Privacy Policy

Last updated: April 2026

1. Information We Collect

We collect information you provide directly to us, including:

  • Account information: Name, email address, firm name, and password when you create an account.
  • Consultation data: Text transcripts and extracted case details from conversations between website visitors and CaseBuddy widgets. Voice conversations are processed in real time by ElevenLabs (our conversational AI provider) — ElevenLabs may retain audio on their servers subject to their privacy policy. CaseBuddy stores text transcripts only; we do not store raw audio files on our servers.
  • Payment information: Billing details processed securely through Stripe. We do not store credit card numbers on our servers.
  • Usage data: Information about how you interact with our dashboard and services.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services.
  • Process consultations and generate case summaries and viability scores.
  • Send you notifications about new consultations and account activity.
  • Process payments and manage your subscription.
  • Respond to your requests and provide customer support.
  • Monitor and analyze usage trends to improve the service.

3. Data Retention

Consultation data is retained for 7 years by default, consistent with common legal industry record-keeping requirements. Account holders can request earlier deletion of specific consultation records. Account data is retained for the duration of your subscription plus 30 days after cancellation.

4. Third-Party Services

We use the following third-party services to operate CaseBuddy:

  • ElevenLabs: Voice conversation processing. Voice data is transmitted to ElevenLabs for real-time speech processing.
  • Anthropic (Claude): AI-powered data extraction, summarization, and scoring of consultation transcripts.
  • Stripe: Secure payment processing. Subject to Stripe's Privacy Policy.
  • Sentry: Error monitoring and performance tracking to maintain service reliability.
  • Resend: Transactional email delivery for notifications and account communications.

5. Data Security

We implement appropriate technical and organizational measures to protect your information:

  • Encryption in transit: All data is transmitted over TLS/HTTPS.
  • Encryption at rest: Consultation transcripts and case data are stored in our database (Neon PostgreSQL), which encrypts all data at rest using AES-256 at the storage layer.
  • Application-level encryption: We do not implement application-level field encryption of transcript content at this time. Access to transcript data is restricted to authenticated users within the appropriate law firm account.
  • Error monitoring: Error reports sent to our monitoring provider (Sentry) are scrubbed of request body content to prevent PII leakage.

In the event of a data breach affecting your personal information, we will notify affected users within 72 hours of becoming aware of the breach via the email address associated with your account, and report to applicable regulatory authorities as required by law.

6. Your Rights

You have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate information.
  • Request deletion of your data (subject to legal retention requirements).
  • Export your consultation data.
  • Opt out of non-essential communications.

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purposes for collecting it, and the categories of third parties with whom it is shared.
  • Right to delete: You may request deletion of personal information we have collected from you, subject to certain exceptions (for example, information we are required to retain by law).
  • Right to opt out of sale: CaseBuddy does not sell personal information to third parties.
  • Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights — you will not be denied services, charged different prices, or provided a different level of service as a result.

To exercise any of these rights, contact us at privacy@casebuddy.app. We will respond to verified requests within 45 days as required by applicable law.

7. Cookies

We use the following cookies on our website:

  • Authentication cookie (next-auth.session-token): Required to maintain your logged-in session. Expires after 8 hours of inactivity. This cookie is essential for using the dashboard and cannot be disabled without losing access to the Service.
  • Analytics cookies (ph_*): Set by PostHog to help us understand how visitors use our site and measure feature adoption. These cookies persist for up to 1 year. You can opt out by enabling “Do Not Track” in your browser or blocking cookies in browser settings.
  • Bot-protection tokens (Cloudflare Turnstile): Short-lived challenge tokens set during form submissions (login, signup) to verify human users. These expire at the end of your browser session and contain no personal information.

We do not use advertising cookies or sell data derived from cookie tracking to any third party.

8. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at privacy@casebuddy.app.