Case Xchange Privacy Policy
Last Revised: September 16, 2025

This Privacy Policy outlines how Case Xchange, Inc. (“Case Xchange,” “we,” “us,” or “our”) collects, uses, and discloses personal and other information in connection with your use of our website located at www.CaseXchange.com (the “Site”) and the referral platform and related services we provide (collectively, the “Services”).

This Policy applies to information collected through your use of the Site and the Services, as well as through other interactions you may have with Case Xchange.

Please note that this Privacy Policy does not govern the handling of any client data (“Client Information”) that is submitted, processed, or shared by or between Member Firms via the Services. Such Client Information is subject to the terms of our Master Terms and Conditions and any applicable Data Processing Agreements entered into with Member Firms.

Data Controller and Data Processor Roles

Case Xchange, Inc. acts as a data controller with respect to personal information that we collect directly from you. This includes, but is not limited to, account registration details, usage data, communications, and platform analytics (“User Information”).

When Member Firms use our Services to share or process client-related data (“Client Information”), Case Xchange acts as a data processor on behalf of the Member Firm. In such cases, the Member Firm remains the data controller of the Client Information and is solely responsible for determining the purposes and means of its processing.

This distinction between data controller and data processor is made in accordance with applicable data protection laws, including the General Data Protection Regulation (“GDPR”), and is essential for understanding both your rights and our respective obligations under the law.

Legal Profession Considerations

Case Xchange, Inc. recognizes that law firms are subject to elevated standards of confidentiality, professional responsibility, and ethical obligations. Accordingly, our platform has been designed to support compliance with applicable Rules of Professional Conduct, including—but not limited to—obligations concerning the protection of attorney-client privilege and the confidentiality of client information.

However, each Member Firm remains solely responsible for ensuring that its use of the Case Xchange platform complies with all applicable ethical, legal, and regulatory requirements in its jurisdiction. This includes, but is not limited to, maintaining compliance with jurisdiction-specific professional conduct rules. Further guidance is provided in our Master Terms and Conditions.

1. Information We Collect

Information You Provide to Us

We collect personal and professional information that you voluntarily provide to us, including but not limited to:

  • Account Information: Such as your name, email address, phone number, law firm name, bar membership number, and other professional credentials when registering for an account.
  • Profile Information: Including details related to your law firm, practice areas, jurisdictions served, and any other professional qualifications or affiliations.
  • Communications: Information you submit when contacting us for support, responding to surveys, or otherwise engaging with us through the Site or Services.
  • Service Fees and Payment Information: Billing addresses and payment method details associated with subscription-based or other paid Services.

Information We Collect Automatically

When you access or use our Site or Services, we may automatically collect certain technical and usage-related information, including:

  • Usage Information: Data regarding your use of the Services, such as accessed features, pages viewed, time spent on the platform, and user interaction patterns.
  • Device Information: Information regarding the device you use to access the Services, including your IP address, browser type, operating system, and unique device identifiers.
  • Log Information: Server logs that may include your IP address, browser data, access times, referring pages, and the pages you viewed while using the Services.

Information We Receive from Third Parties

We may obtain information about you from third-party sources, including:

  • Integration Partners: Data shared from case management systems or other legal technology tools that you choose to integrate with our platform.
  • Service Providers: Information provided by third-party vendors assisting us in delivering and improving our Services.

2. How We Use Your Information

We process your information under the following legal bases:

  • Contractual Necessity: To provide, maintain, and fulfill our obligations under any agreement entered into with you, including delivering access to our Services.
  • Legitimate Interests: To operate, improve, and secure our Services, prevent fraud, and maintain network functionality and integrity.
  • Legal Obligations: To comply with applicable professional conduct rules, data protection laws, and regulatory requirements.
  • Consent: Where required by law, for purposes such as marketing communications or use of optional platform features.

We use your information to:

  • Provide, operate, and maintain the Services;
  • Process transactions and deliver related communications;
  • Send service-related notices, technical updates, and administrative alerts;
  • Respond to inquiries and provide user support;
  • Communicate about features, offers, surveys, and events;
  • Monitor usage and performance trends;
  • Customize and improve user experience;
  • Facilitate referrals between Member Firms;
  • Verify legal credentials and bar admission status;
  • Comply with legal obligations and enforce our Master Terms and Conditions.

3. Sharing of Information

With Your Consent

We may share your personal information with third parties when you have explicitly authorized us to do so.

For Business Purposes

  • Service Providers: We may share information with third-party vendors, consultants, and other service providers who require access to such information to perform services on our behalf and under appropriate confidentiality obligations.
  • Business Transactions: In the context of a corporate transaction such as a merger, acquisition, financing, or sale of assets, we may transfer or share your information as part of the transaction.
  • Legal Compliance and Protection: We may disclose information as required by law, subpoena, or similar legal process, or when we believe such disclosure is necessary to protect our legal rights, the safety of our users or others, investigate fraud, or respond to a government request.

Third-Party Service Providers (Subprocessors)

We engage third-party subprocessors to support the functionality of the Services, including but not limited to hosting, payment processing, and analytics. All subprocessors are contractually bound by data protection obligations consistent with this Privacy Policy and applicable law.

