Privacy Policy

Privacy Policy – CaseNote

CaseNote (“CaseNote”, “we”, “us”, or “our”) is committed to protecting your privacy and ensuring that all personal information you provide is handled securely and in compliance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the General Data Protection Regulation (GDPR), where applicable.

This Privacy Policy sets out how we collect, use, disclose, retain, and protect your personal information.

1. Our Commitment to Privacy

CaseNote is designed with privacy and confidentiality as core principles. Information you provide to CaseNote is protected through industry-standard security measures.

We confirm the following:

  • Your data is not used to train AI models.
  • Your data is not shared with third parties, except for secure service providers essential to platform operation.
  • Your documents and research inputs (“Client Data”) are stored securely and accessible only through authenticated login.

2. Your Privacy Rights

2.1 Right to Be Informed

You will be notified when personal information is collected and the purposes for which it will be used.

2.2 Right to Anonymity or Pseudonymity

Where lawful and practical, you may use our services anonymously or under a pseudonym.

2.3 Right to Access

You may request access to personal information held by CaseNote. Requests will be responded to within 30 days.

2.4 Right to Data Security

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access or disclosure.

2.5 Right to Erasure

You may delete or deactivate your account at any time, which will result in the permanent removal of your personal information and Client Data.

2.6 Right to Complaint

You may complain with us or with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy rights have been breached.

2.7 GDPR Rights (EU/UK Users)

Where applicable, you may also exercise:

  • Right to Restrict Processing
  • Right to Object to Processing
  • Right not to be subject to automated decision-making without human involvement

3. Information We Collect

We collect personal information that you voluntarily provide, including:

  • Name
  • Email address
  • Phone number
  • Organisation or firm details
  • Account credentials

We may also collect technical information, such as device details, IP address, and usage statistics, to maintain security and improve platform performance.

4. Information We Do Not Collect

CaseNote does not request or intentionally collect sensitive information such as:

  • Racial or ethnic origin
  • Political or religious beliefs
  • Sexual orientation or practices
  • Union or professional association memberships
  • Criminal history
  • Health information
  • Genetic or biometric data

If you encounter any request for such information, please notify us immediately.

5. Unsolicited Personal Information

If CaseNote receives personal information that we did not request, we will determine whether we are legally permitted to retain it. If not, the information will be securely destroyed or de-identified as soon as practicable.

6. How We Use Personal Information

We use the information you provide for the following purposes:

  • Creating and managing your CaseNote account
  • Providing AI-powered legal research and drafting services
  • Delivering support and responding to enquiries
  • Maintaining security, performance, and functionality
  • Improving our services and user experience

Client Data (Documents, Queries, Inputs)

Client Data is processed solely for the purpose of providing CaseNote’s features.

It is not used to train or improve AI models, is not shared with external parties (other than secure hosting providers), and is accessible only via secure login credentials.

7. Direct Marketing

We may send service updates or optional marketing communications where you have provided consent.

You may unsubscribe at any time. We do not sell or share personal information with third-party advertisers.

8. Disclosure of Personal Information

We do not sell, rent, or trade personal information. Personal information may be disclosed only to:

  • Secure cloud hosting providers
  • Identity authentication and infrastructure providers
  • Professional advisors (e.g., legal or accounting services)

All third parties are contractually required to maintain confidentiality and data security. Client Data is never disclosed to external parties except for secure hosting providers.

9. Overseas Disclosure

Some service providers may be located outside Australia, including in the United States or Europe.

We take reasonable steps to ensure that overseas recipients comply with privacy protections consistent with the APPs, GDPR, or other relevant laws.

10. Data Retention and Deletion

10.1 Retention

Personal information is retained only as long as necessary to provide CaseNote’s services or comply with legal obligations.

10.2 Account Deletion

When an account is deleted or deactivated:

  • Personal information is permanently removed
  • Client Data is erased from active systems
  • Backups are purged according to secure deletion schedules

Users may request earlier deletion of their data at any time.

11. Security Measures

We implement reasonable safeguards to protect personal information, including:

  • Encryption in transit and at rest
  • Secure authentication procedures
  • Access controls and logging
  • Firewalls and intrusion monitoring
  • Regular security assessments

While we take all reasonable precautions, no system is entirely immune from risk.

12. Access and Correction

You may request:

  • Access to personal information held by CaseNote
  • Correction of inaccurate or incomplete information

Requests will be addressed within 30 days, subject to legal requirements.

13. Children’s Privacy

CaseNote is not intended for individuals under 18 years of age. We do not knowingly collect personal information from individuals under the age of 18.

14. Third-Party Links

Our website or platform may contain links to external websites. CaseNote is not responsible for the privacy practices or content of external sites. We recommend reviewing the privacy policies of third-party websites before providing personal information.

15. Contact Us

For questions, concerns, or complaints regarding this Privacy Policy or how your information is handled, please contact:

Data Protection Officer – CaseNote

Email: [email protected]

Address: Dudley Street West Melbourne Victoria

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner at www.oaic.gov.au.