Privacy Policy

Last Updated: November 29, 2025

1. What We Collect

Personal Information

  • Email address and account credentials
  • Full name
  • Payment information (processed and stored by Stripe, not by us)
  • IP address and browser information (for security and fraud prevention)

Case Data

  • Evidence files you upload (PDFs, images, documents)
  • Generated timelines and extracted events
  • Case titles and descriptions
  • Generated PDF documents

Usage Data

  • Session information and authentication tokens
  • Processing logs and error reports
  • Feature usage and interaction analytics
2. How We Use Your Data
  • Process your evidence: Extract dates, events, and actors using OCR and AI
  • Generate timelines: Create chronological timelines and exhibit indexes
  • Store your cases: Securely retain your data for 30-90 days (based on tier)
  • Provide support: Respond to your inquiries and troubleshoot issues
  • Process payments: Handle transactions via Stripe
  • Send notifications: Email confirmations, payment receipts, and case completion alerts
  • Improve our service: Analyze usage patterns to enhance features (anonymized data only)
  • Security and fraud prevention: Protect against unauthorized access and abuse
3. Third-Party Services

We share your data with the following trusted third-party services:

Anthropic (Claude AI)

Purpose: Event extraction from uploaded files

Privacy Policy: anthropic.com/privacy

Note: Your file content is sent to Anthropic's API for processing. Anthropic does not train on your data.

Stripe

Purpose: Payment processing

Privacy Policy: stripe.com/privacy

Note: We do not store your credit card information. All payment data is handled by Stripe (PCI DSS compliant).

SendGrid / Resend

Purpose: Email delivery (notifications, receipts)

Data shared: Your email address and name

Railway / Vercel

Purpose: Application hosting and infrastructure

Data stored: All application data (encrypted at rest and in transit)

4. Data Retention

Automatic Deletion

  • Basic Tier: All case data (files, timelines, PDFs) deleted after 30 days
  • Standard Tier: All case data deleted after 60 days
  • Premium Tier: All case data deleted after 90 days
  • Account Data: Retained until you delete your account
  • Payment Records: Retained for 7 years (legal requirement for tax/accounting)

Manual Deletion

You can delete individual cases at any time from your dashboard. Data is permanently deleted within 7 days.

5. Your Rights

Under GDPR (EU users) and CCPA (California users), you have the following rights:

Right to Access

Request a copy of all personal data we hold about you

Contact: privacy@haiec.com

Right to Delete

Request deletion of your account and all associated data

Available in your account settings or email admin@haiec.com

Right to Rectification

Correct inaccurate personal information

Update your information in account settings

Right to Data Portability

Export all your data in a machine-readable format

Use the "Export My Data" feature in account settings

Right to Object

Object to processing of your data for marketing purposes

Unsubscribe from emails or contact privacy@haiec.com

Right to Lodge a Complaint

Contact your local Data Protection Authority if you believe we mishandled your data

6. Cookies and Tracking

Essential Cookies

We use essential cookies required for the service to function:

  • Session Management: Keeps you logged in
  • Authentication: Verifies your identity
  • Security: Prevents CSRF attacks

Analytics (Optional)

We may use anonymized analytics to understand how users interact with our service. No personally identifiable information is collected.

You can disable cookies in your browser settings, but some features may not work properly.

7. Security

We implement industry-standard security measures:

  • Encryption: All data encrypted at rest (AES-256) and in transit (TLS 1.3)
  • Access Control: User-owned resources protected by authentication
  • Password Security: Bcrypt hashing with 12 rounds
  • Infrastructure: Hosted on secure platforms (Railway, Vercel)
  • Regular Updates: Dependencies and security patches applied promptly

However, no system is 100% secure. We cannot guarantee absolute security of your data.

8. Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will:

  • Notify affected users within 72 hours via email
  • Post a notification on our website and dashboard
  • Describe what data was compromised
  • Explain steps we're taking to address the breach
  • Provide guidance on protecting yourself
  • Report to relevant authorities as required by law
9. GDPR Compliance (EU Users)

Legal Basis for Processing

We process your data based on:

  • Contractual Necessity: To provide the service you requested
  • Consent: You explicitly agreed to our Terms and Privacy Policy
  • Legitimate Interest: Fraud prevention and service improvement

Data Transfers

Your data may be transferred to and processed in the United States. We ensure adequate safeguards through:

  • Standard Contractual Clauses with third-party providers
  • Encryption of all data in transit and at rest
  • Privacy Shield (where applicable)

Data Protection Officer

For privacy-related inquiries: privacy@haiec.com

10. CCPA Compliance (California Users)

Do Not Sell My Personal Information

We do not sell your personal information to third parties.

Right to Know

You can request information about what personal data we collect, use, and share. Email: privacy@haiec.com

Right to Delete

You can request deletion of your personal information (subject to legal retention requirements for payment records).

Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

11. No AI Training on Your Data

We do NOT use your data to train AI models.

  • Your uploaded documents are processed by Anthropic's Claude AI for text extraction only
  • Anthropic does NOT train their models on API data (per their data usage policy)
  • We do NOT train any internal AI models on your content
  • Your data is NOT used for machine learning, analytics training, or model improvement
  • We do NOT sell, license, or share your data for AI training purposes

Your documents are processed in real-time and are not retained by AI providers after processing is complete.

12. Children's Privacy

CourtCase is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe a child under 18 has provided us with personal information, please contact us at privacy@haiec.com, and we will delete it immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. For material changes, we will notify you via email or dashboard notification.

Continued use of the service after changes constitutes acceptance of the updated policy.

14. Contact Us

For privacy-related questions or to exercise your rights:

Privacy Email: privacy@courtcase.app

General Support: support@courtcase.app

Company: KingCaliber LLC (DBA CourtCase, DBA Haiec)

Location: Texas, United States

This Privacy Policy was last updated on November 29, 2025. Previous versions are available upon request.

Also see: Terms of Service | Data Processing Agreement

Back to Home