Agency data ownership
Customer case records, clients, evidence, notes, reports, and billing details remain the agency customer's data. CaseCore stores and processes them only to provide the service.
Trust center
CaseCore is designed for agencies that handle sensitive clients, case records, evidence, reports, billing, and field operations. SOC 2 certification is a formal audit milestone. CaseCore is designed around SOC 2-aligned controls, security documentation, recovery workflows, workspace separation, and clear security operations while that audit readiness work continues.
Protection standard
CaseCore's standard is to build the controls first: limit access, log important actions, preserve recovery options, prepare incident response, and keep sensitive agency records separated by workspace and role.
CaseCore is a software provider and does not claim ownership of customer case files. One agency's users cannot browse, use, or work another agency's client records through the platform.
Customer case records, clients, evidence, notes, reports, and billing details remain the agency customer's data. CaseCore stores and processes them only to provide the service.
Agency workspaces are separated so each team can only access the records tied to its own organization.
Workspace roles are checked before sensitive pages and records load, keeping protected areas limited to authorized users.
Contractors and case workers do not receive owner billing controls or agency margin visibility.
Evidence uploads include file details and verification records for stronger chain-of-custody documentation.
Evidence removal moves items into a recovery window instead of immediate destruction, with manager-controlled restore options.
Security, support, recovery, team, and management actions are logged for review and audit exports.
CaseCore includes workflows for opening, containing, resolving, and documenting security incident response drills.
Public forms and high-volume actions use usage limits, security protections, and platform safeguards to reduce abuse risk.
Audit readiness
CaseCore’s goal is to have the operating controls, logs, drills, and documentation already in place before formal SOC 2 fieldwork, so customers are protected now and the audit becomes confirmation of an existing security program.
Security
Access controls, audit logs, incident response, security protections, account lockdown, and usage limits are built into the product.
Availability
The app is operated with continuity practices, release rollback planning, and backup review as part of audit preparation.
Confidentiality
Case data, billing controls, evidence, team records, and client links are scoped by role, organization, and purpose.
Processing Integrity
Evidence details, timestamps, verification records, report activity, billing activity, and case events help agencies verify operational records.
Privacy
Privacy policy, terms acceptance, audit logs, deletion request routing, U.S./Canada scope, and sensitive-record handling are documented.
CaseCore includes recovery holds, restore workflow, security event logging, and manager recovery drills so data protection is operational, not just a policy statement.
Agencies can lock suspected compromised accounts, review audit history, preserve evidence, and document containment from the Security Center.
CaseCore is currently scoped for United States and Canada users unless country-specific legal, privacy, and data protection requirements are approved in writing.
Answer customer security questions with confidence.
CaseCore is being built and operated with SOC 2-aligned security controls: audit logging, recovery workflows, incident response records, access restrictions, billing privacy, and data protection practices designed to meet the expectations customers associate with professional software security.