Within Our Network

  • Member Firms: We may share limited professional and referral-related information with other verified Member Firms to facilitate referrals, track performance, and ensure platform integrity, as outlined in our Master Terms and Conditions.
  • Directory Information: Basic firm-level information (e.g., practice areas, jurisdictions, contact details) may be made visible to other Member Firms in accordance with your membership agreement and account settings.

4. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, including to comply with legal obligations, resolve disputes, and enforce our agreements.

Client Information processed through the Services on behalf of Member Firms is retained in accordance with our Master Terms and Conditions and any applicable Data Processing Agreements.

When personal data is no longer needed, we take commercially reasonable steps to securely delete, de-identify, or anonymize it in accordance with industry standards and applicable law.

5. International Transfers

Your personal data may be transferred to and processed in jurisdictions outside of your country of residence, including the United States, where Case Xchange and its third-party service providers are located.

If you are located in the European Economic Area (EEA), the United Kingdom, or other regions with data transfer restrictions, we implement appropriate safeguards—such as Standard Contractual Clauses or other legally recognized mechanisms—to ensure the protection of your personal information.

By using the Services or providing your information, you acknowledge and consent to the transfer, processing, and storage of your data in the United States and other jurisdictions where our service providers operate.

6. Access and Correction of Information

You may access and update certain personal information associated with your account by logging into your Case Xchange account and adjusting your account settings.

If you are unable to update your information through your account, you may contact us directly at [email protected] to request access to or correction of your personal information. We will respond to such requests in accordance with applicable data protection laws.

7. California Privacy Rights

Pursuant to the California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act of 2020) (collectively, the “CCPA”), California residents have certain rights regarding the collection, use, and disclosure of their personal information.

Categories of Personal Information Collected

In the preceding twelve (12) months, we may have collected the following categories of personal information from users in connection with the Site and Services:

  • Identifiers (e.g., name, email address, bar number, firm name)
  • Professional or employment-related information
  • Internet or other electronic network activity information (e.g., browsing history, usage data)
  • Geolocation data (derived from IP addresses)
  • Commercial information (e.g., records of services purchased or considered)
  • Inferences drawn from other personal information

We collect and use this information for the business purposes described in the “How We Use Your Information” section above.

California Consumer Rights

If you are a California resident, subject to certain limitations, you have the right to:

  • Request disclosure of the categories and specific pieces of personal information we have collected about you;
  • Request deletion of your personal information;
  • Request correction of inaccurate personal information;
  • Request information about the categories of personal information disclosed for a business purpose and the categories of third parties to whom the information was disclosed;
  • Opt-out of the sale or sharing of personal information (please note: Case Xchange does not sell personal information in the traditional sense);
  • Limit the use and disclosure of sensitive personal information (if applicable); and
    Not be discriminated against for exercising any of your CCPA rights.

You may exercise these rights by contacting us at [email protected]. We may need to verify your identity before processing your request, and may request additional information for that purpose.

8. Security

Case Xchange, Inc. implements appropriate technical and organizational safeguards designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Access to personal information is restricted to authorized personnel who require such access to perform their designated responsibilities, and such personnel are subject to strict confidentiality obligations.

In the event of a data breach or other security incident involving personal information, we will promptly investigate the matter and notify affected individuals and relevant regulatory authorities in accordance with applicable laws and regulations. Where legally required, such notification will occur within seventy-two (72) hours of discovery.

Please note that no method of transmission over the internet or method of electronic storage is entirely secure. As such, we cannot guarantee absolute security. If you believe your interaction with us is no longer secure—for example, if you suspect your account has been compromised—you must immediately notify us using the contact information provided below.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance user experience, analyze usage trends, and deliver relevant content. These technologies may collect information automatically when you use the Site or Services. We utilize the following categories of cookies:

  • Strictly Necessary Cookies: Required to enable core platform functions, including security, authentication, and network management.
  • Performance and Analytics Cookies: Collect information about how users interact with our Services to help us improve functionality and performance.
  • Functional Cookies: Enable the platform to remember user preferences and settings to provide a more personalized experience.
  • Marketing Cookies: Used to deliver relevant advertising and track the effectiveness of marketing campaigns.

You can manage your cookie preferences through your browser settings. Please note that disabling certain types of cookies may affect the functionality and availability of the Services.

10. Children’s Privacy

Our Services are not directed to, and are not intended for use by, individuals under the age of sixteen (16). We do not knowingly collect or solicit personal information from children under the age of 16. If we become aware that we have inadvertently collected personal information from a child under 16, we will take appropriate steps to delete such information from our records. If you believe that a child under 16 has provided us with personal information, please contact us immediately.

11. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. If we make material changes to the way we collect, use, or share personal information, we will provide notice of such changes by posting the revised Policy on our Site and/or by notifying you via email prior to the effective date of the changes. Your continued use of the Services after the effective date constitutes your acceptance of the updated Policy.

We reserve the right to update or modify this Privacy Policy at any time. If we make material changes to the way we collect, use, or share personal information, we will provide notice of such changes by posting the revised Policy on our Site and/or by notifying you via email prior to the effective date of the changes. Your continued use of the Services after the effective date constitutes your acceptance of the updated Policy.

12. Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy or our data practices, please contact us at:

Data Protection Inquiries

Email: [email protected]

General Inquiries

Email: [email protected]