Privacy Policy

Privacy

Last updated: 2026-05-20

Who we are

Casemoat is operated by Patten Labs LLC, a Texas LLC. Casemoat is a case operating system built for plaintiff personal-injury law firms. "Customer" means the firm with a contract with us. "You" or "User" means an individual user (attorney, paralegal, intake specialist) authorized by Customer to use Casemoat.

What we collect

  • User identity: name, email, role within firm (for sign-in + audit log)
  • Firm configuration: firm name, matter taxonomy, staff roster
  • Case data: intake notes, client details, medical records, claim documents (uploaded by firm)
  • Lien data: provider names, balances, negotiated reductions
  • Settlement data: offers, counters, final terms (anonymized in aggregate analytics)
  • Stripe billing metadata for firm subscription
  • Usage telemetry + cookies (see Cookie Policy)

Attorney-client privilege + work product

Customer remains the data controller for case-related materials. Casemoat is a processor acting solely on Customer instructions. We do not assert any privilege or work product over Customer data. If we receive a subpoena or legal process targeting Customer data, we will (where legally permitted) notify Customer before producing materials so Customer can assert privilege.

What we do NOT do

  • We do not sell case data.
  • We do not use Customer case files to train public AI models.
  • We do not share data across firms (multi-tenant isolation enforced at row level).
  • We do not run advertising trackers.

How we use it

To deliver Casemoat (intake routing, pipeline scoring, document automation, lien negotiation prompts, settlement memos), to bill the firm, to email users about their account, and to compute firm-level analytics. AI features use enterprise LLM API tiers configured for zero data retention where available.

Subprocessors

  • Supabase — DB + storage (US-West)
  • Vercel — hosting
  • Cloudflare — DNS + CDN + edge
  • Stripe — payments
  • Anthropic / OpenAI — LLM inference (zero-retention API tiers)
  • Resend — transactional email

Retention

Case data: retained for the term of Customer's subscription + the longer of (a) 90 days after Customer termination or (b) the firm's statutory retention period (typically 5–7 years post-matter close in TX). Customer can request earlier deletion. Billing records: 7 years (tax).

HIPAA + PHI

Casemoat may process Protected Health Information when firms upload medical records as part of case files. Patten Labs will sign a Business Associate Agreement (BAA) with covered entities or firms in possession of PHI on request. Without a signed BAA, do not upload PHI; the platform will accept the file technically, but you should not.

Your rights (CCPA + GDPR + Texas)

Right to know, access, correct, delete, port, object, restrict. Most case-data DSRs from claimants/third parties will be routed to the firm (the controller); we will assist firms in fulfilling them. DSR contact: legal@pattenlabs.com.

Security

TLS 1.3, AES-256 at rest, Row-Level Security per firm, audit log of all reads + writes. Breach notification within 72 hours per GDPR + state law.

Changes

Date above reflects the current version. Material changes get a 14-day email notice.

Contact

legal@pattenlabs.com · Patten Labs LLC, Dallas, TX