Privacy

The short version

CaseVault is zero-knowledge at rest. Your documents are encrypted in your browser with a passphrase only you know. We can't decrypt them. Neither can your insurer. Neither can anyone with a warrant served on us.

This is a technical guarantee, not a promise. If we ever change it, we'll tell you before it ships and you'll be able to export everything first.

What the server can see

To make the app work, our server holds some information about you in plain text:

• Your email address (for sign-in only — never marketing, never shared).
• The dates you signed in and from which IP address (90 days, then deleted).
• Per document: the file size, the date you uploaded it, how many pages it has, and a short label (e.g. "medical report", "insurer letter") that you can change or remove.
• Audit-log rows describing actions you took (e.g. "user opened document X at 10:42"), with sensitive fields redacted before write.
• Your date of birth (we are legally required to confirm you are 18+).

What the server cannot see

• The contents of any document you upload.
• Your passphrase. Your recovery phrase. Your master key.
• The OCR text extracted from your documents, or its search index.
• The contents of any timeline event you log, including which lens it relates to.
• The watermark or context note on anything you share.
• Anything in the body of a share link. The recipient decrypts it locally with the key you put in the link fragment, which never reaches us.

The boundary between "can see" and "cannot see" is enforced by the encryption keys living only in your browser's memory. There is one transient window (about 60–90 seconds) during upload where our worker has the file and its key in memory to virus-scan and encrypt it. Nothing unencrypted is persisted to disk during that window, and the memory is zeroed when the worker is done.

Where your data lives

Files, backups, and logs are stored in Sydney (DigitalOcean's syd1 region). They never leave Australia. This is for legal reasons under the Privacy Act 1988 and for trust reasons — we don't want your case file sitting on a server reachable by a US subpoena.

Email

Sign-in emails are sent via Resend. The body of every email is a one-time sign-in link and nothing else — we never email your share links, so the decryption key in a share link never passes through us or our email provider. We don't have a newsletter, we don't have promotional emails, we don't have re-engagement campaigns.

Your rights

• Export everything: any time, in standard formats (PDF + CSV + JSON). You don't need to ask permission or wait.
• Delete everything: any time. We zero your wrapped-key column server-side, which makes every document undecryptable even if a backup is restored later.
• Find out what we hold on you: you can already see it in the app, but if you want a structured report, ask us at privacy@casevault.au.
• Complain to the OAIC if we get any of this wrong. We won't be offended.

Status of this page

This is the pre-beta v0.1 description of how the system actually works today. A formal privacy policy reviewed by a privacy lawyer is required before public beta and is on the pre-launch checklist. The technical guarantees described above will not weaken in the formal policy — they may only become more explicit.