Privacy Policy

Information we collect

• Account data: name, email, phone number, and authentication credentials.
• Evidence content you choose to upload (photos, video, audio, documents) and associated metadata (timestamps, device, hash).
• Recipient contact information you enter when creating a secure share link (phone number and email of the named recipient).
• Diagnostic and security logs (IP address, device identifiers, access events).
• Kid Calendar entries you choose to record (custody schedule type, verbal-agreement percentages, attempted-pickup log notes).

How we use information

• To operate the app and deliver the features you request.
• To send transactional SMS and email you have opted into (verification codes, share-link access codes, security alerts).
• To send promotional SMS and email (product updates, tips, and feature announcements) — but only to users who give a separate, explicit marketing opt-in, never on the basis of the transactional opt-in alone. You can withdraw marketing consent at any time by replying STOP, without affecting transactional security messages. We do not run in-app advertising or show third-party ads.
• To verify recipient identity using both phone and email before sealed materials decrypt.
• To meet legal, tax, and regulatory obligations.

AI parsing is opt-in (per-capture and per-document)

CaseGuardian does not send your captures, documents, or Kid Calendar entries to any AI service unless you explicitly turn on the “Parse with AI” toggle for that specific item. The toggle is off by default on every capture and every document. You can change your mind at any time before sealing — review the package first, untoggle, and the item stays on-device only.

When the toggle is on, CaseGuardian first runs an on-device personally identifying information (PII) pass that redacts your name, phone number, email, mailing address, payment information, and the names of people in your life from the document before any of it leaves the device. The redacted item (and only that item) is then sent over an encrypted connection to our AI sub-processor, Anthropic, for the limited purpose of extracting the structured data you asked for (e.g. parsing dates out of a court order, summarizing an audio note). Anthropic is contractually prohibited from training on or retaining your content. Outputs are stored in your account alongside the original, on-device, full-fidelity capture.

How we harden the AI pipeline. To protect you from documents that try to trick the model, every AI request is wrapped in safety instructions that tell the model to treat the contents of your image or PDF as data, not commands — so a court order or screenshot containing hidden text such as “ignore previous instructions” cannot hijack the parser. We enforce an 8 MB input ceiling so oversized files are rejected before they ever leave your device, and every output field (dates, amounts, notes, extracted text) is clamped to a safe maximum length so a misbehaving response cannot bloat your storage or the UI. If a parsing error is logged for diagnostics, the document contents and any extracted personal information are stripped from the log first. You can read the full explanation on our verification & trust page.

AI output is informational only. It is not legal advice and may contain errors; always confirm with your attorney before relying on it.

Bitcoin anchoring of evidence

When you save a capture, CaseGuardian creates a 32-byte SHA-256 hash (cryptographic fingerprint) of the file on your device and forwards only that hash through CaseGuardian’s servers to the public OpenTimestamps calendar network. The OpenTimestamps calendars sign the hash immediately and aggregate it into the Bitcoin blockchain at the next public block (typically within one to three hours).

Your file, filename, case, identity, and IP address are never sent to the calendar operators. The hash is relayed through CaseGuardian’s own servers, so calendar operators see our server’s IP, never yours. The hash itself is a one-way fingerprint — it cannot be reversed into your photo, video, audio, or document, and it reveals nothing about the underlying content.

We retain the returned receipt in your account so you (or anyone you share a verification link with) can later prove the capture existed exactly as recorded, on the exact date and time recorded.

You are not buying, holding, or transacting in Bitcoin. The blockchain is used solely as a public, tamper-proof ledger of fingerprints. There is no wallet, no purchase, no transaction fee, and no cryptocurrency activity by you. CaseGuardian L.L.C. is not registered as a money service business and does not engage in cryptocurrency activity on your behalf or its own.

Review before sealing

Every sealed package — share links, attorney packages, and Kid Calendar exports — is shown to you in a full review screen before anything leaves your device. You can remove items, edit captions, or cancel the seal entirely. Nothing is uploaded or transmitted until you explicitly confirm the seal.

Biometric protection of destructive actions

Account deletion, profile deletion, and certain other destructive actions are gated behind your device’s biometric authentication (Face ID, Touch ID, or Android biometric prompt) where available, with a passcode fallback. We do not see or store your biometric data — verification happens entirely on your device using the operating system’s secure enclave.

Sharing & third-party processors

We do not sell, rent, or share personal information, phone numbers, opt-in data, or consent records with third parties or affiliates for their marketing, and we do not use your data for targeted advertising. Any promotional messages you receive come directly from CaseGuardian and only after you opt in to marketing; we never hand your number to anyone else to market to you. We use vetted sub-processors under written agreements that prohibit secondary use:

• Sent.dm — SMS verification and share-link delivery (recipient phone number, message body).
• Supabase — encrypted application database, authentication, and storage of evidence packages.
• Apple App Store / Google Play — in-app purchase and subscription billing.
• RevenueCat — subscription entitlement and receipt validation.
• Anthropic — AI parsing of items you specifically opt in for; the contract prohibits training on or retaining your content, and on-device PII redaction runs before any item is transmitted.
• OpenTimestamps calendar network — receives the cryptographic hash (fingerprint) of evidence items for Bitcoin anchoring; receives no file contents, filenames, identities, or IP addresses traceable to you.
• Google Drive / Dropbox — only if you choose to connect a backup destination; we never access these accounts without your explicit authorization.
• Cloud infrastructure for hosting (e.g. AWS regions used by Supabase).

