CasePlus AI

Subprocessors

Last updated: 2026-05-12

CasePlus AI engages the third-party service providers below ("subprocessors") to deliver its product. Each subprocessor processes customer or visitor data only on instructions from CasePlus AI and is bound by a Data Processing Agreement (DPA) where applicable.

We may add, remove, or replace subprocessors as our infrastructure evolves. Material changes will be reflected on this page; customers under enterprise agreements will receive advance notice of new subprocessors per their contract terms.

Active subprocessors

ProviderRoleRegionCertificationsLegal
Vercel Inc.
Application logs, build artifacts, request metadata, encrypted document files (PDFs, images uploaded by visitors during intake)
Application hosting + private blob storage for uploaded documentsUnited States (multi-region)SOC 2 Type II, ISO 27001, PCI DSS, HIPAA-eligiblePrivacyDPA
Neon Inc.
All structured customer + visitor data including firm configuration, user accounts, intake conversations, lead records (visitor PII fields encrypted at the application layer with AES-256-GCM)
Managed Postgres database (primary data store)United States (us-east-2)SOC 2 Type II, ISO 27001, GDPR, CCPA. HIPAA BAA available on enterprise tier.PrivacyDPA
Clerk Inc.
Authorized firm-user identifiers, email addresses, password hashes, login session metadata, MFA factors. Visitor data is NOT shared with Clerk.
Authentication + user identity management for the dashboardUnited StatesSOC 2 Type II, GDPR, CCPAPrivacyDPA
Stripe Inc.
Firm billing contact email, subscription plan + add-on selections, invoice history, payment method tokens. CasePlus does not store credit card numbers.
Payment processing for firm subscriptions + add-onsUnited States (Stripe processes globally; CasePlus accounts in US region)PCI DSS Level 1, SOC 1, SOC 2 Type II, ISO 27001PrivacyDPA
Anthropic, PBC
Intake conversation contents, document contents (text + images) submitted for analysis, system prompts. Per Anthropic policy, API inputs/outputs are NOT used to train models.
Large language model (Claude Haiku 4.5 + Sonnet 4.6) for intake conversations, qualification, summaries, document analysisUnited StatesSOC 2 Type II, ISO 27001, GDPR-alignedPrivacyDPA
OpenAI Inc.
Same as Anthropic, only during failover events. Per OpenAI API policy, API inputs are not used for training.
Fallback LLM (GPT-4o-mini / GPT-4o) used only when Anthropic API is unavailableUnited StatesSOC 2 Type II, ISO 27001, GDPR-alignedPrivacyDPA
ElevenLabs Inc.
Phone-call audio (visitor voice), AI-generated voice output, call transcripts
Text-to-speech voice synthesis for the AI Phone Intake add-on; conversational AI agent backend for inbound callsUnited StatesSOC 2 Type II, GDPR-alignedPrivacyDPA
Twilio Inc.
Phone numbers (visitor + firm), SMS message contents, call routing metadata
Inbound + outbound SMS messaging; phone number provisioning for AI Phone IntakeUnited StatesSOC 2 Type II, ISO 27001, HIPAA-eligible (separate BAA)PrivacyDPA
Resend Inc.
Recipient email addresses, email content (which may include lead summaries / case details), delivery + open metadata
Transactional email delivery (lead notifications, follow-ups, demand-letter delivery, account emails)United StatesSOC 2 Type IIPrivacyDPA
Inngest Inc.
Event payloads passed between jobs (lead IDs, session IDs, scoring results — typically references rather than full PII)
Background job orchestration (qualification pipeline, follow-up sequences, scheduled reports)United StatesSOC 2 Type IIPrivacyDPA

What CasePlus does NOT share

Customer-enabled integrations

When a firm chooses to enable an integration (e.g. Clio, generic webhook, Slack), qualified-lead data flows to the receiving system at the firm's direction. Those receivers are not CasePlus subprocessors — they are controllers of the data the firm chooses to send them. See Terms of Service §11A and the Privacy Policy for details.

Questions or DPA requests

For Data Processing Agreement requests, security questionnaires, or any subprocessor-related questions, email support@caseplus.ai.