[DRAFT — This policy is under attorney review and is not yet legally binding.]

Privacy Policy

Last updated: April 27, 2026

What we collect

When you create an account, we collect your email address and any profile information you voluntarily provide. When you use CasePilot, we collect the documents you upload (PDFs, Word files, spreadsheets, email exports, and similar legal files), the questions and queries you submit to the Q&A system, and usage data such as which features you access and when.

We do not collect your name, phone number, social security number, or financial account numbers unless those appear inside documents you choose to upload. We do not run advertising trackers or analytics services that share your data with third parties.

How your data is stored

Your account data and case metadata are stored in a PostgreSQL database hosted on Fly.io infrastructure in the United States. Uploaded documents are stored as encrypted blobs on Cloudflare R2 (US region). Encryption at rest uses AES-256; encryption in transit uses TLS 1.3. Documents are associated with your account and are not accessible to other users.

AI analysis runs on your documents transiently — documents are passed to the AI model for processing and are not retained by the model provider beyond the API call. We use Google Gemini as our primary AI provider; their data processing terms apply to that transient interaction.

Document handling

Legal documents you upload are processed to extract text, which is then indexed for search and passed to AI models to answer your questions and generate draft documents. Extracted text is stored on your account and is not shared with any third party, sold, or used to train AI models.

You are responsible for ensuring you have the right to upload any document to CasePilot. Do not upload documents subject to a protective order unless you have confirmed that cloud storage is permitted under that order.

What we do not do

  • We do not sell your data to any third party, ever.
  • We do not share your documents or case data with other users or organizations.
  • We do not use your documents to train AI models.
  • We do not run behavioral advertising or sell advertising inventory.
  • We do not share data with data brokers or aggregators.

Infrastructure providers

We share data only with the infrastructure providers necessary to operate the service: Fly.io (hosting and compute, US), Cloudflare (CDN and R2 object storage, US), and Google (Gemini AI API, transient processing only). Each provider is contractually bound to handle your data in compliance with applicable privacy law. We do not engage any other sub-processors without updating this policy.

Cookies

CasePilot uses session cookies only — strictly necessary cookies that keep you logged in while you use the application. We do not use tracking cookies, advertising cookies, cross-site analytics cookies, or any persistent identifier tied to advertising networks. You may disable cookies in your browser, but doing so will prevent you from logging in.

Your rights

You may request deletion of your account and all associated data at any time by contacting us at privacy@casepilot.com. Deletion is permanent and includes all uploaded documents, extracted text, Q&A history, and account information. We will confirm deletion within 30 days.

You may also request a copy of the data we hold about you. We will provide it in a machine-readable format within 30 days of a verified request.

Contact

Privacy inquiries: privacy@casepilot.com. We respond to all privacy inquiries within 5 business days.

← CasePilotTerms of Service →