CASEPILOT

Privacy Policy.

Effective: May 1, 2026

1. Who we are

CasePilot is a mobile application published by CodeEnsis Ltd. ("we", "our", "us"), Χριστόδουλου Σώζου 2, EIFFEL TOWER, Floor 3, Flat/Office 301, 1096 Λευκωσία, Κύπρος. This policy explains what CasePilot collects, how the AI analysis pipeline works, the legal bases under the EU General Data Protection Regulation ("GDPR"), and your rights.

2. What CasePilot collects

To provide the service, CasePilot collects:

• Account data. Email and provider id when you sign in with Apple or Google. An anonymous Firebase user id if you use the app without signing in.
• Documents you upload. The text, photos, PDFs, or .docx files you submit for analysis, plus the parsed text and metadata extracted from them.
• Analysis results. Risk scores, summaries, identified clauses, key dates, parties, and the per-clause Q&A history you create.
• Subscription state. Whether your account has an active Pro entitlement, surfaced from Apple App Store or Google Play.
• Usage counters. The number of analyses and chat questions you've used per day, so we can enforce free-tier quotas.
• Diagnostic data. Crash reports and basic device/OS info via Firebase Crashlytics, and aggregate event counts via Firebase Analytics. No document content is ever sent to either.

3. What we do not collect

• No location, contacts, microphone access, or device-wide advertising identifiers.
• No payment data - purchases are handled by Apple or Google; we only see your subscription state, never your card.
• No third-party advertising SDKs, no advertising profiling.
• No selling, renting, or licensing of your documents or analyses to anyone, ever.

4. How the AI analysis works

When you submit a document, CasePilot takes the following path:

• The document is uploaded to our backend over HTTPS and parsed (OCR for photos, text extraction for PDF/DOCX).
• The parsed text is forwarded by a Google Cloud Function we operate to a third-party large-language-model provider (currently Google Gemini and OpenAI, used as fallbacks via a router). This is the only step where document text leaves our infrastructure.
• Provider requests are made under enterprise-tier API keys with model training opt-out enabled. Providers are contractually prohibited from training on or retaining your content beyond the short period needed to serve the request.
• The model's structured response (risk score, clauses, summary) is stored against your CasePilot account and returned to your device.
• For per-clause chat ("Ask anything"), each new question and prior turns of that conversation are sent to the same provider pipeline. Conversation history stays on your account and is not used to train any model.

We never send your contracts to any client-side AI SDK on your phone. There is no client-side model integration that could leak data.

5. Where data is stored and for how long

• Account, documents, analyses, chats: stored in Google Cloud Firestore and Cloud Storage, hosted in EU regions (multi-region eur3 for Firestore, europe-west1 for backend functions). Encrypted at rest and in transit by Google.
• Authentication: handled by Firebase Authentication. We do not store passwords ourselves; for "Sign in with Apple" and Google, we receive only the provider id and email.
• Quota counters: stored per UTC day under your account, and rotate naturally over time.
• Retention: documents and analyses are retained until you delete them or delete your account. If you uninstall the app without deleting your account, data remains tied to your account and you can sign back in to access or remove it. Inactive accounts may be purged after 24 months of no activity, with email warning beforehand.

6. Diagnostics and crash reports

CasePilot uses Firebase Analytics and Firebase Crashlytics from Google for product-quality and stability monitoring. These send:

• Anonymous app instance id, app version, OS version, device model, country-level region (derived from IP, then discarded by Google).
• Aggregate events (e.g. "analysis started", "subscription opened") with no document content or user-identifying detail.
• Stack traces of uncaught exceptions, with file paths and the device's Firebase Installations ID.

We never send the text of your contracts, your chat questions, or your AI responses to either service.

7. Subscriptions and purchases

Pro subscriptions are sold and billed by Apple (App Store) or Google (Google Play). We see only your entitlement state through the platform's purchase API. We do not see, store, or process your payment card. Refunds and billing disputes are handled by the platform.

8. Permissions CasePilot asks for

• Camera - only if you choose "Take photo" to capture a paper contract.
• Photo library - only if you choose "Choose from library".
• Files - only if you choose "Pick a PDF" or "Pick a Word doc". CasePilot uses the system document picker, which gives the app access to the single file you select, not your whole drive.
• Internet - required to upload, analyze, and sync your account.

You can revoke any permission at any time in your device's system settings.

9. Not legal advice

CasePilot is an AI-assisted reading tool. It is not a substitute for legal advice and does not create an attorney-client relationship. The risk score, clause flags, and chat answers are best-effort outputs of probabilistic models and may be incomplete or wrong. For high-stakes decisions, consult a qualified lawyer in your jurisdiction.

10. Children

CasePilot is intended for adults (18+). It is not directed at children, and we do not knowingly collect personal data from children under 16.

11. Legal basis (GDPR) and your rights

Where the GDPR applies:

• The legal basis for processing the documents you submit and the resulting analyses is performance of a contract under Art. 6(1)(b) GDPR - you ask us to analyze your document, we analyze it.
• The legal basis for diagnostics is our legitimate interest in keeping the app stable and secure under Art. 6(1)(f) GDPR. Where required by local law, we treat analytics as opt-in and ask for consent at first launch.
• The legal basis for support correspondence and account management is Art. 6(1)(b) GDPR (contract) and Art. 6(1)(f) GDPR (legitimate interest in responding to you).

You can at any time:

• View or delete any individual contract and its chat history from inside the app.
• Delete your CasePilot account from Settings → Account → Delete account. This permanently removes your documents, analyses, chats, and account record.
• Email [email protected] to request access, rectification, erasure, restriction, portability, or to object to any processing.
• Lodge a complaint with the data protection authority of your habitual residence.

12. Sub-processors

We use the following sub-processors to run CasePilot:

• Google LLC / Google Cloud (Firebase): authentication, Firestore, Cloud Storage, Cloud Functions, Crashlytics, Analytics. EU regions. Operates under standard contractual clauses where data crosses borders.
• Google Gemini API and OpenAI API: large-language-model inference for analysis and chat. Document text is sent under enterprise-tier accounts with training opt-out enabled.
• Apple Inc. / Google LLC (Play): in-app purchase processing on iOS and Android respectively.

13. International transfers

CodeEnsis is established in Cyprus, EU. Document storage and processing occurs in EU regions. AI provider APIs may be served from US infrastructure, in which case transfers are covered by the EU-U.S. Data Privacy Framework and/or standard contractual clauses signed with the providers.

14. Changes to this policy

We may update this policy as CasePilot evolves. Material changes will be reflected here with an updated "Effective" date above. Continuing to use CasePilot after a change means you accept the updated policy.

15. Contact

Privacy questions or rights requests: [email protected]. General support: [email protected]. A human reads every message.