45-Day Free Trial — No Credit Card Required
CaseClock — Voice-First Legal Billing for Lawyers

Legal

Privacy Policy

How CaseClock collects, uses, and protects your data.

Canada

Effective Date: April 9, 2026

Introduction

CaseClock Inc. ("CaseClock," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, share, and protect personal information when you visit our website at https://caseclock.ai (the "Site"), use our products and services (the "Services"), or otherwise interact with us.

CaseClock is incorporated in Canada. This policy is designed to comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), applicable provincial privacy legislation including Quebec's Act respecting the protection of personal information in the private sector (Law 25), and other applicable privacy laws.

Accountability

CaseClock Inc. is the organization responsible for personal information collected and processed in connection with the Services, for the purposes of PIPEDA and applicable provincial privacy legislation.

We collect, use, and disclose personal information only for the purposes identified at or before the time of collection, and only to the extent necessary to fulfill those purposes.

By creating a CaseClock account and agreeing to our Terms and Conditions and Privacy Policy at the time of signup, you consent to the collection, use, and disclosure of your personal information as described in this policy. This includes your consent to the collection, storage, and AI-assisted processing of your audio recordings, transcripts, and matter details by CaseClock and its service providers, including Microsoft Azure and Azure OpenAI, as described below. You may withdraw consent at any time, subject to legal and contractual restrictions, by contacting us at legal@caseclock.ai.

Information We Collect

Information You Provide

We collect information you voluntarily provide when you interact with the Site or Services, including when you:

  • Register for an account or request a demo
  • Use our voice capture, time entry, or billing features
  • Contact customer support or communicate with us
  • Subscribe to marketing communications
  • Apply for employment with CaseClock

The categories of information we may collect include:

  • Contact Information: Name, email address, phone number, firm or organization name, job title
  • Account Credentials: Username, password, and account settings
  • Professional Information: Practice area, organization size, jurisdiction, bar affiliation
  • Payment Information: Billing contact details, subscription and transaction history. Payment card details are processed by our third-party payment processor and we do not store full card numbers
  • Customer Content: Time entries, billing narratives, voice recordings, transcriptions, client and matter information, work descriptions, files and attachments you upload, and configuration settings
  • Communications: Messages you send to us, feedback, survey responses, event registrations
  • Job Applicant Information: Resume, employment history, education, references, and other application materials

Information Collected Automatically

When you visit the Site or use the Services, we automatically collect certain information about your device and usage, including usage data (features used, pages viewed, actions taken) and device and technical information (IP address, browser type, device identifiers, operating system).

We use cookies, web beacons, log files, and similar tracking technologies to collect this information. Most browsers allow you to manage cookie preferences through their settings.

How We Use Information

We use personal information to:

  • Provide and operate the Services: Create and manage accounts, process transactions, provide features, deliver customer support
  • Process Customer Data as a service provider: Handle time entries, billing data, voice transcription, validation, and reporting as directed by business customers
  • Improve the Services: Monitor performance, conduct research and analytics, develop new features, debug and troubleshoot
  • Analyze usage patterns and improve product quality: We retain transcript data to understand how CaseClock is being used and to inform product improvements. This data is used in aggregate and is not shared with third parties for this purpose.
  • Communicate with you: Send service-related messages, security alerts, administrative notices, respond to inquiries, provide support
  • Marketing: Send newsletters, product updates, and promotional communications with your consent (you may withdraw consent at any time)
  • Legal compliance and protection: Comply with applicable laws, enforce agreements, protect rights and property, detect and prevent fraud and security incidents

How We Share Information

We do not sell your personal information. We may share personal information in the following circumstances:

  • Service Providers: We share information with service providers that process data on our behalf for hosting, data storage, analytics, email delivery, payment processing, and customer support. These providers are contractually required to protect your information and use it only for authorized purposes
  • Business Customers and Account Administrators: When you use the Services under an account provisioned by a business customer, that customer and its authorized users may access information about your use of the Services
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, personal information may be disclosed or transferred, subject to appropriate confidentiality protections
  • Legal and Safety Purposes: We may disclose information to comply with laws, legal processes, governmental requests, enforce our agreements, or protect rights, property, safety, or the public
  • With Your Consent: We may share information when you authorize or direct us to do so

Data Security and Infrastructure

We implement administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, loss, alteration, or disclosure. Our security measures include:

  • Hosting, storage, and AI processing on Microsoft Azure cloud infrastructure, including Azure OpenAI for voice transcription and time-entry generation, with enterprise-grade security controls
  • Encryption of data in transit using industry-standard protocols (TLS/SSL)
  • Encryption of data at rest where appropriate
  • Access controls, authentication, and role-based permissions
  • Logging and monitoring of systems and access events

Canadian Data Residency: Personal information belonging to Canadian users is stored on Microsoft Azure servers located in Canada. Where data must be accessed or processed across borders (for example, by CaseClock personnel or service providers outside Canada), we ensure appropriate contractual protections are in place consistent with PIPEDA requirements.

AI Processing, Cloud Hosting, and Third-Party Services

Cloud Infrastructure

CaseClock uses Microsoft Azure for cloud hosting, data storage, and data processing. Personal information belonging to Canadian users is stored on Microsoft Azure servers located in Canada. Audio recordings submitted by Canadian users are processed for transcription within Microsoft Azure's Canadian region. No cross-border transfer of audio data occurs during transcription.

