Control: You maintain complete control over your data at all times. Simply closing the browser tab removes all traces of your work from CiteCount's processing environment.

Document Processing Technology Stack

CiteCount utilizes industry-standard, open-source client-side libraries to handle document uploads securely. Both PDF.js and Mammoth.js are well-established, audited libraries that operate exclusively within your browser environment.

PDF Document Processing (PDF.js)

  • Local Text Extraction: PDF.js converts PDF documents to plain text entirely on your device, with no external API calls or server communication.
  • Privacy-Preserving Architecture: Text extraction occurs in isolated browser memory, ensuring document contents remain inaccessible to external parties.
  • Asynchronous Processing: Documents are processed efficiently without compromising browser performance or requiring data transmission.
  • Industry Standard: PDF.js is developed and maintained by Mozilla, the organization behind Firefox, ensuring rigorous security standards.

Word Document Processing (Mammoth.js)

  • Secure File Reading: Word documents are read directly from your device using browser-native <input type="file"> APIs that maintain strict security boundaries.
  • Client-Side Conversion: Documents are converted to HTML format locally, preserving formatting while maintaining privacy.
  • No External Transmission: Conversion processes complete entirely within your browser session with zero network communication.
  • Temporary Processing: Document data exists only in browser memory during active use and is immediately cleared upon completion.

Security Guarantees

Our document processing architecture provides the following security assurances:

  • Complete Data Isolation: Your academic work never enters any network transmission, server storage, or external processing pipeline.
  • No Cloud Storage: We do not store, cache, or retain any portion of your documents on any server, database, or cloud infrastructure.
  • Zero Network Footprint: Document content does not generate network requests, API calls, or data transmissions of any kind.
  • Instant Deletion: All processing occurs in volatile memory, ensuring automatic data erasure when you close the application.

Local Storage Implementation and User Control

CiteCount utilizes browser LocalStorage exclusively for optional user convenience features. This implementation prioritizes user autonomy while maintaining our commitment to data security.

How LocalStorage Enhances Your Experience

  • Optional Persistence: LocalStorage enables CiteCount to save your preferences and work progress locally on your device, allowing you to return to your work without re-uploading documents.
  • Device-Bound Storage: All saved data resides exclusively in your browser's isolated storage space, inaccessible to websites, servers, or other applications.
  • Zero Network Transmission: Data stored in LocalStorage never leaves your device. No synchronization, backup, or transmission occurs through CiteCount's infrastructure.
  • Session Continuity: Your extracted text and document content persist across browser sessions only if you choose, providing flexibility for extended work periods.

Your Data Rights and Control

We implement LocalStorage with strict adherence to user control principles:

  • Complete User Ownership: You maintain absolute control over all stored data, with the ability to review, modify, or delete information at any time.
  • No External Access: CiteCount cannot access your LocalStorage data remotely. There is no backdoor, API, or mechanism for us to view your stored content.
  • Transparent Deletion: Clearing your browser data or using private browsing modes immediately removes all CiteCount-stored information.
  • No Third-Party Sharing: LocalStorage data remains isolated within your browser environment and is never shared with third parties, analytics services, or external platforms.

Privacy Implications

Our LocalStorage implementation provides privacy-first benefits:

  • Offline Functionality: Work with complete privacy even without internet connectivity, as all features function locally.
  • Device-Specific Privacy: Your data exists only on the device you're using, preventing cross-device tracking or cloud-based vulnerabilities.
  • User-Initiated Clearing: You can instantly and permanently remove all traces of your work from CiteCount by clearing browser storage.

Open Source Commitment and Transparency

CiteCount operates as an open-source project, providing complete transparency into our codebase and operational practices. This commitment allows independent security researchers, developers, and users to verify our security claims through direct code inspection.

Benefits of Open Source Security

  • Public Auditability: Our entire source code is publicly available, enabling security experts to identify and report potential vulnerabilities.
  • Community Verification: Independent developers can verify that our platform operates exactly as documented, with no hidden data collection or transmission mechanisms.
  • Transparent Updates: All code changes are publicly tracked, ensuring any modifications to security-critical components are visible and reviewable.
  • No Security Through Obscurity: We rely on sound architectural practices rather than code secrecy, demonstrating confidence in our security model.

Our Commitment to Academic Integrity

We recognize that academic integrity is paramount for students and educators. CiteCount is designed to support—not compromise—your academic standing:

  • Plagiarism Detection Safety: Your work cannot be flagged through CiteCount usage since no content is submitted to external databases or similarity-checking services.
  • Institutional Compliance: Our zero-server architecture ensures compliance with institutional policies regarding document handling and data privacy.
  • Original Work Protection: Your intellectual property remains exclusively under your control, with no risk of unauthorized access or redistribution.
  • Tool Purpose Clarity: CiteCount serves purely as a counting utility, not a content modification or generation tool, aligning with academic integrity policies.

Continuous Security Commitment

We maintain ongoing dedication to security best practices and user privacy:

  • Regular Security Reviews: Our codebase undergoes continuous review to identify and address potential security concerns.
  • Privacy-First Development: New features are evaluated through a privacy-first lens, ensuring they don't compromise our security guarantees.
  • Responsive Disclosure: We welcome security reports from the community and commit to transparent, timely responses to identified concerns.
  • No Compromise on Principles: We will not introduce monetization models or features that require compromising our zero-server, privacy-first architecture.

Summary of Our Security Promise

CiteCount provides a secure, privacy-respecting environment for academic word counting through:

  • Complete client-side processing with zero server transmission
  • Industry-standard, open-source document processing libraries
  • Optional, device-bound LocalStorage under your complete control
  • Transparent, auditable open-source codebase
  • No third-party integrations that could compromise privacy
  • Commitment to academic integrity and institutional compliance

Your academic work represents significant intellectual investment. We designed CiteCount to serve this work with the highest standards of security and privacy, ensuring you can focus on your academic goals without compromising your data sovereignty.

Questions or Concerns? We encourage transparent dialogue about our security practices. Contact us here for clarification on any aspect of our security architecture.