Policies
Privacy Policy
Casey is designed for UK legal practices that need to collect, review, and store witness statement data securely. Personal data is processed only to provide the service, support legal case handling, and meet contractual, security, and compliance obligations.
The law firm using Casey remains the controller for the underlying matter. Caseyacts as a processor on the firm's instructions for the data hosted in the platform.
Access to case data is restricted to authorized users within the relevant tenant. We use role-based access controls, magic links, logging, and other security measures to reduce unauthorized access and to support accountability.
For witness intake, we show a privacy notice before the witness can proceed. That acknowledgement can be recorded against the witness statement record so the firm can demonstrate notice was presented.
Witness identity and contact details
Case references and matter metadata
Statement responses, attachments, and signature files
Audit metadata such as timestamps and access activity
To guide witness intake and formalize statements
To help legal teams manage matters and evidence
To secure, monitor, and improve the service
To support compliance and record-keeping obligations
Data should only be retained for as long as necessary for the legal matter, the firm's retention policy, or other applicable legal obligations. We do not sell witness data. We only share data with service providers and legal users where that is needed to operate the service.
If you are a witness and want to understand how your personal data is handled, please contact the firm that invited you. If you are a legal practice evaluating Casey, see the dedicated UK GDPR notice for platform-specific guidance.