Privacy Policy
Last updated: 2026-05-12
Who we are
CasePlus AI ("CasePlus", "we", "us") provides AI-powered client intake software to plaintiff law firms ("Customers"). This Privacy Policy explains how we handle information about (a) Customers and their authorized users, and (b) the visitors ("Visitors") who interact with our intake widget, phone line, or SMS messages on a Customer's behalf.
Information we collect
From Customers (firm accounts)
- Account details: firm name, billing contact email, user names and email addresses, role.
- Authentication identifiers via Clerk (our auth provider).
- Payment information processed by Stripe — we do not store card numbers.
- Settings you configure (practice areas, notification preferences, brand colors, etc.).
From Visitors (intake conversations)
- The text the Visitor types into the widget or speaks over the phone, including any contact information they provide (name, phone number, email address).
- Documents the Visitor uploads (police reports, photos, medical records).
- Conversation metadata: session ID, timestamps, browser language, referring URL.
- Phone number and call metadata when a Visitor calls the AI phone intake line or receives SMS messages.
- SMS opt-in status, consent timestamps, and opt-out requests.
- Visitors are shown a consent notice before sending their first message and informed that the conversation is with an AI assistant, is not legal advice, and does not create an attorney-client relationship.
How we use information
- To provide intake conversations and qualify cases for the Customer firm.
- To generate summaries, demand letters, and other AI artifacts the Customer requests.
- To send transactional emails (lead alerts to firms, follow-up reminders to Visitors who consented).
- To send SMS messages to Visitors who have opted in, including intake follow-ups, case status updates, and appointment reminders on behalf of Customer firms.
- To bill Customers and prevent abuse of the service.
- To improve product reliability through aggregated, de-identified analytics. We do not train AI models on Customer data.
How we share information
We share Visitor and Customer data only with the service providers we depend on to operate the product:
- Anthropic — for the LLM calls that power intake conversations, qualification, summaries, demand letters, and document analysis. Anthropic's terms specify that API inputs are not used for training.
- OpenAI — used as a fallback only when Anthropic is unavailable.
- ElevenLabs — for optional voice mode (text-to-speech). Receives the text of assistant turns.
- Twilio — for SMS messaging and phone call delivery. Twilio receives Visitor phone numbers, message content, and call metadata in order to deliver messages and connect calls. Twilio's privacy practices are described at https://www.twilio.com/legal/privacy.
- Vercel — hosting and edge network; receives request metadata and uploaded files (Vercel Blob).
- Neon — Postgres database; stores all account data.
- Resend — transactional email delivery.
- Stripe — payment processing.
- Clerk — authentication for firm users.
- Inngest — background job orchestration.
We share data with the Customer firm whose widget the Visitor used — the entire purpose of intake is for the firm's attorneys to review. We do not sell personal information.
Third-party integrations the firm enables
Customer firms can enable integrations from their CasePlus dashboard that forward Visitor lead data to a destination of their choice — for example, a Clio account, a Slack channel, a Zapier workflow, or a custom webhook URL pointing at the firm's own systems. When such an integration is enabled:
- We forward the lead data — including the Visitor's name, contact information, conversation transcript, AI-generated case summary, extracted facts, scoring, and any documents the Visitor uploaded during intake (medical records, police reports, photos, etc.) — to the destination chosen by the Customer firm.
- The Customer firm is solely responsible for ensuring the destination's data handling complies with all applicable privacy and security laws, including HIPAA where applicable, state privacy statutes (such as CCPA, BIPA), and any obligations under the firm's professional rules of ethics regarding client confidentiality.
- Once data is delivered to a third-party destination, that destination's privacy policy and terms govern its handling. CasePlus does not retain copies of the data inside those third-party systems and cannot delete data on the Customer firm's behalf from those systems.
- Each integration is opt-in. CasePlus does not enable any third-party integration by default. The Customer firm's admin must explicitly turn on each integration and provide its configuration (URL, OAuth authorization, etc.).
If you are a Visitor and would like to know which integrations a specific Customer firm has enabled, contact that firm directly. CasePlus operates the platform on the firm's behalf and the firm is the data controller for the lead information you provide.
SMS and text messaging
What messages we send
When a Visitor provides their phone number during intake and consents to receive text messages, we may send the following types of SMS on behalf of the Customer firm:
- Verification codes to confirm the Visitor's phone number or email address.
- Intake follow-up reminders (e.g., at 24 hours, 72 hours, and 7 days after intake).
- Case status updates when an attorney marks a lead as contacted, signed, or updated.
- Manual messages composed by the Customer firm's staff from the lead detail page.
Consent
We send SMS messages only to Visitors who have affirmatively opted in by providing their phone number and consenting to receive texts during the intake process. Consent is not a condition of using the intake widget or receiving legal services. By opting in, the Visitor agrees to receive recurring automated text messages from CasePlus AI on behalf of the Customer firm. Message frequency varies depending on case activity. Message and data rates may apply.
Opting out
Every SMS message includes instructions to reply STOP to unsubscribe. Replying STOP immediately removes the Visitor from all future SMS messages and records the consent change in our audit trail. Visitors may also opt out by contacting the Customer firm directly or by emailing us at privacy@caseplus.ai. After opting out, no further SMS messages will be sent unless the Visitor re-consents.
Help
Reply HELP to any SMS message for support information, or contact us at support@caseplus.ai.
No sharing of phone numbers or SMS consent
We do not sell, rent, or share Visitor phone numbers with third parties for their own marketing purposes. Phone numbers are shared only with Twilio (our SMS delivery provider) and the Customer firm whose widget or phone line the Visitor used.
Mobile information and consent for receiving text messages will not be shared with third parties or affiliates for marketing or promotional purposes. All the categories of personal information described in this policy exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
Security
- Visitor contact information (name, phone, email) is encrypted at rest using AES-256-GCM application-layer encryption.
- The CasePlus AI server scrubs detected social-security numbers, credit-card numbers, and dates of birth from intake transcripts before they are persisted or sent to the LLM.
- All connections use TLS in transit.
- Access to production data is restricted to authorized engineers.
Retention
Customer accounts and the data within them are retained for the life of the subscription plus a 30-day grace period after cancellation, after which all data is deleted. SMS consent records and opt-out logs are retained for a minimum of five (5) years after the last message is sent to comply with TCPA recordkeeping best practices. Visitors may request deletion of their conversation by contacting the firm whose widget they used (the firm is the data controller; CasePlus is the processor).
Your rights
Depending on your jurisdiction, you may have rights to access, correct, delete, or port your personal information, and to object to or restrict certain processing. To exercise these rights as a Visitor, contact the firm whose widget you used. As a Customer, contact us using the address below.
California residents (CCPA/CPRA)
If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of any sale of personal information. We do not sell personal information. To make a request, contact us at privacy@caseplus.ai.
International transfers
CasePlus AI is operated from the United States. By using the Service, you understand that information will be transferred to and processed in the United States.
Children
The Service is not directed to children under 13. We do not knowingly collect personal information from children.
Changes to this policy
We may update this policy from time to time. Material changes will be communicated to Customers by email and posted with a new "Last updated" date above.
Contact
Questions or requests can be sent to privacy@caseplus.ai.