CaseWritBack to Home

Privacy Policy

Last updated: March 27, 2026

CaseWrit ("we", "us", "our") is committed to protecting your privacy and the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use the CaseWrit platform ("Platform", "Service").

CaseWrit is designed for legal case management, which means the data you store may be highly sensitive. We have built our Platform with privacy and security as foundational principles.

1. Information We Collect

1.1. Account Information

When you create an account via a third-party OAuth provider (Google, Microsoft, or Apple), we receive and store:

  • Full name
  • Email address
  • Profile image URL (from your OAuth provider)
  • OAuth provider identifier

1.2. Case Data (User-Provided Content)

You may upload or create the following types of content within the Platform:

  • Case details and descriptions
  • Evidence files (documents, chat exports, text files, PDFs)
  • Timeline events and chronological records
  • Charges, court dates, and legal proceedings
  • Notes, tags, and cross-references
  • Contact information for persons related to a case

1.3. Automatically Collected Information

  • Browser type and version
  • Device type and operating system
  • IP address
  • Pages visited and features used (if analytics cookies are accepted)
  • Timestamps of access and actions (audit log)

2. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Authenticate your identity and manage your account
  • Enable collaboration features within case Organizations
  • Generate reference IDs and cross-references for your case data
  • Maintain audit trails for legal integrity
  • Send important notifications about your account or the Service
  • Improve and optimize the Platform (using aggregated, anonymized data only)
  • Comply with legal obligations

3. Data Encryption and Security

Security is central to CaseWrit. We implement the following measures to protect your data:

3.1. Encryption

  • At rest: All case data is encrypted using AES-256-GCM encryption. Each user has a unique encryption key, meaning even in the unlikely event of a database breach, your data cannot be read without your specific key.
  • In transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
  • Per-user keys: Encryption keys are derived on a per-user basis, ensuring strict data isolation between users and Organizations.

3.2. Access Controls

  • Role-based access within Organizations (owner, editor, viewer)
  • All data queries are scoped to the authenticated user's authorized cases
  • OAuth-based authentication through trusted providers (Google, Microsoft, Apple)
  • Comprehensive audit trail of all data access and modifications

4. Who Can Access Your Data

4.1. You control access to your data. Only members you invite to a case Organization can access data within it, and only at the permission level you assign.

4.2. CaseWrit personnel do not access your case data in the ordinary course of business. We may access system logs and aggregated metadata for operational purposes, but we do not read your evidence, timelines, notes, or case content.

4.3. We will only disclose your data to third parties if:

  • You have given explicit consent
  • Required by law, regulation, or valid court order
  • Necessary to protect the rights, safety, or property of CaseWrit or others

5. Data Retention

5.1. Your case data is retained for as long as your account is active and you maintain the data on the Platform.

5.2. CaseWrit uses a soft-delete model for legal data. When you delete an item, it is marked as deleted but retained for 90 days before permanent removal. This protects against accidental deletion of critical legal evidence.

5.3. Upon account deletion, all associated data will be permanently removed within 30 days, except where retention is required by law.

5.4. Audit logs are retained for 7 years to comply with legal and regulatory requirements.

6. PIPEDA Compliance

CaseWrit is designed to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's federal privacy law. In accordance with PIPEDA:

  • We collect personal information only for identified, legitimate purposes
  • We obtain meaningful consent before collecting, using, or disclosing personal information
  • We limit collection to what is necessary for the identified purposes
  • We use and disclose personal information only for the purposes for which it was collected
  • We retain personal information only as long as necessary
  • We maintain accurate, complete, and up-to-date personal information
  • We protect personal information with appropriate security safeguards
  • We are transparent about our policies and practices
  • We provide individuals with access to their personal information upon request
  • We provide a mechanism for individuals to challenge our compliance

7. Cookies

CaseWrit uses the following categories of cookies:

7.1. Essential Cookies (Always Active)

Required for authentication, session management, and core Platform functionality. These cannot be disabled.

7.2. Analytics Cookies (Optional)

Used to collect anonymized usage data to help us improve the Platform. No personally identifiable information is included. You can opt out via the cookie consent banner.

7.3. Preference Cookies (Optional)

Used to remember your display settings, theme, and layout preferences. You can opt out via the cookie consent banner.

You can change your cookie preferences at any time by clearing your browser's local storage for the CaseWrit domain.

8. Third-Party Services

CaseWrit uses the following third-party services. Each has its own privacy policy:

ServicePurposeData Shared
VercelHosting and deploymentHTTP requests, IP addresses, performance metrics
Google OAuthAuthenticationName, email, profile image (via your Google account)
Neon (PostgreSQL)Database hostingAll stored application data (encrypted)

We do not sell, rent, or share your personal information with third-party advertisers or data brokers.

9. Data Breach Notification

In the event of a data breach that poses a real risk of significant harm, we will:

  • Notify affected users by email as soon as feasible, and in any case within 72 hours of becoming aware of the breach
  • Report the breach to the Office of the Privacy Commissioner of Canada as required under PIPEDA
  • Provide details of the nature of the breach, the data involved, steps we are taking, and steps you can take to protect yourself
  • Maintain a record of all breaches, whether or not notification was required

10. Your Rights

Under PIPEDA and applicable privacy legislation, you have the right to:

10.1. Access

Request a copy of the personal information we hold about you. We will respond within 30 days.

10.2. Correction

Request correction of any inaccurate or incomplete personal information. You can also update most information directly through your account settings.

10.3. Deletion

Request deletion of your personal information and account. Upon verified request, we will permanently delete your data within 30 days, subject to any legal retention requirements.

10.4. Data Portability

Export your case data at any time using the Platform's built-in export features. Exports are available in standard formats (PDF, JSON, CSV).

10.5. Withdraw Consent

Withdraw your consent for optional data processing (such as analytics cookies) at any time. Note that withdrawing consent for essential processing may require account termination.

11. Children's Privacy

CaseWrit is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a minor, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Notify you by email or through a notice on the Platform
  • Provide at least 30 days' notice before changes take effect

13. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact:

CaseWrit — Privacy Officer
Email: privacy@casewrit.com
Ontario, Canada

If you are not satisfied with our response, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.