How we collect, use and protect personal data, and the rights you have under UK data-protection law.
Last updated: 15 July 2026
Legal Case Manager (“we”, “us”, “our”) provides a client-onboarding and matter-intake platform to UK law firms. This policy explains how we handle personal data when you visit our website, request a demo, or when a firm uses our platform. We are committed to processing personal data in accordance with the UK GDPR and the Data Protection Act 2018.
For the personal data that law firms enter into the platform about their own clients and matters, the firm is the data controller and we act as its data processor. For website visitors and prospective customers, we are the controller.
Website & enquiries: your name, work email, phone number, firm name and any message you send when you request a demo, start a trial or subscribe to updates.
Platform usage: account details for firm staff (name, email, role), authentication data, and technical logs such as IP address, device and access timestamps used for security and audit.
Client data entered by firms: identity documents, contact details, matter information and uploaded files. This data is controlled by the firm, not by us.
To provide, secure and improve the platform; to respond to enquiries and arrange demos; to administer subscriptions and billing; to meet our legal, accounting and regulatory obligations; and to detect and prevent fraud or misuse.
We rely on the following lawful bases: performance of a contract, our legitimate interests in operating and securing the service, your consent (for example, marketing emails), and compliance with legal obligations.
All data is hosted in the United Kingdom (AWS eu-west-2, London). We encrypt data in transit (TLS) and at rest (AES-256), enforce role-based, need-to-know access, and maintain an immutable audit trail of access and changes.
We retain personal data only for as long as necessary for the purposes described here or as required by law, and we support configurable retention and erasure for firm-controlled data.
We do not sell personal data. We share it only with vetted sub-processors that help us run the service (for example, cloud hosting, email delivery, payment processing and electronic identity verification), each under a written data-processing agreement.
We may disclose data where required by law, regulation or valid legal process.
Under UK data-protection law you have the right to access, rectify, erase, restrict or object to the processing of your personal data, and the right to data portability. Where a firm controls the data, we will refer your request to that firm.
To exercise your rights, email [email protected]. You also have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk.
Our website uses a limited set of cookies. See our Cookie Policy for details on what we use and how to manage your preferences.
For any privacy question or to reach our data-protection contact, email [email protected] or write to us at London, EC2, United Kingdom.
This page is provided for general information about how Legal Case Manager operates and does not constitute legal advice. For questions, contact [email protected].