Privacy Policy
Last updated: June 1, 2026
This Privacy Policy explains how CaseFlow AI (“CaseFlow,” “we,” “us,” or “our”) collects, uses, discloses, and protects information when law firms and their teams (“Customers”) use our intake and case-management platform, and when personal injury leads and clients interact with our public site, demo forms, or a Customer's intake process (the “Service”). It also explains the choices available to you.
1. Information We Collect
Account and firm information: names, work emails, phone numbers, firm name, role, and login credentials for users your firm invites to the Service.
Lead and case data: information submitted through public demo or contact forms, or entered by firm staff during intake, such as a claimant's name, contact details, accident details, case type, injuries described, insurance information, documents, notes, and communication history (calls and SMS).
Usage and device data: log data, IP address, browser type, pages viewed, and actions taken within the Service, collected automatically to operate and secure the platform.
2. How We Use Information
We use collected information to: provide, operate, and maintain the Service; authenticate users and enforce role-based access; respond to demo requests and support inquiries; generate AI-assisted summaries, scoring, and drafted messages requested by Customer staff; monitor, secure, and improve the Service; and comply with legal obligations.
We do not use lead or case data submitted through a Customer's intake process to train models shared across other Customers, and we do not sell personal data.
3. How We Share Information
We share information with: subprocessors who help us host infrastructure, send communications, or provide analytics, under confidentiality obligations no less protective than this policy; the Customer law firm that collected the lead or case data, since that firm controls the intake relationship; and law enforcement or regulators when required by valid legal process.
We do not share Customer Data across organizations. Each firm's tenant data is logically isolated and accessible only to that firm's authorized users and to CaseFlow personnel who require access to operate the Service.
4. Personal Injury Lead and Client Data
Information about accident victims and clients is submitted to the Service by the law firm handling their matter, or directly by the individual through a firm's public intake channels. This data may include sensitive details about injuries, medical treatment, and insurance. It is processed on behalf of, and at the direction of, the firm as the data controller for that relationship. Individuals with questions about their own case data should contact the law firm handling their matter directly.
5. Cookies and Tracking Technologies
Our public marketing site uses essential cookies to remember preferences, such as your selected language, and may use analytics cookies to understand aggregate site usage. You can control cookies through your browser settings; disabling essential cookies may affect site functionality.
6. Data Security
We use administrative, technical, and physical safeguards designed to protect information against unauthorized access, alteration, disclosure, or destruction, including encryption in transit, role-based access controls, and audit logging of key actions. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
7. Data Retention
We retain Customer Data for as long as a Customer's subscription is active and for a reasonable period afterward to allow for export, unless a shorter or longer period is required or permitted by law or a Customer's instructions. Demo and contact form submissions are retained for as long as reasonably needed to respond and to maintain business records.
8. Your Privacy Rights
Depending on your location, you may have rights to request access to, correction of, deletion of, or a copy of your personal information, and to object to or restrict certain processing. If your data was submitted through a law firm's intake process, please contact that firm directly, as they control that data. For questions about data CaseFlow controls directly (such as demo requests or marketing site inquiries), contact us using the details below.
9. International Data Transfers
The Service is hosted in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States, which may have data protection laws different from those in your jurisdiction.
10. Children's Privacy
The Service is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can take appropriate action.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Material changes will be communicated to Customer account administrators and reflected by an updated “Last updated” date above.
12. Contact Us
For privacy questions or requests, contact us at privacy@caseflow.ai or by mail to CaseFlow AI, 100 Market Street, Suite 400, San Francisco, CA 94105.