We may also disclose information when required by law, valid legal process, or to protect the rights, safety, or property of users or the public.

Stripe will be added as a sub-processor when CaseGuardian launches direct web subscriptions for law firms. We will update this policy and notify users before that change takes effect.

Apple App Store & Google Play disclosures

When you subscribe inside CaseGuardian, payment is processed by Apple (iOS) or Google (Android) — not by us. We never see your card number, CVV, or full billing address. We receive only the receipt and entitlement status from Apple / Google (via RevenueCat) needed to grant or revoke access.

Data linked to your identity that we collect: email, phone (optional), authentication tokens, your evidence content, sealed-share recipient contact info, Kid Calendar entries, and purchase history. Data not linked to identity: aggregate diagnostics and crash logs.

We do not use the iOS Advertising Identifier (IDFA), Google Advertising ID, fingerprinting, or any cross-app tracking SDKs (no Facebook SDK, no AppsFlyer, no Branch, no analytics SDK that builds advertising profiles). Because we do not track you across apps and websites owned by other companies, no App Tracking Transparency prompt is shown.

You can manage, pause, or cancel subscriptions any time in Settings → [your name] → Subscriptions on iOS, or Play Store → Profile → Payments & subscriptions on Android. Refunds are governed by Apple or Google’s policies.

Appearance settings (light & dark mode)

CaseGuardian offers light and dark themes. Your choice is stored locally on your device only and is never used for tracking or fingerprinting.

Data retention

• Account data: retained for the life of your account.
• Evidence content: retained until you delete it or close your account; then purged from active systems within 30 days, with encrypted backups overwritten within 90 days.
• SMS consent and opt-in / opt-out logs: retained for 4 years to meet carrier and regulatory requirements.
• Diagnostic / security logs: retained for up to 12 months.
• AI parsing requests: Anthropic does not retain content; we keep only the structured output you saved to your account. Diagnostic logs for AI errors are stripped of document contents and extracted personal information before they are written.
• Bitcoin anchors: cryptographic fingerprints exist in the public Bitcoin ledger forever, by design. The fingerprint alone is on-chain — no personal information, no file content, no identifying detail is included — but the fingerprint itself cannot be retracted. Account deletion does not remove past anchors.
• Records we are legally required to keep (tax, fraud, subpoena) are retained for the period required by law.

Age requirement & children’s privacy

CaseGuardian is intended for users 18 years of age or older. We do not knowingly collect personal information from children under 13. If you believe a child has provided us information, contact support@case-guardian.com and we will delete it.

Regional rights (CCPA, GDPR, UK GDPR)

Depending on where you live, you may have additional rights including: access, correction, deletion, portability, restriction of processing, objection to processing, and the right to lodge a complaint with your local data-protection authority. California residents have rights under the CCPA / CPRA, including the right to know, delete, correct, and limit use of sensitive personal information; we do not “sell” or “share” personal information as those terms are defined under the CCPA. To exercise any right, email support@case-guardian.com. We will not discriminate against you for exercising your rights.

For users in the EU / UK, the legal bases we rely on are: performance of a contract (operating the service), legitimate interests (security, fraud prevention), consent (SMS, AI parsing, optional integrations), and legal obligation. International transfers are protected by Standard Contractual Clauses where applicable.

Security

CaseGuardian is built on client-controlled encryption with AES-256 encryption at rest, TLS 1.3 in transit, and database-level Row-Level Security on every record. Authentication runs through Apple, Google, and hardened OIDC flows with multi-layer rate-limiting, replay-window protection, and biometric gating on every destructive action. Your encryption key stays on your device, so in normal operation we can’t read your case contents. The one exception we disclose plainly: when you open a share link, that page may be rendered through our servers.

We ship zero third-party trackers, zero ad SDKs, and zero IDFA collection — your evidence never trains a model, never feeds an ad network, and never leaves your device until you personally review and approve it. Sealed evidence packages require multi-factor identity verification of the recipient (SMS access code + email) before they can be opened, and the access code and the share link travel in separate messages so neither one alone unlocks the package.

Backed by GDPR / CCPA-compliant right-to-erasure, opt-in AI parsing with on-device PII redaction, and auto-expiring share links, CaseGuardian is engineered to the same standard as the legal record it protects.

Your rights & account deletion

You can access, export, correct, or delete your data at any time from inside the app under Profile → Legal & Privacy, including a one-tap Delete Account option (gated by biometric authentication), or by emailing support@case-guardian.com from your registered address. We will action verified requests within 30 days. Deleting the app from your device does not delete your account.

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced in-app or by email at least 7 days before they take effect, with an updated effective date at the top of this page.

Ownership and intellectual property

CaseGuardian (also referred to as “Case Guardian”) and the CG Share Link feature are copyrighted works and the exclusive property of CaseGuardian L.L.C. All software, branding, designs, and content are protected by copyright and trademark laws. © CaseGuardian L.L.C. All rights reserved. See our Terms of Service for license details.

Contact

CaseGuardian L.L.C.
30 N. Gould St., Ste. R, Sheridan, WY 82801, USA
Phone: (307) 363-9369
Email (including SMS opt-out support): support@case-guardian.com