Privacy Policy

Introduction

CaseClock Inc. ("CaseClock," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, share, and protect personal information when you visit our website at https://caseclock.ai (the "Site"), use our products and services (the "Services"), or otherwise interact with us.

CaseClock is incorporated in Canada. This policy is designed to comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), applicable provincial privacy legislation including Quebec's Act respecting the protection of personal information in the private sector (Law 25), and other applicable privacy laws.

Accountability

CaseClock Inc. is the organization responsible for personal information collected and processed in connection with the Services, for the purposes of PIPEDA and applicable provincial privacy legislation.

We collect, use, and disclose personal information only for the purposes identified at or before the time of collection, and only to the extent necessary to fulfill those purposes.

Information We Collect

Information You Provide

We collect information you voluntarily provide when you interact with the Site or Services, including when you:

• Register for an account or request a demo
• Use our voice capture, time entry, or billing features
• Contact customer support or communicate with us
• Subscribe to marketing communications
• Apply for employment with CaseClock

The categories of information we may collect include:

• Contact Information: Name, email address, phone number, firm or organization name, job title
• Account Credentials: Username, password, and account settings
• Professional Information: Practice area, organization size, jurisdiction, bar affiliation
• Payment Information: Billing contact details, subscription and transaction history. Payment card details are processed by our third-party payment processor and we do not store full card numbers
• Customer Content: Time entries, billing narratives, voice recordings, transcriptions, client and matter information, work descriptions, files and attachments you upload, and configuration settings
• Communications: Messages you send to us, feedback, survey responses, event registrations
• Job Applicant Information: Resume, employment history, education, references, and other application materials

Voice Data

When you use our voice capture feature, your voice recording is transmitted to our transcription service, converted to text, and then permanently deleted. We do not retain voice recordings after your time entry is created. Only the resulting text transcription is stored as part of your time entry data.

AI and Customer Data

Your client information, billing data, and time entries are never used to train AI models — ours or anyone else's. AI features in CaseClock process your data only to deliver the services you request.

Information Collected Automatically

When you visit the Site or use the Services, we automatically collect certain information about your device and usage, including usage data (features used, pages viewed, actions taken) and device and technical information (IP address, browser type, device identifiers, operating system).

We use cookies, web beacons, log files, and similar tracking technologies to collect this information. Most browsers allow you to manage cookie preferences through their settings.

How We Use Information

We use personal information to:

• Provide and operate the Services: Create and manage accounts, process transactions, provide features, deliver customer support
• Process Customer Data as a service provider: Handle time entries, billing data, voice transcription, validation, and reporting as directed by business customers
• Improve the Services: Monitor performance, conduct research and analytics, develop new features, debug and troubleshoot
• Communicate with you: Send service-related messages, security alerts, administrative notices, respond to inquiries, provide support
• Marketing: Send newsletters, product updates, and promotional communications with your consent (you may withdraw consent at any time)
• Legal compliance and protection: Comply with applicable laws, enforce agreements, protect rights and property, detect and prevent fraud and security incidents

How We Share Information

We do not sell your personal information. We may share personal information in the following circumstances:

• Service Providers: We share information with service providers that process data on our behalf for hosting, data storage, analytics, email delivery, payment processing, and customer support. These providers are contractually required to protect your information and use it only for authorized purposes
• Business Customers and Account Administrators: When you use the Services under an account provisioned by a business customer, that customer and its authorized users may access information about your use of the Services
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, personal information may be disclosed or transferred, subject to appropriate confidentiality protections
• Legal and Safety Purposes: We may disclose information to comply with laws, legal processes, governmental requests, enforce our agreements, or protect rights, property, safety, or the public
• With Your Consent: We may share information when you authorize or direct us to do so

Data Security and Infrastructure

We implement administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, loss, alteration, or disclosure. Our security measures include:

• Hosting on Microsoft Azure cloud infrastructure with enterprise-grade security controls
• Encryption of data in transit using industry-standard protocols (TLS/SSL)
• Encryption of data at rest where appropriate
• Access controls, authentication, and role-based permissions
• Logging and monitoring of systems and access events

Canadian Data Residency: Personal information belonging to Canadian users is stored on Microsoft Azure servers located in Canada. Where data must be accessed or processed across borders (for example, by CaseClock personnel or service providers outside Canada), we ensure appropriate contractual protections are in place consistent with PIPEDA requirements.

Data Retention

We retain personal information for as long as reasonably necessary to provide the Services, comply with legal obligations, enforce our agreements, and resolve disputes. We may anonymize or aggregate personal information, in which case we may retain and use that information for any lawful purpose.

Your Rights and Choices

Under PIPEDA and applicable provincial privacy legislation, you have the right to:

• Access: Request confirmation of whether we hold personal information about you and obtain a copy
• Correction: Request correction of inaccurate or incomplete personal information
• Withdrawal of Consent: Withdraw consent to the collection, use, or disclosure of your personal information (subject to legal and contractual restrictions)
• Challenge Compliance: Challenge our compliance with PIPEDA by contacting us or the Office of the Privacy Commissioner

To exercise these rights, contact our Privacy Contact at legal@caseclock.ai. We will respond within the timeframes required by applicable law. We may need to verify your identity before fulfilling a request.

Canadian Privacy Legislation

PIPEDA

CaseClock complies with the Personal Information Protection and Electronic Documents Act (PIPEDA). Our purposes for collecting personal information are described in the "How We Use Information" section above. We obtain consent at or before the time of collection, except where law permits otherwise.

If you believe your privacy rights under PIPEDA have not been respected, you may file a complaint with the Office of the Privacy Commissioner of Canada (OPC) at www.priv.gc.ca.

Quebec — Law 25

For users in Quebec, CaseClock complies with the Act respecting the protection of personal information in the private sector (Law 25 / Bill 64). In accordance with Law 25, we:

• Collect only the personal information necessary for the identified purposes
• Obtain your consent before collecting, using, or communicating your personal information
• Maintain a record of our personal information processing activities
• Notify you and the Commission d'accès à l'information (CAI) in the event of a confidentiality incident that presents a risk of serious injury
• Facilitate the exercise of your right to data portability, the right to be forgotten (deindexation), and the right to withdraw consent

If you are a Quebec resident and wish to exercise your rights or file a complaint, you may also contact the Commission d'accès à l'information (CAI) at www.cai.gouv.qc.ca.

Marketing Communications

We only send marketing communications with your consent, consistent with Canada's Anti-Spam Legislation (CASL). You may withdraw your consent at any time by clicking the unsubscribe link in our emails or by contacting us at legal@caseclock.ai.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page and may provide additional notice where required by law.

Your continued use of the Site or Services after changes become effective indicates acceptance of the updated Privacy Policy.

Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our privacy practices, or if you wish to exercise your rights, please contact our Privacy Contact at:

Email: legal@caseclock.ai

If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada at www.priv.gc.ca or, for Quebec residents, the Commission d'accès à l'information at www.cai.gouv.qc.ca.

US users? View our US Privacy Policy (CCPA).