---
name: deployment-privacy
description: Use when making architectural or implementation decisions that affect upload privacy, server retention, logging, deployment configuration, and public release safety for the Lattes2BibTeX webtool.
---

# Deployment Privacy

Use this skill when a change may affect what user data touches the server or repository.

## Hard Requirements

- No cookies
- No authentication requirement for conversion
- No database persistence
- No raw XML or generated BibTeX stored after the response completes
- No raw upload content in logs
- Explicit upload size limit

## Runtime Expectations

- Process uploaded files in memory only
- Return structured validation errors
- Keep server behavior stateless and disposable
- Document privacy guarantees in `README.md`

## Public Release Checklist

- `.gitignore` excludes private raw fixtures and local build artifacts
- Sanitized fixtures are the only versioned samples
- Deployment target supports Node runtime without introducing storage side effects
- Manual verification confirms that ORCID import workflow still works with generated BibTeX