GDPR
Casey is designed for UK legal practices that process personal data in the context of dispute handling, witness statements, and legal case management. The platform supports a controller/processor model where the law firm remains responsible for the legal basis, instructions, retention decisions, and responses to data subject rights.
At a high level, the service supports key UK GDPR obligations by helping firms control access to data, keep records of activity, limit use to legitimate legal purposes, and reduce the chance of unauthorized disclosure. Our aim is to provide software that fits within a firm’s own governance, rather than replacing it.
For witness intake, the witness is shown a privacy notice before starting. Their acknowledgement can be stored against the witness statement record as evidence that the notice was presented and accepted before intake continued.
Lawfulness, fairness, and transparency
Purpose limitation and data minimization
Accuracy and storage limitation
Integrity, confidentiality, and accountability
Tenant-scoped access for legal teams
Magic-link controls for witness access
Audit-friendly statement and submission records
Configurable witness intake flows for different matters
Depending on the legal basis and the law firm's obligations, data subjects may have rights to access, rectify, erase, restrict, object to processing, or request portability. Requests should be handled by the firm that controls the relevant matter.
Caseyis a tool used by legal professionals to support those processes. It is not a substitute for the firm's own privacy notices, record-keeping, or legal advice about compliance.