Privacy Policy
Last updated: April 1, 2026
Want to delete your account?
You can request permanent deletion of your account and all associated data at any time.
Request Account Deletion →We will confirm deletion within 5 business days and complete it within 30 days.
1. Introduction
Wixen Company LLC ("we," "us," or "our") operates CaseIntel, including the website at CaseIntel.io and the CaseIntel iOS mobile application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Service.
We understand the sensitive nature of legal documents and are committed to protecting your data with the highest standards of security and privacy.
2. Data Controller
Wixen Company LLC is the data controller responsible for your personal data.
West Chester, PA
legal@caseintel.io3. Information We Collect
Account Information
- Name and email address
- Firm name and business information
- Password (bcrypt-hashed; never stored in plain text)
- Apple ID subject identifier when you use Sign in with Apple (we do not store your Apple email unless you choose to share it)
- Billing and payment information (processed by Stripe; we never store card numbers)
Documents & Case Data
- Documents you upload or scan for processing
- Case information, metadata, deadlines, and timeline events
- AI-generated classifications, summaries, and chat history
- Emails sent to your case intake address and their attachments
Mobile App Permissions
The CaseIntel iOS app may request the following device permissions:
- Camera: Used only for document scanning within the app. Camera images are processed locally and, if you choose to upload, sent securely to our servers. We do not access your camera without your explicit action.
- Face ID / Touch ID (Biometrics): Used only to unlock the app locally on your device. Biometric data never leaves your device and is never transmitted to our servers.
- Push Notifications: Used to send deadline reminders and case updates. You can disable notifications at any time in iOS Settings.
Usage Information
- Log data (IP address, device type, operating system, pages/screens visited)
- Crash reports and performance diagnostics
- Analytics data (aggregated and anonymized)
4. How We Use Your Information
We use your information to:
- Provide and maintain the Service across web and mobile
- Process documents using OCR and AI classification
- Detect potential privilege and confidential information
- Generate timelines, summaries, and document bundles
- Enable the AI chat feature to answer questions about your cases
- Send deadline reminders and case-related push notifications
- Process payments and manage subscriptions
- Send service-related transactional emails (verification, magic links, password resets)
- Improve and optimize the Service
- Comply with legal obligations and maintain audit logs
5. Authentication Methods
CaseIntel supports the following sign-in methods:
- Email & Password: Passwords are hashed with bcrypt and never stored in plain text.
- Magic Link: A one-time sign-in link sent to your email, valid for 15 minutes. No password required.
- Sign in with Apple: We receive an Apple-issued identity token and your name (first sign-in only). We store your Apple subject identifier to recognize your account on future sign-ins. Your Apple private relay email (if used) is stored only to identify your account — we do not use it for marketing.
6. AI Processing & Data Privacy
🔒 AWS-Only AI Architecture
- No third-party AI providers: We use AWS Bedrock with Anthropic Claude exclusively
- Data never leaves AWS: All AI processing happens within secure AWS infrastructure
- Zero data retention by AI: Your documents are NOT used to train AI models
- Bar association compliant: Designed to meet ABA Model Rule 1.6 and ethics opinions
- Complete audit trail: Every AI operation is logged for compliance
Unlike other legal tech platforms that send your data to OpenAI, Google, or other third-party AI vendors, CaseIntel keeps 100% of your client data within the secure AWS environment.
7. Data Sharing
We do NOT sell your data.
We share your information only with:
- AWS: Hosting, storage (S3), database (RDS), and AI processing (Bedrock)
- Stripe: Payment processing (PCI-compliant)
- SendGrid: Transactional email delivery
- Apple: Identity token verification for Sign in with Apple
- Legal Requirements: When required by law, subpoena, or court order
- Business Transfers: In connection with a merger, acquisition, or sale of assets
- With Your Consent: When you explicitly authorize sharing (e.g., document bundle sharing)
8. Data Security
Encryption
- • AES-256 encryption at rest
- • TLS 1.3 encryption in transit
- • Encrypted database connections
Infrastructure
- • AWS SOC 2 certified infrastructure
- • Private VPC networking
- • Regular security audits
Access Control
- • Role-based access control (RBAC)
- • JWT authentication with token rotation
- • Biometric app lock (mobile)
Monitoring
- • Full audit logging
- • Intrusion detection
- • Rate limiting on all auth endpoints
9. Account Deletion & Your Rights
Account Deletion
You have the right to permanently delete your account and all associated data at any time. To request deletion:
- Email legal@caseintel.io with subject line "Account Deletion Request"
- Include the email address associated with your account
- We will confirm receipt within 5 business days and complete deletion within 30 days
Upon account deletion, the following is permanently removed:
- Your account, profile, and authentication credentials
- All cases, documents, timelines, deadlines, and AI chat history
- All data associated with your firm if you are the sole user
- Backup copies purged within 90 days
Note: Anonymized analytics data and records required for legal compliance (e.g., billing records) may be retained as required by law.
Additional Rights
You also have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Portability: Export your data in a machine-readable format
- Restriction: Limit how we process your data
- Objection: Object to certain processing activities
Contact legal@caseintel.io to exercise any of these rights.
10. Data Retention
We retain your data for as long as your account is active or as needed to provide the Service. See Section 9 for full account deletion details.
- Active account data retained for the duration of your subscription
- Magic link tokens expire after 15 minutes and are deleted on use
- Refresh tokens expire after 30 days and are automatically purged
- Anonymized analytics data may be retained indefinitely
- Legal hold requirements may extend retention of certain records
11. Cookies & Analytics
We use cookies and similar technologies for:
- Essential Cookies: Required for authentication and core functionality
- Analytics: To understand how users interact with our Service (aggregated data only)
- Preferences: To remember your settings and preferences
The mobile app uses device storage (Keychain) to securely store authentication tokens. No third-party advertising cookies are used.
12. Children's Privacy
The Service is intended for legal professionals and is not directed at individuals under 18. We do not knowingly collect personal information from minors. If we become aware of such collection, we will delete it immediately.
13. International Transfers
Your data is stored and processed in the United States on AWS infrastructure. By using the Service, you consent to this transfer. We ensure appropriate safeguards are in place for any international data transfers.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Your continued use after changes constitutes acceptance of the updated policy.
15. Contact Us
For privacy-related questions, data requests, or to exercise your rights: