Security
Casey uses tenant-scoped access controls so only authorized users can view and manage case records. Witness links are time-bound and tied to a specific statement record.
We design the platform to use secure defaults, role-based access, and server-side checks for sensitive actions. Logging and audit trails help us trace statement activity and administrative changes.
No system is perfectly secure, but we work to keep the platform resilient and to minimize unauthorized exposure of personal data.
Sensitive witness actions are protected by tokenized links, tenant validation, and server-side persistence rules. This helps prevent cross-tenant access and reduces the chance of accidental disclosure in multi-matter environments.
Role-based access for legal teams and admins
Tenant-scoped queries and storage access
Magic links for witness access with expiry controls
Server-side validation for high-risk workflows
Keep software dependencies up to date
Review access regularly within each legal practice
Use strong credentials and least-privilege roles
Monitor logs for unusual statement or account activity
Legal practices should ensure their own policies cover information security, retention, staff training, and incident response. Casey is a tool that supports those obligations, not a replacement for them.
Practices should confirm their own legal bases, notices, and retention schedules before using the service in live matters.