Send to Case Send to Case Add to Chrome

Privacy Policy

Last updated: December 2024

Send to Case ("we", "our", "us") operates the Send to Case Chrome extension and the sendtocase.com website. We are committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights.

Summary

  • Your files go directly to Clio - we never see, store, or process your documents
  • No tracking or analytics - we don't monitor your usage
  • Authentication only - we only handle OAuth tokens to connect you to Clio
  • Data stored locally - all data is stored on your device, not our servers

Data We Collect

Clio OAuth Tokens

When you connect the extension to Clio, we receive OAuth access and refresh tokens. These are stored locally on your device in Chrome's secure storage (chrome.storage.local). We use these tokens only to authenticate your requests to Clio's API.

Recent Matters Cache

For convenience, we cache a list of your recently accessed matters locally on your device. This allows faster matter selection when uploading files. This data never leaves your device.

File Data (Temporary)

When you select a file to upload, the file data is temporarily held in your browser's memory until the upload to Clio completes. Files are uploaded directly to Clio's secure storage (Amazon S3) and are never transmitted to or stored on our servers.

Data We Do NOT Collect

  • Your file contents - Files upload directly from your browser to Clio
  • Your Clio password - We use OAuth, so we never see your password
  • Usage analytics - We don't track how you use the extension
  • Browsing history - We don't monitor your web activity
  • Personal information - We don't collect your name, email, or other personal data

Third Parties

The following third parties may receive data when you use Send to Case:

Cloudflare, Inc.

Our OAuth proxy (api.sendtocase.com) is hosted on Cloudflare Workers. When you authenticate with Clio, OAuth tokens pass through this proxy for secure token exchange. File contents never pass through this service.

Themis Solutions Inc. (Clio)

When you upload files, they go directly to Clio via their official API. Clio's privacy policy governs how they handle your data: clio.com/privacy-policy

Amazon Web Services (AWS)

Files are uploaded to Clio's secure storage on Amazon S3. This is Clio's infrastructure, not ours. The files are stored according to Clio's data protection policies.

How Authentication Works

Send to Case uses Clio's official OAuth 2.0 authentication flow:

  1. When you click "Connect to Clio", you're redirected to Clio's login page
  2. You enter your credentials directly on Clio's website - we never see them
  3. Clio provides an authorization code
  4. Our secure proxy exchanges this code for access tokens
  5. Tokens are stored locally on your device
  6. When tokens expire, they're automatically refreshed via our secure proxy

We never see, store, or have access to your Clio username or password.

Data Storage and Retention

All data is stored locally on your device using Chrome's chrome.storage.local API. This data includes:

  • OAuth tokens (until you disconnect or they expire)
  • Recent matters list (for convenience)
  • Extension settings and preferences

When you disconnect from Clio or remove the extension, all local data is deleted.

Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR):

  • Right to Access - You can request information about data we process
  • Right to Rectification - You can request correction of inaccurate data
  • Right to Erasure - You can request deletion of your data
  • Right to Restrict Processing - You can request limitation of processing
  • Right to Data Portability - You can request your data in a portable format
  • Right to Object - You can object to processing of your data

To exercise these rights, contact us at support@sendtocase.com.

California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

  • Right to Know - What personal information we collect and how we use it
  • Right to Delete - Request deletion of your personal information
  • Right to Opt-Out - Opt out of the sale of personal information
  • Right to Non-Discrimination - We won't discriminate against you for exercising your rights

We do NOT sell your personal information.

To exercise these rights, contact us at support@sendtocase.com.

Chrome Web Store Compliance

The use of information received from Google APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements.

Children's Privacy

Send to Case is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the extension after changes constitutes acceptance of the updated policy.

Contact Us

If you have any questions about this privacy policy or our data practices, please contact us at:

support@sendtocase.com