CaseLedgerSign in

Privacy Policy

Last updated: March 27, 2026

CaseLedger ("we", "us", "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our case management platform.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and role (lawyer or client). We use passwordless authentication, so we do not store passwords.

Case Data

You may upload documents, create timeline events, and add information about people involved in your cases. This data is stored securely and is only accessible to you and the people you explicitly authorize.

Usage Data

We collect minimal usage data such as login timestamps and device trust tokens to maintain security and improve the service.

2. How We Use Your Information

We use your information exclusively to:

  • Provide and maintain the CaseLedger platform
  • Authenticate your identity securely
  • Send verification codes for login
  • Respond to your support requests
  • Comply with legal obligations

We do not sell, rent, or share your personal information with third parties for marketing purposes. Ever.

3. Data Storage and Security

Canadian Data Residency

All data is stored in Canadian data centers located in Montreal, Quebec. Your information never leaves Canada. This ensures compliance with Quebec's Law 25 and federal PIPEDA requirements without the need for cross-border data transfer assessments.

Encryption

  • In transit: All data is encrypted using TLS 1.3 during transmission.
  • At rest: All data is encrypted using AES-256 encryption at rest.
  • Documents: Uploaded files are stored in isolated, encrypted storage buckets.

Access Controls

We use row-level security (RLS) at the database level to ensure complete isolation between accounts. It is technically impossible for one user to access another user's data through our application.

Zero-Access Architecture

CaseLedger employees cannot access your case files, documents, or notes. Our systems are designed so that your data remains private to you and the people you authorize.

4. Solicitor-Client Privilege

We recognize that information stored in CaseLedger may be subject to solicitor-client privilege. We have designed our platform to protect this privilege:

  • We will never voluntarily disclose your data to third parties
  • We will challenge any legal request for disclosure to the fullest extent permitted by law
  • We will notify you of any legal request for your data unless prohibited by law from doing so
  • We maintain audit logs of all access to support privilege claims

5. Data Retention

Your data is retained for as long as your account is active. When you delete a case, the case and its events are removed, but documents and people records are preserved in your vault unless you explicitly delete them. You may export all your data at any time.

6. Your Rights

Under Quebec's Law 25 and PIPEDA, you have the right to:

  • Access your personal information
  • Request correction of inaccurate information
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent for data processing
  • File a complaint with the Commission d'accès à l'information du Québec (CAI)

To exercise any of these rights, contact us at privacy@caseledger.ca.

7. Cookies and Tracking

CaseLedger uses only essential cookies required for authentication and security (session tokens, device trust tokens). We do not use tracking cookies, analytics cookies, or any third-party advertising cookies.

8. Third-Party Services

We use the following third-party services to operate CaseLedger, all hosted in Canada:

  • Supabase: Database and file storage (Canadian data center)
  • Resend: Transactional email delivery (verification codes only)

We do not share your case data with any of these providers beyond what is technically necessary to operate the service.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or by posting a notice on the platform. Your continued use of CaseLedger after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, contact our Privacy Officer:

Email: privacy@caseledger.ca