Last updated: 03/31/2025
CaseBuilderAI protects user information through rigorous technical and organizational safeguards. Although the application stores only essential login data and processes documents ephemerally, we follow controls that meet or exceed industry standards for confidentiality, integrity, and availability.
1. Secure Data Transmission
• Encryption in transit: All traffic between the user’s browser and CaseBuilderAI servers is protected with HTTPS / TLS 1.2 or 1.3.
• Encryption at rest: Any temporary data written inside the processing container is encrypted with AES-256.
2. HIPAA-Ready & Zero-Retention Processing
2.1 Zero-retention architecture
• Files (PDFs, images, etc.) live only in volatile memory during analysis.
• After results are returned, the processing container and its storage are destroyed automatically.
• No persistent copies are stored in databases, backups, or logs.
2.2 End-to-end encryption
• TLS 1.2/1.3 secures data in transit.
• AES-256 secures data inside the short-lived processing environment.
2.3 HIPAA Business Associate readiness
• CaseBuilderAI will execute a Business Associate Agreement (BAA) at no extra cost for firms handling PHI.
• Our safeguards align with 45 C.F.R. §§ 164.308-316 (Administrative, Technical, Physical).
2.4 SOC 2 Type II program (in progress)
• Controls are mapped to SOC 2; the third-party audit report is expected Q4 2024.
• On request, we provide our SIG Lite questionnaire, CAIQ answers, and the latest external penetration-test summary.
Result: Sensitive information never persists on CaseBuilderAI systems—minimizing risk and simplifying your compliance obligations.
3. Secure Password Storage
• System-generated credentials: Users do not create passwords; they are randomly generated by the platform.
• Bcrypt + salt: Password hashes are stored with bcrypt and unique salts.
• Multi-Factor Authentication (MFA): Supported and strongly recommended.
4. Protection Against Brute-Force Attacks
• Temporary account lockout after five failed login attempts.
• Email alerts for suspicious logins from new devices or locations.
5. Access Control & User Permissions
• Role-Based Access Control (RBAC) enforces least-privilege access.
• Permissions are reviewed during quarterly security audits.
6. Secure Server Configuration
• Hardened images (default passwords removed, unused ports closed).
• Continuous patching of OS and runtime dependencies.
• Intrusion-Detection System (IDS) monitors anomalies and raises real-time alerts.
7. Monitoring, Logging & Incident Response
• Immutable security logs record failed logins, access attempts, and API calls.
• Logs are reviewed regularly by the security team.
• Incident response: Users are notified within 24 hours of any confirmed breach. Root-cause analysis and remediation begin immediately.
8. Vulnerability Management & Security Assessments
• Quarterly internal vulnerability scans.
• Annual third-party penetration tests; attestation letter available on request.
• Findings are prioritized and remediated according to severity SLAs.
9. Compliance with Data-Protection Regulations
• CaseBuilderAI adheres to GDPR and CCPA requirements.
• Users may request access, correction, or deletion of personal data by contacting support.
Contact Information
If you have any questions about this Data Security Policy, please contact us:
📧 Email: contact@casebuilder.ai
📞 Phone: +1 (866) 751-3005
📍 Address: 131 Continental Drive, Suite 305, Newark, Delaware 19713
For additional security questions or to request a BAA, please reach out using the contact details above.