DPA & GDPR

Data Processing Agreement (DPA)

A Data Processing Agreement is available upon request for customers on paid plans. The DPA covers CaseProof's obligations as a data processor, subprocessor details, security commitments, and data subject rights.

To request a DPA, email info@thewaldrepcompany.com with your company name, account email, and subscription tier. DPA requests are typically fulfilled within 5 business days.

GDPR

• Role: CaseProof acts as a data processor for customer matter data. The customer (law firm or attorney) is the data controller.
• Legal basis: Processing is performed pursuant to the contract between CaseProof and the customer (Article 6(1)(b) GDPR).
• Data transfers: Data is stored in the United States. Transfers from the EU rely on Standard Contractual Clauses (SCCs) where required.
• Data subject requests: See below.

CCPA

• CaseProof does not sell personal information, as defined under the California Consumer Privacy Act.
• California residents have the right to know what personal data is collected, to request deletion, and to opt out of sale (which we do not conduct).

Data Subject Requests

Requests for data access, deletion, or portability can be submitted to info@thewaldrepcompany.com. Include your account email and the specific request type. Requests are handled within applicable legal timelines, typically within 30 days.

• Access: Receive a copy of the personal data we hold about you.
• Deletion: Request permanent deletion of your account and all associated data.
• Portability: Certain generated documents can be exported from the app as PDF or DOCX, and case audit logs can be downloaded as CSV. Broader portability requests are handled manually.