CaseBuilderAI, LLC ("CaseBuilder"), protects user information through rigorous technical and organizational safeguards. Although the application stores only essential login data and processes documents ephemerally, we follow controls that meet or exceed industry standards for confidentiality, integrity, and availability.
1. Secure Data Transmission
- Encryption in transit: All traffic between the user's browser and CaseBuilder servers is protected with HTTPS / TLS 1.2 or 1.3.
- Encryption at rest: Any temporary data written inside the processing container is encrypted with AES-256.
2. Local Processing & Zero Retention
CaseBuilder is built with a privacy-first architecture that ensures all document handling happens securely and locally within the user's browser. No files are ever transmitted to external servers or stored in the cloud.
2.1 Browser-Based Document Processing
Uploaded documents (PDFs, images, etc.) are processed entirely within the user's browser environment.
- Files never leave the local session or pass through CaseBuilder servers.
- Processing is powered by client-side technologies such as WebAssembly and JavaScript.
- No backend or cloud-based computation is involved in document analysis.
2.2 Zero Retention Architecture
Documents reside temporarily in the browser's memory only during the processing session.
- Once results are returned, the temporary processing container is automatically destroyed.
- No persistent copies are stored — not in databases, logs, or any form of disk storage.
2.3 Encryption in Transit
Although files are not transmitted, all communication with CaseBuilder (e.g., authentication, API model access) is encrypted via HTTPS (TLS 1.2/1.3).
2.4 HIPAA Business Associate Agreement (BAA) Provided
CaseBuilder executes a Business Associate Agreement (BAA) with all firms using the platform, at no additional cost. Our infrastructure is designed to fully support HIPAA compliance by ensuring that no Protected Health Information (PHI) is ever stored, transmitted, or retained.
3. Secure Password Storage
- System-generated credentials: Users do not create passwords; they are randomly generated by the platform.
- Bcrypt + salt: Password hashes are stored with bcrypt and unique salts.
- Multi-Factor Authentication (MFA): Supported and strongly recommended.
4. Protection Against Brute-Force Attacks
- Temporary account lockout after five failed login attempts.
- Email alerts for suspicious logins from new devices or locations.
5. Access Control & User Permissions
- Role-Based Access Control (RBAC) enforces least-privilege access.
- Permissions are reviewed during quarterly security audits.
6. Secure Server Configuration
- Hardened images (default passwords removed, unused ports closed).
- Continuous patching of OS and runtime dependencies.
- Intrusion-Detection System (IDS) monitors anomalies and raises real-time alerts.
7. Monitoring, Logging & Incident Response
- Immutable security logs record failed logins, access attempts, and API calls.
- Logs are reviewed regularly by the security team.
- Incident response: Users are notified within 24 hours of any confirmed breach. Root-cause analysis and remediation begin immediately.
8. Vulnerability Management & Security Assessments
- Quarterly internal vulnerability scans.
- Annual third-party penetration tests; attestation letter available on request.
- Findings are prioritized and remediated according to severity SLAs.
9. Compliance with Data-Protection Regulations
- CaseBuilder adheres to GDPR and CCPA requirements.
- Users may request access, correction, or deletion of personal data by contacting support.
Contact Information
If you have any questions about this Data Security Policy, please contact us:
For additional security questions or to request a BAA, please reach out using the contact details above.