How Casey handles witness, case, and firm data.

Casey is designed for UK legal practices that need to collect, review, and store witness statement data securely. This policy explains what data is processed, why it is used, and how responsibility is shared with the firm using the platform.

Read the UK GDPR notice Security overview

Controller and processor model

The law firm using Casey remains the controller for the underlying matter. Casey acts as a processor on the firm's documented instructions for data hosted in the platform.

Restricted access

Access to case data is restricted to authorised users within the relevant firm or organisation, with role-based controls and scoped witness links.

Operational safeguards

The service uses logging, database-level access controls, token checks, and public-route safeguards to reduce unauthorised access and support accountability.

Personal data

What is collected and how it is used

Casey only processes personal data to provide the service, support legal case handling, and meet contractual, security, and compliance obligations.

Data we process

Witness identity and contact details

Case references, matter metadata, and firm user details

Statement responses, signed documents, attachments, and exhibits

Audit metadata such as timestamps, access activity, and workflow state

How data is used

Guide witness intake and prepare formal witness statements

Help legal teams manage matters, evidence, follow-up, and review

Secure, monitor, troubleshoot, and improve the service

Support compliance, record keeping, retention, and accountability

Retention, sharing, and witness rights

Data should only be retained for as long as necessary for the legal matter, the firm's retention policy, contractual obligations, or other applicable legal requirements. Casey does not sell witness data.

We only share data with service providers and legal users where that is needed to operate the service, secure the platform, or support the firm's instructions. For witness intake, Casey shows a privacy notice before the witness can proceed, and that acknowledgement can be recorded against the statement.

If you are a witness and want to understand how your personal data is handled, please contact the firm that invited you. If you are a legal practice evaluating Casey, review this policy alongside your own privacy notices, client-care wording, retention rules, and supplier due-diligence process.