1. Information We Collect
We collect the following personal information:
- Account information: Full name and email address when you create an account.
- Documents you upload: PDFs, images, and text documents you provide for case note generation and reading summaries.
- Generated content: Case notes, reading summaries, and problem question analyses you choose to save.
- Payment information: Processed securely by Stripe. We do not store your card details directly.
- Usage data: Monthly generation counts and feature usage for quota enforcement.
2. How We Use Your Information
- To provide and improve the CaseBriefer service.
- To process your uploaded documents through AI providers (Anthropic and OpenAI) for generating case notes and summaries.
- To manage your subscription and billing.
- To enforce usage quotas and prevent abuse.
- To send transactional emails (account verification, billing notifications).
3. Third-Party Services
We use the following third-party services to operate CaseBriefer:
- Supabase: Database and authentication. Your account data and saved content are stored in Supabase's secure cloud infrastructure.
- Stripe: Payment processing. Stripe handles all payment card data in compliance with PCI DSS standards.
- Anthropic (Claude) and OpenAI: AI document analysis. Your uploaded documents are sent to these providers to generate case notes and summaries. These providers process data according to their respective privacy policies.
- Vercel: Hosting and deployment.
4. Data Retention
Your saved case notes and reading summaries are retained until you delete them or delete your account. Uploaded documents are processed in memory and are not stored permanently after generation completes. Account data is retained for the duration of your account.
5. Data Deletion
You can delete your account at any time through the Settings page. This permanently removes all your personal data, saved case notes, reading summaries, and folder organisation. Your Stripe subscription will also be cancelled.
6. Data Security
We use industry-standard security measures to protect your data, including encrypted connections (HTTPS/TLS), secure authentication via Supabase, and row-level security policies ensuring you can only access your own data.
7. Your Rights Under Australian Privacy Law
Under the Australian Privacy Act 1988, you have the right to:
- Access the personal information we hold about you.
- Request correction of inaccurate information.
- Request deletion of your personal information (via account deletion).
- Complain to the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached.
8. Cookies
We use essential cookies for authentication and session management. We do not use advertising or tracking cookies.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notice.