The Well

Transparency

The Well is operated with a deliberately narrow read path. This page summarizes what the site does and does not do. The anonymity model and threat model in the repository describe the underlying architecture.

What we do not do

  • No subjective ratings. The Well does not publish opinions, scores, or ideological labels about judges. Entries describe procedure and cite sources.
  • No IP logging on contributor endpoints. The contribution path does not record IP addresses, user agents, or session identifiers tied to submissions.
  • No analytics. No analytics scripts, no session replay, no behavioral telemetry on any reader-facing or contributor-facing page.
  • No identity-to-contribution linkage. The submission path is architected so that no operator — including the maintainer — can link a specific observation to a specific verified contributor. Aggregation is mandatory before publication.
  • No AI in the data pipeline. Extractors are deterministic — regex and structural HTML parsing. No language model writes, paraphrases, or summarizes data.
  • No third-party trackers. The site loads no third-party JavaScript, no advertising pixels, no embedded widgets that would leak referrers.

What we do

  • Static, pre-rendered pages. Judge pages are HTML rendered at build time. There is no client-side JavaScript on judge pages and no runtime database.
  • Cloudflare Pages hosting. The site is served from Cloudflare Pages. Cloudflare's edge logs apply at the hosting layer; the site adds no analytics or instrumentation on top.
  • Source-cited fields. Every field on a judge page links to its source — a court URL, a standing-order PDF, a PACER-derived statistic, or an aggregated contributor observation.
  • Public build. The repository is public. Scrapers commit changes as Git diffs that anyone can audit. There is no private editorial layer.
  • Bug bounty. Cash rewards are available for security findings under SECURITY.md.

Data minimization

The Well only stores data that is necessary to publish judge pages. Contributor verification produces a credential, not a dossier; once a verification is complete, only the credential's status (active or revoked) is retained. Submission payloads contain procedural observations and nothing about the submitter.

Operational controls

  • Sole operator. Zachary Brenner retains sole control of the source repository, the production deployment, the associated domains, and all operational credentials.
  • Warrant canary. The warrant canary is updated weekly. Removal, qualification, or non-update of the canary should be treated as a signal.
  • Public disclosure. Material changes to data handling, hosting, or governance are announced in the repository changelog before they take effect, where possible.

Reporting concerns

Privacy concerns, data corrections, and security disclosures are triaged through the public repository under their respective labels. See SECURITY.md for security disclosures and the contribute page for data corrections.