AI-Assisted Features

Some CaseClock features use artificial intelligence to help you create billing and time entries. When you record audio using the CaseClock app, we use OpenAI language models hosted through Microsoft Azure (Azure OpenAI) to transcribe your recording and generate a draft time entry. This processing occurs within Microsoft's Azure environment, not through OpenAI's consumer-facing services.

Based on Microsoft's published documentation, prompts, completions, and customer data processed through Azure OpenAI are not made available to OpenAI and are not used to train or improve OpenAI's foundation models without customer permission.

What Is Transmitted When You Record Audio

When you use the recording feature, the following information is transmitted to Azure OpenAI for transcription and time-entry generation:

  • Your audio recording, as an M4A audio file, sent after recording is complete
  • Your account identifier, included in the audio filename
  • The date of the recording
  • Your matter and client details, including client name, matter name, practice area, jurisdiction, and billing rate, used to generate an accurate draft time entry

The transcript generated from your audio is returned to CaseClock's servers and used to produce a draft billing entry in your account. Your professional profile data is used to personalize the content of that entry.

Audio Recordings and Transcripts

Audio recordings and transcripts are retained by CaseClock indefinitely. There is currently no automated deletion schedule. You may request deletion of your audio recordings or transcripts at any time by contacting us at legal@caseclock.ai.

Your client information, billing data, and time entries are never used to train AI models. AI features in CaseClock process your data only to deliver the services you request.

We share data with third-party service providers, including Microsoft Azure, only to the extent necessary to provide the CaseClock service. These providers are contractually required to protect your information. We do not sell your personal information to third parties.

Where personal information is processed by third-party service providers, we ensure that appropriate contractual protections consistent with PIPEDA and applicable provincial privacy legislation are in place. For Canadian users, audio transcription and AI processing occur within Microsoft's Canadian Azure region. No cross-border transfer of audio data occurs during transcription or entry generation.

Data Retention

We retain personal information for as long as reasonably necessary to provide the Services, comply with legal obligations, enforce our agreements, and resolve disputes. Specific retention practices are as follows.

  • Audio recordings: Retained indefinitely. No automated deletion is currently configured. You may request deletion at any time by contacting legal@caseclock.ai.
  • Transcripts and billing entries: Retained in your workspace account indefinitely. You may request deletion at any time by contacting legal@caseclock.ai.
  • Account and profile data: Retained for the duration of your account and for any period required by applicable law following account closure.

We may anonymize or aggregate personal information so that it no longer identifies you, in which case we may retain and use that information for any lawful purpose.

Your Rights and Choices

Under PIPEDA and applicable provincial privacy legislation, you have the right to:

  • Access: Request confirmation of whether we hold personal information about you and obtain a copy
  • Correction: Request correction of inaccurate or incomplete personal information
  • Withdrawal of Consent: Withdraw consent to the collection, use, or disclosure of your personal information (subject to legal and contractual restrictions)
  • Challenge Compliance: Challenge our compliance with PIPEDA by contacting us or the Office of the Privacy Commissioner

To exercise these rights, contact our Privacy Contact at legal@caseclock.ai. We will respond within the timeframes required by applicable law. We may need to verify your identity before fulfilling a request.

Canadian Privacy Legislation

PIPEDA

CaseClock complies with the Personal Information Protection and Electronic Documents Act (PIPEDA). Our purposes for collecting personal information are described in the "How We Use Information" section above. We obtain consent at or before the time of collection, except where law permits otherwise.

If you believe your privacy rights under PIPEDA have not been respected, you may file a complaint with the Office of the Privacy Commissioner of Canada (OPC) at www.priv.gc.ca.

Quebec — Law 25

For users in Quebec, CaseClock complies with the Act respecting the protection of personal information in the private sector (Law 25 / Bill 64). In accordance with Law 25, we:

  • Collect only the personal information necessary for the identified purposes
  • Obtain your consent before collecting, using, or communicating your personal information
  • Maintain a record of our personal information processing activities
  • Notify you and the Commission d'accès à l'information (CAI) in the event of a confidentiality incident that presents a risk of serious injury
  • Facilitate the exercise of your right to data portability, the right to be forgotten (deindexation), and the right to withdraw consent

If you are a Quebec resident and wish to exercise your rights or file a complaint, you may also contact the Commission d'accès à l'information (CAI) at www.cai.gouv.qc.ca.

Marketing Communications

We only send marketing communications with your consent, consistent with Canada's Anti-Spam Legislation (CASL). You may withdraw your consent at any time by clicking the unsubscribe link in our emails or by contacting us at legal@caseclock.ai.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page and may provide additional notice where required by law.

Your continued use of the Site or Services after changes become effective indicates acceptance of the updated Privacy Policy.

Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our privacy practices, or if you wish to exercise your rights, please contact our Privacy Contact at:

Email: legal@caseclock.ai

If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada at www.priv.gc.ca or, for Quebec residents, the Commission d'accès à l'information at www.cai.gouv.qc.ca.

US users? View our US Privacy Policy (CCPA).