Privacy Policy

This Privacy Policy describes how First Class Digital LLC, a Wyoming limited liability company headquartered in Casper, Wyoming (“First Class Digital”, “we”, “us”, or “our”), collects, uses, and protects information in connection with the KaseScore platform (“Service”).

If you have questions about this policy, contact us at support@kasescore.com.

From prospective clients (intake submitters): When a prospective client submits an intake form, we collect the information they provide, which may include name, contact details, incident date, jurisdiction, case description, and any documents uploaded (e.g., medical records, police reports, insurance correspondence).

From law firm subscribers: When a law firm creates an account, we collect the account holder's name, email address, firm name, and billing information (processed by Stripe — we do not store raw card data). We also collect firm configuration settings such as brand color, practice area selections, and notification preferences.

Usage and technical data: We collect standard server logs, error reports, and aggregate usage telemetry (e.g., page views, feature usage) to operate, secure, and improve the Service. This data does not include intake case content.

We use collected information solely to:

• Operate the Service and deliver AI case-scoring results to the subscribing law firm;
• Send transactional emails (case alerts, account notifications) to the firm's designated notification address;
• Process subscription payments and manage billing;
• Respond to support requests;
• Detect and prevent fraud, abuse, and security incidents;
• Comply with applicable legal obligations.

We do not sell, rent, or share intake content or personal information with third parties for any purpose. We do not monetize your data through advertising, data brokers, or downstream sales.

We do not use intake content to train, fine-tune, evaluate, or improve any AI or machine-learning model — whether our own or operated by a third party. We do not use intake content to generate cross-firm benchmarks, product analytics, marketing materials, or comparative case statistics.

Aggregated, fully de-identified service telemetry (e.g., total number of intakes processed across the platform per week, average end-to-end scoring latency) may be used to operate and improve the Service. Such telemetry is generated from system metadata only and does not include intake case content, client identifiers, firm identifiers, or any other personal information.

Scope of AI processing. The AI scoring pipeline analyzes only the structured intake fields and the free-text case description that the prospective client submits through the intake form. Files attached to an intake (PDFs, images, scanned documents) are stored in encrypted storage but are not transmitted to the AI sub-processor as part of the scoring pipeline. Attached documents are accessible only to authorized members of the subscribing firm via the firm's dashboard.

Intake content submitted through the Service is transmitted to the following third-party infrastructure providers to deliver core functionality:

• Supabase — database storage and authentication. Stores intake records, attached documents (encrypted at rest), and account data. Data is encrypted at rest and in transit. Supabase is SOC 2 Type 2 certified.
• AI infrastructure sub-processor — performs the AI analysis of intake field and description text to generate case scores. We engage this sub-processor under enterprise terms that contractually prohibit use of submitted content to train, fine-tune, evaluate, or improve any model. The sub-processor does not retain case content beyond the duration of an active analysis request. As noted above, attached files are not sent to this sub-processor. The current named AI sub-processor is available on request from support@kasescore.com; the full sub-processor roster is published at /subprocessors.
• Resend — transactional email delivery (case alerts, account notifications). Receives recipient email addresses and email body content (which may include intake metadata such as case reference, client name, and AI summary).
• Stripe — payment processing. Stripe handles all cardholder data and is PCI DSS certified. We do not store raw payment card information.
• Railway — cloud hosting and deployment infrastructure for the application servers.

Each sub-processor is bound by data processing terms consistent with applicable privacy law. We conduct reasonable diligence on sub-processors and will update this list as our infrastructure changes.

KaseScore is not a HIPAA-covered entity and the Service is not configured or warranted as a HIPAA-compliant platform by default.

For most law firms using the Service — including those practicing personal injury, employment, immigration, family, and criminal law on behalf of individual clients — HIPAA does not apply directly to client communications, which are protected by attorney-client privilege and applicable state confidentiality rules. In those contexts, your firm is not acting as a HIPAA-covered entity or business associate, and KaseScore's standard data-handling practices apply.

However, intake submissions in certain contexts may contain Protected Health Information (“PHI”) within the meaning of HIPAA — for example, when your firm represents a healthcare provider, health plan, or other covered entity, or when your firm is itself acting as a business associate of such an entity. Subscribers are solely responsible for understanding and complying with all regulatory obligations applicable to their practice, including HIPAA where applicable.

Firms that qualify as HIPAA covered entities or business associates must execute a Business Associate Agreement (“BAA”) with First Class Digital LLC before using the Service to store or process PHI. To request a BAA, contact support@kasescore.com.

Intake records and associated documents are retained for the duration of an active subscription and for 30 days following cancellation or termination, after which they are permanently and irreversibly deleted from our systems.

Billing and account records may be retained for longer periods as required by applicable law or legitimate business purposes (e.g., tax compliance).

You may request earlier deletion of intake data by contacting support@kasescore.com.

We implement industry-standard technical and organizational safeguards to protect information against unauthorized access, disclosure, alteration, or destruction. These include encryption in transit (TLS 1.2+), encryption at rest, role-based access controls, and regular security reviews.

Per-firm isolation. Every intake, document, and case score is scoped to the subscribing firm at the database layer through row-level access controls. A user authenticated as a member of one firm cannot read, list, or modify data belonging to any other firm. These controls are enforced by the database, not only by application code, so a logic error in one part of the application cannot expose another firm's data.

Staff access to case content. First Class Digital personnel do not access individual intake content (descriptions, attached documents, case scores, or attorney notes) as part of normal operations. Privileged-credential access is restricted to a small number of authorized personnel and is used only for legitimate operational reasons such as investigating a security incident, fixing a critical bug at a subscriber's request, or responding to a valid legal process. We do not read your case content for product analytics, marketing, customer-success outreach, or any other discretionary purpose.

No method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, and we encourage subscribers to use strong passwords, enable any available additional authentication mechanisms, and to notify us immediately of any suspected unauthorized account access.

Depending on your jurisdiction, you may have rights with respect to your personal information, including the right to access, correct, delete, or restrict processing of your data. To exercise any of these rights, contact us at support@kasescore.com. We respond to verified requests within 30 days.

Law firm subscribers may also manage and export their firm's intake data directly from the dashboard.

The Service uses essential session cookies required for authentication and security. We do not use third-party advertising cookies or behavioral tracking cookies. Basic analytics (aggregate page views and error logs) are collected without persistent identifiers.

The Service is intended solely for use by legal professionals and law firms. We do not knowingly collect personal information from anyone under the age of 18. If you believe a minor has submitted information through an intake form, contact us and we will delete that information promptly.

We may update this Privacy Policy from time to time. We will notify subscribers of material changes by email or via an in-app notice at least 14 days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

First Class Digital LLC
Casper, Wyoming
support@kasescore.com