Send to Case Send to Case Add to Chrome

Privacy Policy

Last updated: January 2026

Send to Case ("we", "our", "us") operates the Send to Case Chrome extension and the sendtocase.com website. We are committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights.

Summary

  • Your files go directly to Clio - we never see, store, or process your documents
  • Privacy-first error reporting - we collect anonymized crash reports to fix bugs (no file names or personal data)
  • Authentication only - we only handle OAuth tokens to connect you to Clio
  • Data stored locally - all data is stored on your device, not our servers

Data We Collect

Clio OAuth Tokens

When you connect the extension to Clio, we receive OAuth access and refresh tokens. These are stored locally on your device in Chrome's secure storage (chrome.storage.local). We use these tokens only to authenticate your requests to Clio's API.

Recent Matters Cache

For convenience, we cache a list of your recently accessed matters locally on your device. This allows faster matter selection when uploading files. This data never leaves your device.

File Data (Temporary)

When you select a file to upload, the file data is temporarily held in your browser's memory until the upload to Clio completes. Files are uploaded directly to Clio's secure storage (Amazon S3) and are never transmitted to or stored on our servers.

Error Reports (Anonymized)

To improve reliability, we collect anonymized error reports when something goes wrong. These reports include:

  • Error messages and stack traces (technical debugging info)
  • Extension version and browser type
  • General file size category (e.g., "small", "medium", "large") - not exact sizes
  • Anonymized file type (e.g., "application/pdf")

We do NOT collect: file names, file contents, matter names, client names, or any personally identifiable information. File names are cryptographically hashed before any error data is sent, making them unreadable.

Usage Counts

We track the number of files you upload per month to enforce plan limits (e.g., free tier limits). We only store a count - not what files you uploaded or to which matters.

Data We Do NOT Collect

  • Your file contents - Files upload directly from your browser to Clio
  • Your file names - File names are hashed (scrambled) before error reporting
  • Your Clio password - We use OAuth, so we never see your password
  • Matter or client names - We only store matter IDs, never names
  • Browsing history - We don't monitor your web activity

Third Parties

The following third parties may receive data when you use Send to Case:

Cloudflare, Inc.

Our OAuth proxy (api.sendtocase.com) is hosted on Cloudflare Workers. When you authenticate with Clio, OAuth tokens pass through this proxy for secure token exchange. File contents never pass through this service.

Themis Solutions Inc. (Clio)

When you upload files, they go directly to Clio via their official API. Clio's privacy policy governs how they handle your data: clio.com/privacy-policy

Amazon Web Services (AWS)

Files are uploaded to Clio's secure storage on Amazon S3. This is Clio's infrastructure, not ours. The files are stored according to Clio's data protection policies.

Functional Software, Inc. (Sentry)

We use Sentry for error monitoring and crash reporting. When an error occurs, anonymized technical data is sent to Sentry to help us diagnose and fix issues. No personal data, file names, or file contents are included. See Sentry's privacy policy: sentry.io/privacy

Stripe, Inc.

We use Stripe to process payments for premium subscriptions. Payment information is handled directly by Stripe and never touches our servers. See Stripe's privacy policy: stripe.com/privacy

Tidio Ltd. (Live Chat)

We use Tidio to provide live chat support on our website. When you use the chat widget, Tidio may collect your IP address, browser information, device details, and chat messages. This data is used to provide customer support and improve our service. See Tidio's privacy policy: tidio.com/privacy-policy

Google LLC (Analytics)

We use Google Analytics to understand how visitors use our website. Google Analytics collects information such as how often you visit, what pages you view, and what other sites you visited before coming to our site. We use this information to improve our website and services. Google Analytics uses cookies and collects your IP address, but we do not combine this with other data we hold. See Google's privacy policy: policies.google.com/privacy

CookieYes Limited (Consent Management)

We use CookieYes to manage cookie consent on our website. CookieYes displays the cookie consent banner and records your preferences. This service may set its own cookie to remember your consent choices. See CookieYes' privacy policy: cookieyes.com/privacy-policy

How Authentication Works

Send to Case uses Clio's official OAuth 2.0 authentication flow:

  1. When you click "Connect to Clio", you're redirected to Clio's login page
  2. You enter your credentials directly on Clio's website - we never see them
  3. Clio provides an authorization code
  4. Our secure proxy exchanges this code for access tokens
  5. Tokens are stored locally on your device
  6. When tokens expire, they're automatically refreshed via our secure proxy

We never see, store, or have access to your Clio username or password.

Data Storage and Retention

All data is stored locally on your device using Chrome's chrome.storage.local API. This data includes:

  • OAuth tokens (until you disconnect or they expire)
  • Recent matters list (for convenience)
  • Extension settings and preferences

When you disconnect from Clio or remove the extension, all local data is deleted.

Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR):

  • Right to Access - You can request information about data we process
  • Right to Rectification - You can request correction of inaccurate data
  • Right to Erasure - You can request deletion of your data
  • Right to Restrict Processing - You can request limitation of processing
  • Right to Data Portability - You can request your data in a portable format
  • Right to Object - You can object to processing of your data

To exercise these rights, contact us at support@sendtocase.com.

California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

  • Right to Know - What personal information we collect and how we use it
  • Right to Delete - Request deletion of your personal information
  • Right to Opt-Out - Opt out of the sale of personal information
  • Right to Non-Discrimination - We won't discriminate against you for exercising your rights

We do NOT sell your personal information.

To exercise these rights, contact us at support@sendtocase.com.

Chrome Web Store Compliance

The use of information received from Google APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements.

Children's Privacy

Send to Case is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the extension after changes constitutes acceptance of the updated policy.

Contact Us

If you have any questions about this privacy policy or our data practices, please contact us at:

support@sendtocase.com