Trust center

Security built for investigation work.

CaseCore is designed for agencies that handle sensitive clients, case records, evidence, reports, billing, and field operations. SOC 2 certification is a formal audit milestone. CaseCore is designed around SOC 2-aligned controls, security documentation, recovery workflows, workspace separation, and clear security operations while that audit readiness work continues.

Protection standard

Built to protect agencies while audit readiness continues.

CaseCore's standard is to build the controls first: limit access, log important actions, preserve recovery options, prepare incident response, and keep sensitive agency records separated by workspace and role.

CaseCore is a software provider and does not claim ownership of customer case files. One agency's users cannot browse, use, or work another agency's client records through the platform.

Agency data ownership

Customer case records, clients, evidence, notes, reports, and billing details remain the agency customer's data. CaseCore stores and processes them only to provide the service.

Workspace separation

Agency workspaces are separated so each team can only access the records tied to its own organization.

Role-based access

Workspace roles are checked before sensitive pages and records load, keeping protected areas limited to authorized users.

Billing privacy

Contractors and case workers do not receive owner billing controls or agency margin visibility.

Evidence protection

Evidence uploads include file details and verification records for stronger chain-of-custody documentation.

Recovery holds

Evidence removal moves items into a recovery window instead of immediate destruction, with manager-controlled restore options.

Audit events

Security, support, recovery, team, and management actions are logged for review and audit exports.

Incident response

CaseCore includes workflows for opening, containing, resolving, and documenting security incident response drills.

Abuse protection

Public forms and high-volume actions use usage limits, security protections, and platform safeguards to reduce abuse risk.

Audit readiness

Controls are being built before the audit.

CaseCore’s goal is to have the operating controls, logs, drills, and documentation already in place before formal SOC 2 fieldwork, so customers are protected now and the audit becomes confirmation of an existing security program.

Security

Access controls, audit logs, incident response, security protections, account lockdown, and usage limits are built into the product.

Availability

The app is operated with continuity practices, release rollback planning, and backup review as part of audit preparation.

Confidentiality

Case data, billing controls, evidence, team records, and client links are scoped by role, organization, and purpose.

Processing Integrity

Evidence details, timestamps, verification records, report activity, billing activity, and case events help agencies verify operational records.

Privacy

Privacy policy, terms acceptance, audit logs, deletion request routing, U.S./Canada scope, and sensitive-record handling are documented.

Data recovery

CaseCore includes recovery holds, restore workflow, security event logging, and manager recovery drills so data protection is operational, not just a policy statement.

Incident response

Agencies can lock suspected compromised accounts, review audit history, preserve evidence, and document containment from the Security Center.

Responsible scope

CaseCore is currently scoped for United States and Canada users unless country-specific legal, privacy, and data protection requirements are approved in writing.

Answer customer security questions with confidence.

Share a clear security summary.

CaseCore is being built and operated with SOC 2-aligned security controls: audit logging, recovery workflows, incident response records, access restrictions, billing privacy, and data protection practices designed to meet the expectations customers associate with professional software security.