CE
CaseEye
Pricing
Sign In Get Started
Legal

Privacy Policy

Last updated: June 2026  ·  Applies to: caseeye.app

⚠ Draft placeholder text. This is draft placeholder content and should be reviewed by a qualified legal professional before launch. It does not constitute legal advice.

1. Introduction

CaseEye ("we", "us", or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share information about you when you use the CaseEye service ("Service").

This policy is written in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We act as the data controller for personal data processed through the Service.

2. Data We Collect

We collect and process the following categories of personal data:

User Account Data

  • Full name and email address provided on registration
  • Encrypted password (we never store passwords in plain text)
  • Account creation date and login timestamps
  • Subscription plan and billing status

Case Data

  • Case titles, descriptions, categories, locations, and status information you create within the Service
  • Case notes, task lists, appointment records, and status updates
  • Audit log entries recording changes made to cases
  • Contact records (names, phone numbers, email addresses, roles) associated with your cases

Uploaded Evidence Files

  • Files you upload as evidence, including images, videos, audio recordings, PDFs, and documents
  • Metadata associated with uploaded files (filename, file type, upload date, evidence title, and notes)

Contact and Support Messages

  • Your name, email address, and the content of any messages you send via the contact form or support channels
  • Correspondence we exchange with you in response to support requests

Payment Data

  • When payment functionality is enabled, payments will be processed securely by Stripe. We will not store your payment card details on our servers
  • We may receive and retain limited transaction information from Stripe, such as the last four digits of your card, billing country, and transaction IDs, for record-keeping purposes
  • Stripe's own privacy policy applies to data processed by their systems. Please review it at stripe.com/privacy

Technical and Usage Data

  • IP address and browser type at login, for security and fraud prevention
  • Session tokens stored in cookies to maintain your login state

3. How We Use Your Data

We use your personal data for the following purposes:

  • To create and manage your account and provide access to the Service
  • To store and display the case data, evidence, and records you create
  • To send transactional emails (account notifications, support responses)
  • To process subscription payments and manage billing
  • To maintain security, detect fraud, and prevent unauthorised access
  • To comply with legal obligations
  • To improve the Service based on aggregated, anonymised usage patterns (no individual profiling)

4. Legal Basis for Processing

Under UK GDPR, we process your data on the following legal bases:

  • Contract performance — to provide the Service you signed up for
  • Legitimate interests — to ensure security, prevent fraud, and improve the Service
  • Legal obligation — where required to comply with applicable law
  • Consent — for any non-essential cookies or communications where consent is required

5. Data Sharing

We do not sell your personal data. We do not share your data with third parties for marketing purposes. We may share limited data with:

  • Stripe — for processing payments when subscription billing is active
  • Email service providers — to send transactional and notification emails
  • Hosting and infrastructure providers — who process data on our behalf under data processing agreements
  • Law enforcement or regulatory authorities — where required by applicable law or a valid legal request

All third-party processors are contractually bound to process data only as instructed and in accordance with applicable data protection law.

6. Data Retention

We retain your personal data for as long as your account is active and as necessary to provide the Service. Specifically:

  • Account and case data is retained for the duration of your account
  • On account deletion, we will delete your personal data within 30 days, subject to any legal retention obligations
  • Backup copies may persist for up to 90 days following deletion before being fully purged
  • Support correspondence may be retained for up to 2 years for quality and compliance purposes

7. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

💾 Right to Access

Request a copy of the personal data we hold about you.

✎ Right to Rectification

Ask us to correct inaccurate or incomplete data.

🗑 Right to Erasure

Request deletion of your personal data (right to be forgotten).

🔄 Right to Portability

Request your data in a structured, machine-readable format.

🚫 Right to Object

Object to processing based on legitimate interests.

🔒 Right to Restrict

Ask us to restrict processing in certain circumstances.

To exercise any of these rights, or to request a data export or account deletion, please use the Contact page or your account settings. We will respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

8. Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • All data transmitted between your browser and our servers is encrypted using TLS (HTTPS)
  • Passwords are hashed using a strong one-way algorithm before storage
  • Access to case data is restricted to the account owner — no user can access another user's data
  • Evidence file access is authenticated and ownership-checked on every request
  • Regular automated backups are maintained to prevent data loss

No method of transmission or storage is completely secure. In the event of a data breach that is likely to affect your rights and freedoms, we will notify you and the relevant authorities as required by law.

9. Cookies

We use cookies to maintain your login session and provide essential functionality. For full details of the cookies we use, please see our Cookie Policy.

10. Children

The Service is not directed at children under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data about a child, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a notice within the Service. The updated policy will take effect from the date shown at the top of this page.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us via the Contact page.

CE
CaseEye
Features Pricing Terms Privacy Cookies

© 2026 CaseEye. Professional case management.