Privacy Policy

CaseCore is a case management and investigative operations platform for private investigation agencies. This Privacy Policy explains how CaseCore collects, uses, stores, and protects information submitted through the platform.

We may collect account information, agency profile information, staff and contractor access records, billing-related identifiers, case records, notes, forms, evidence metadata, uploaded files, scheduling information, client invite information, agency license details, OSINT workspace records, saved source URLs, entity records, relationship notes, timeline findings, AI prompts, AI outputs, AI usage records, technical logs, security events, audit activity, and support communications.

Agencies are responsible for the information they choose to enter into CaseCore, including personal information, client information, investigative records, and evidence files.

Information is used to provide the CaseCore service, authenticate users, operate multi-tenant agency workspaces, process subscriptions, generate reports and forms, support client case access, enforce roles and assigned-case restrictions, maintain security, support licensed-investigator workspace controls, troubleshoot issues, investigate abuse, and improve the product.

CaseCore may store agency or investigator license numbers, state or jurisdiction information, and related agency settings so the workspace is positioned for authorized investigative use. Agencies remain responsible for confirming license status and legal authority before using CaseCore for real work.

OSINT workspace records are agency-entered case records. CaseCore stores the entities, notes, saved links, source descriptions, relationships, and timeline findings users choose to add, but CaseCore does not use those records to make investigative conclusions or determine whether a person is responsible for conduct.

CaseCore is designed around tenant isolation, authenticated access, server-side controls, assigned-case restrictions, role-based access, signed storage links, and Supabase Row Level Security. Agencies should still limit access to authorized users, use strong passwords, enable MFA where available, review staff and contractor access, and avoid uploading information they are not legally permitted to store.

No internet service can guarantee perfect security. Agencies should promptly report suspected unauthorized access, exposed invite links, compromised credentials, or other security concerns using the contact information below.

CaseCore may use trusted providers for authentication, database hosting, storage, payment processing, email delivery, deployment, analytics, AI-assisted processing, and operational support. These providers are used only as needed to operate the service.

When an agency uses CaseCore AI, the content submitted to the AI feature may be sent to a trusted AI provider to generate the requested draft, summary, review, or form assistance. Agencies should avoid submitting information they are not authorized to process and should review AI output before using it in case work or client-facing materials.

Agencies may generate read-only client invite links. Agencies are responsible for sending those links only to authorized recipients and revoking access when appropriate. Agencies are also responsible for assigning staff and contractors only to cases they are authorized to access.

Case information, evidence, reports, forms, account records, audit records, and billing-related records may remain stored while an agency account is active or as needed for legal, security, backup, billing, dispute, abuse prevention, and operational purposes.

Privacy questions, data requests, or security concerns may be sent through the contact information listed below.