DPA & GDPR

Data Processing Agreement (DPA)

A Data Processing Agreement is available upon request for Business and Enterprise customers. The DPA covers CaseProof's obligations as a data processor, subprocessor details, security commitments, and data subject rights.

To request a DPA, email legal@case-proof.com with your company name and subscription tier. DPA requests are typically fulfilled within 5 business days.

GDPR

• Role: CaseProof acts as a data processor for customer matter data. The customer (law firm or attorney) is the data controller.
• Legal basis: Processing is performed pursuant to the contract between CaseProof and the customer (Article 6(1)(b) GDPR).
• Data transfers: Data is stored in the United States. Transfers from the EU rely on Standard Contractual Clauses (SCCs) where required.
• Data subject requests: See below.

CCPA

• CaseProof does not sell personal information, as defined under the California Consumer Privacy Act.
• California residents have the right to know what personal data is collected, to request deletion, and to opt out of sale (which we do not conduct).

Data Subject Requests

Requests for data access, deletion, or portability can be submitted to support@case-proof.com. Include your account email and the specific request type. All requests are processed within 30 days.

• Access: Receive a copy of the personal data we hold about you.
• Deletion: Request permanent deletion of your account and all associated data.
• Portability: Export your matter data in standard formats (PDF, DOCX, JSON).