Privacy Policy

NextCase LLC ("NextCase", "we", "us", or "our") provides workflow and operations software, including software-as-a-service and downloadable applications. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our websites (including nextcase.ai and nextcase.org), products, and related services (collectively, the “Services”).

1. Information We Collect

We collect information in three main ways: information you provide to us, information we collect automatically, and information we receive from third parties.

a. Information You Provide to Us

• Account & Contact Information: When you register for an account, we collect your name, email address, company name, role, and authentication credentials.
• Customer Data: We collect and store the records, files, text, images, messages, tasks, and any other content you upload, create, or submit to the Services (“Customer Data”). Your organization controls this data.
• Billing Information: When you subscribe to a paid plan, we collect subscription tier details and payment method information. This information is securely processed by our third-party payment provider. We do not store full credit card numbers.
• Communications & Support: When you contact us for support, provide feedback, or participate in a survey, we collect the messages, attachments, and other information you share.

b. Information Collected Automatically

• Usage & Diagnostics Data: We collect data about your interactions with our Services, such as features used, pages visited, and performance metrics. This includes device and browser information, timestamps, and crash logs.
• Cookies & Similar Technologies: We use cookies and similar technologies to operate the Services, such as keeping you signed in, remembering your preferences, and analyzing performance.
• Log Data: Our servers automatically record information when you access the Services, including your IP address, user and organization IDs, and request/response headers.

c. Information from Third Parties

• Single Sign-On (SSO): If your organization enables SSO, we may receive information from your identity provider (e.g., Google, Microsoft Entra ID) such as your name and email.
• Integrations: If you connect third-party applications to our Services, we may access and process data from those services as authorized by you to provide the integration.

2. How We Use Information

• To Provide and Maintain the Services: To operate, secure, and manage our platform, including user authentication, authorization, backups, and fraud prevention.
• To Process Customer Data: We process Customer Data on behalf of you and your organization in accordance with your instructions and settings.
• To Improve and Develop Our Services: We analyze usage data to understand user needs, develop new features, and improve the quality and performance of our Services.
• To Communicate With You: To send you service-related announcements, security alerts, billing notifications, and other administrative messages.
• To Comply with Legal Obligations: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests, and to enforce our Terms of Service.

3. AI-Assisted Features

Some features within our Services are AI-assisted. Our commitments regarding these features are:

• Purpose Limitation: Customer Data is processed only to provide the requested AI feature and is not used to train third-party AI models unless you (or your organization) explicitly opt in.
• Sub-processors: We may use trusted third-party AI processors under strict confidentiality and data-processing agreements.
• User Responsibility: AI-generated outputs may be inaccurate, incomplete, or biased. Users are responsible for reviewing and verifying any output before relying on it.

4. Cookies & Similar Technologies (GDPR/UK ePrivacy)

We use cookies, SDKs, and similar technologies to (i) enable core functionality (e.g., login, security), (ii) remember preferences, and (iii) measure performance and improve the Services. Essential cookies are always on because they are necessary to provide the Services. Non-essential cookies (e.g., analytics) are used only with your consent where required by law.

• Managing Preferences: You can control cookies in your browser settings and manage your consent preferences on our homepage.
• Retention: Cookie lifetimes vary by purpose; see your browser’s storage viewer for details.

5. Legal Bases for Processing (EEA/UK Residents)

If you are in the European Economic Area (EEA) or the United Kingdom (UK), our legal bases for processing your personal information are: performance of a contract, our legitimate interests (e.g., for security, product improvement, and fraud prevention), your consent (where required), and compliance with legal obligations.

6. How We Share Information

• Service Providers / Sub-processors: We share information with third parties who provide services on our behalf, such as cloud hosting, email delivery, analytics, and payment processing. We bind them to appropriate confidentiality and security commitments.
• Your Organization: If you use the Services through an organization, the organization’s administrators may access and manage your account and the Customer Data within their workspace.
• Legal Compliance & Safety: We may disclose information to comply with a law, regulation, or legal request; to protect the safety of any person; to address fraud or security issues; or to protect our rights.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to the commitments made in this Privacy Policy.

7. Data Retention

We retain personal information for as long as your account is active and as necessary to provide the Services, comply with our legal obligations, and enforce our agreements. Customer Data is retained according to the terms of the agreement with your organization.

8. Security

We employ reasonable administrative, technical, and physical safeguards to protect your information. Measures include encryption in transit (TLS) and at rest, role-based access controls, and security logging. However, no system is 100% secure.

9. Your Rights & Choices (U.S. States, GDPR/UK, Other Regions)

Depending on your location, you may have rights regarding your personal information, which can include the right to access, correct, delete, or obtain a portable copy; to object or restrict certain processing; and to withdraw consent where processing is based on consent.

a. U.S. State Privacy Rights (e.g., CA, VA, CO, CT, UT)

• Access/Know, Correction, Deletion, and Portability.
• Opt Out of Sale/Sharing of personal information and of targeted advertising where applicable.
• Non-discrimination for exercising your rights.

Do Not Sell or Share: We do not sell personal information as defined under California law. We also do not knowingly share personal information for cross-context behavioral advertising without your consent. Where applicable, you may submit a request using the methods below.

b. GDPR/UK Data Protection Rights

• Right of access, rectification, erasure, restriction, portability, and objection.
• Where we rely on consent, the right to withdraw consent at any time.
• You may lodge a complaint with your supervisory authority.

c. How to Exercise Your Rights

Email [email protected] with your name, contact information, and the right you wish to exercise. If you are a California or other U.S. state resident seeking to opt out of “sale”/“sharing,” include “Do Not Sell or Share My Personal Information” in the subject line. We will respond within the timeframes required by law and may take steps to verify your identity and authority.

10. International Data Transfers

We are based in the United States and may process your data in the U.S. and other countries. When we transfer personal data from regions like the EEA or UK, we use recognized legal mechanisms like Standard Contractual Clauses to ensure an adequate level of data protection.

11. Children’s Privacy

The Services are not directed to individuals under 18. We do not knowingly collect personal information from minors. If we become aware that we have, we will take steps to delete such information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If the changes are material, we will provide additional notice, such as via email or a prominent notice within the Services.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us at [email protected].