Privacy Policy

This Privacy Policy describes how CaseReply AI ("CaseReply," "we," "us," or "our") collects, uses, shares, and protects information when you use our website, sign up for our service, or when callers interact with the AI receptionist we provide to law firms. We take privacy seriously — the calls we handle often contain sensitive legal information.

1. Who This Policy Applies To

This policy applies to two groups:

• Customers — law firms and attorneys who subscribe to CaseReply and configure the service.
• Callers — individuals who phone a law firm whose calls are answered by the CaseReply AI receptionist.

For caller data, the subscribing law firm is the "controller" of the information, and CaseReply acts as a "processor" or service provider on the firm's behalf. We process caller data only as needed to provide the service to that firm.

2. Information We Collect

From Customers (Law Firms)

• Account information: firm name, attorney names, contact email and phone, billing details, and the credentials used to log into the service.
• Configuration information: intake questions, practice areas, scheduling preferences, calendar connections, attorney routing rules, and other firm-specific settings.
• Payment information: processed by our third-party payment processor; we do not store full card numbers on our own systems.
• Usage data: logs of how customers interact with the service, including login activity, configuration changes, and feature usage.

From Callers

• Call audio: the audio of incoming calls, including the caller's voice and the AI's responses.
• Call transcripts: text transcriptions generated from call audio.
• Intake content: information the caller shares during intake — name, phone number, email, case facts, dates, parties involved, injury or matter details, and any other information the caller provides in response to questions configured by the firm.
• Call metadata: phone number, date and time of call, duration, originating carrier, and similar telephony data.
• Booking data: scheduled appointment time and the calendar to which the booking was added.

From Website Visitors

• Standard web analytics data including IP address, browser type, pages visited, referring source, and approximate location derived from IP.
• Information you voluntarily submit through email or contact forms.

3. Call Recording Disclosure

Because the service records and transcribes phone calls, the AI receptionist plays an automated disclosure at the start of relevant calls indicating that the call may be recorded and/or that the caller is speaking with an AI assistant. Customers are responsible for ensuring this disclosure satisfies the recording-consent laws of the caller's and the firm's jurisdiction (including two-party-consent states).

If a caller does not consent to recording, the firm should configure the service to either route the call to a live person or end the call gracefully without recording. Customers are responsible for selecting an appropriate configuration.

4. How We Use Information

• To provide the receptionist, intake, summarization, and booking services to the subscribing law firm;
• To deliver intake reports, summaries, and notifications to the firm by email, SMS, or in-product display;
• To bill customers and process payments;
• To monitor service quality, debug technical issues, and improve reliability;
• To prevent fraud, abuse, and security incidents;
• To comply with applicable law, court orders, and lawful requests from authorities.

We do not use caller content (call audio, transcripts, or intake information) to train general-purpose AI models, and we do not sell caller data.

5. How We Share Information

We share information only as needed to operate the service:

• With the subscribing law firm: caller intake summaries, transcripts, and recordings are delivered to the firm that received the call.
• With service providers (subprocessors): telephony carriers, cloud hosting providers, speech-to-text providers, large-language-model providers, email/SMS delivery services, calendar APIs, payment processors, and analytics vendors. These providers process data on our behalf and are bound by confidentiality and security obligations.
• For legal compliance: if required by law, court order, subpoena, or to protect rights, property, or safety.
• In a business transfer: if CaseReply is involved in a merger, acquisition, or sale of assets, information may be transferred to the successor entity, subject to this policy.

We do not sell personal information. We do not share caller content with third parties for advertising or marketing purposes.

6. Data Retention

We retain customer account and configuration data for as long as the customer maintains an active account, and for a reasonable period thereafter for billing, audit, and legal purposes.

Caller data — including audio, transcripts, and intake records — is retained per the configuration of the subscribing firm and, by default, for the duration of the firm's subscription plus a short reasonable period to support customer access. Customers may request earlier deletion of specific call records by contacting us at casereplyai@gmail.com.

We may retain de-identified or aggregated metadata for longer periods for analytics, security, and service-improvement purposes.

7. Security

We implement administrative, technical, and physical safeguards designed to protect the information we process, including encryption in transit, encryption at rest for stored call recordings and transcripts, access controls limiting employee access on a need-to-know basis, vendor security review for subprocessors, and logging and monitoring of access to sensitive data.

No system is perfectly secure. We cannot guarantee absolute security. If we become aware of a breach affecting your information, we will notify affected customers as required by applicable law.

8. Cookies and Tracking

Our website uses a small number of cookies and similar technologies to remember preferences, secure sessions, and collect aggregate analytics about how the site is used. You can control cookies through your browser settings; disabling cookies may affect functionality.

9. Third-Party Services

CaseReply integrates with third-party services to deliver the product, including telephony providers, speech-to-text and language-model providers, calendar systems (e.g., Google Calendar, Outlook), email delivery, SMS delivery, payment processing, and web analytics. Each of these providers has its own privacy practices, which we evaluate before engagement.

A current list of major subprocessors is available on request at casereplyai@gmail.com.

10. TCPA and Communications Compliance

CaseReply sends SMS notifications and intake summaries to numbers designated by the subscribing firm. By providing a phone number for notification, the firm represents that it has obtained any consent required under the Telephone Consumer Protection Act (TCPA) and similar laws for those communications.

For caller-facing communications, the firm is responsible for ensuring that any follow-up SMS or call placed using CaseReply has the consents required by applicable law. Standard message and data rates may apply to recipients.

11. Your Rights

Depending on where you live, you may have rights regarding personal information about you, including:

• The right to access the personal information we hold about you;
• The right to request correction of inaccurate information;
• The right to request deletion of your personal information;
• The right to opt out of certain uses, including the sale or sharing of personal information (we do not sell personal information);
• The right to lodge a complaint with a data protection authority.

For caller data, requests should generally be directed first to the law firm that received the call, since that firm is the controller of the data. CaseReply will assist firms in responding to caller requests as required.

To exercise rights regarding information we hold as a controller (for example, customer account data or website visitor data), email us at casereplyai@gmail.com.

12. Children's Privacy

CaseReply is not directed to children under 13 and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

13. International Users

CaseReply is operated from the United States. If you access the service from outside the United States, you understand that your information may be transferred to, stored in, and processed in the United States and other jurisdictions where our service providers operate. We rely on appropriate safeguards for international transfers where required by law.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date above reflects the latest version. Material changes will be communicated through the service, by email, or by a notice on this page. Your continued use of the service after the effective date constitutes acceptance of the updated policy.

15. Contact

Questions, requests, or concerns about this policy? Contact us at casereplyai@gmail.com.