DraftThis document is a working draft pending review by Caseflow's outside counsel. It is not legally binding in its current state. The final version will be signed off and posted before the public launch.

Legal · June 1, 2026

Privacy Policy

What we collect, why we collect it, and what you can do about it.

Effective June 1, 2026 · Last updated June 1, 2026

Summary

We collect three categories of data: (1) account information you give us, (2) evidence files you upload to be processed, and (3) product analytics about how you use the app. We never sell any of it, never use your evidence to train models for other customers, and delete on request within 30 days.

1. What we collect

Account information: name, email, firm, bar number, billing address.
Evidence files: the audio, video, images, and documents you upload for processing. Stored encrypted under a per-firm key.
Product analytics: page views, click events, feature usage. Collected via PostHog. IP addresses are not persisted; session recordings are disabled by default.
Support communications: messages you send us via email or in-app chat.

2. Why we collect it

Account information is used to provision and bill your account. Evidence files are used exclusively to provide AI processing back to you. Product analytics are used to understand which features are useful and to fix what isn't.

3. What we don't do

We don't sell or rent your data to anyone. We don't use your evidence files to train AI models for other customers (or for us). We don't serve ads. We don't share data with law enforcement unless compelled by valid US legal process.

4. Subprocessors

We use a small number of vendors to deliver the service. The full list is at caseflow.me/subprocessors and is updated whenever it changes.

5. Your rights

You can: (a) export all your data, (b) correct anything inaccurate, (c) request deletion (we comply within 30 days), (d) export an audit log of every time your data was accessed. Email privacy@caseflow.me to exercise any of these.

6. Retention

Account data is retained while your account is active. Evidence files default to 90 days post-case-close retention; you can configure immediate deletion in firm settings. Audit logs are retained for 7 years per legal industry norms.

7. Security

See our security page for the full technical posture. Highlights: TLS 1.3 everywhere, per-tenant CMK encryption at rest, immutable audit log, annual third-party penetration testing.

8. Children

Caseflow is for use by licensed attorneys and legal professionals only. We do not knowingly collect data from anyone under 18.

9. International transfers

Caseflow stores all customer data in US-East datacenters. We do not replicate data outside the United States. If we ever change this, affected customers will be notified at least 90 days in advance.

10. Changes

Material changes to this policy are emailed to account owners at least 30 days before taking effect.

11. Contact

Privacy: privacy@caseflow.me · General: hello@caseflow.me · Caseflow, Inc., Wilmington, DE

Questions about this document? Contact us.

Security overview →