At Casechek, we prioritize the security and privacy of our clients’ data across all of our platforms, including our website and our applications, such as CaseDoc and Tray Management. Our comprehensive security measures ensure that we maintain the highest standards of protection across all aspects of our operations.
Casechek is fully HIPAA compliant and received a third-party HIPAA attestation in 2024 with zero exceptions. We have continued to maintain this standard through 2025, reinforcing our commitment to the highest data protection and privacy standards across all Casechek products, including CaseDoc and Tray Management.
Further demonstrating this commitment, Casechek achieved SOC 2 Type II certification in February 2025 following a comprehensive audit initiated in Fall 2024. We have continued to uphold both our HIPAA compliance and SOC 2 standards with zero exceptions, ensuring the ongoing confidentiality, integrity, and availability of our clients’ sensitive information across all systems and applications.
– We adhere strictly to HIPAA regulations for data storage and handling.
– Data is encrypted with AES-256 at rest and TLS 1.2 and 1.3 in transit.
– Our infrastructure is built on HIPAA-eligible services, ensuring compliance at every level.
– We use audit logging to monitor all API calls and events, storing logs that are fully compliant with HIPAA standards.
– Client data is separated and restricted through robust backend permissions.
All Casechek personnel undergo annual training in the following:
– HIPAA compliance
– Cybersecurity awareness and best practices
– Incident Management procedures
– Regular updates and reminders are provided to keep security awareness at the forefront of our operations.
– We implement a robust Key Management System through AWS Key Management Service (KMS).
– Our applications are strengthened by multi-factor authentication, detailed logging and configuration monitoring.
– We adhere to the principle of least privilege, granting access only to the resources necessary for job functions.
– We perform regular penetration tests on all our applications, including the CaseDoc and Tray Management applications, and any new applications developed.
– Our testing methodology is based on the MITRE ATT&CK framework, ensuring comprehensive security assessments.
– We use static analysis testing to scan our code bases for security vulnerabilities and updates.
– Our hosting environment is monitored for vulnerabilities through state-of-the-art native security tools.
– Quarterly vulnerability scans and Dynamic Application Security Testing (DAST) scans are performed.
– All employee laptops are encrypted and managed through our Mobile Device Management (MDM) system.
– Endpoint protection software is installed on all employee computers, configured with dynamic updates to ensure the latest security measures.
– Our systems are protected by firewalls, VPC Security Groups, and Network Access Control Lists.
Our dedication to security is ongoing. We continuously monitor, update, and improve our security measures to stay ahead of emerging threats and ensure the safety of our clients’ sensitive information.
Casechek, Inc (the “Company”) is committed to maintaining robust privacy protections for its users. Our Privacy Policy (“Privacy Policy”) is designed to help you understand how we collect, use, and safeguard the information you provide to us and to assist you in making informed decisions when using our website and applications, including CaseDoc and Tray Management.
For purposes of this Agreement, “Site” refers to the Company’s website, which can be accessed at https://www.casechek.com.
“Service” refers to the Company’s services accessed via the Site and its applications, including CaseDoc and Tray Management, in which users can contact the Company, navigate to the Company’s SaaS platform, and learn about the Company’s offerings, services, and employment opportunities.
The terms “we,” “us,” and “our” refer to the Company.
“You” refers to you, as a user of our Site, applications, or our Service.
By accessing our Site, applications (including CaseDoc and Tray Management), or our Service, you accept our Privacy Policy, and you consent to our collection, storage, use, and disclosure of your Personal Information as described in this Privacy Policy.
We collect Non-Personal Information which we collect automatically and “Personal Information” which you provide directly. Non-Personal Information includes information that cannot be used to personally identify you, such as anonymous usage data, general demographic information, referring/exit pages and URLs, platform types, preferences you submit, and preferences generated based on your usage, including within CaseDoc and Tray Management applications.
Personal Information includes your name, email, job title, department, phone number, and facility which you submit to us through the “Request a Demo” or “Contact Us” forms on the Site, through our applications, or make publicly available via a Social Networking Service (e.g. LinkedIn, Facebook, or Twitter).
In an effort to improve the quality of the Service, including our CaseDoc and Tray Management applications, we may track information provided by your browser or application usage such as referring URLs, browser type, device, access time and date, and other non-identifying data.
We use cookies and similar technologies to collect Non-Personal Information and maintain user preferences across our Site and applications.
Information submitted through “Request a Demo” or “Contact Us” forms, or through interactions within our applications, may be collected, stored, and used in accordance with this Privacy Policy.
If you interact with the Company via social networks, we may collect associated profile information.
The Site and Services, including CaseDoc and Tray Management, are not directed to individuals under 13. We do not knowingly collect information from children under 13.
We do not sell or rent your Personal Information. We may share it with trusted vendors supporting our Site and applications (including CaseDoc and Tray Management), strictly under our direction and privacy standards.
We use Personal Information to:
– Communicate with users
– Provide support and services
– Improve our offerings and applications
– Send updates or relevant information
We may disclose information if required for legal compliance, enforcement, or protection of rights and safety.
We use Non-Personal Information to improve and optimize our Site and applications, including CaseDoc and Tray Management, and to analyze usage trends.
In the event of a merger or acquisition, Personal Information may be transferred as part of business assets.
We implement security measures, including encryption, firewalls, and secure infrastructure to protect your information across our Site and applications, including CaseDoc and Tray Management. However, no system can guarantee absolute security.
Casechek retains data for six years to comply with HIPAA regulations.
Casechek’s data deletion policy mandates that data is retained only as long as necessary for legitimate business, regulatory, or contractual purposes, after which it is securely disposed of, de-identified, or manually deleted within 180 days of a written client request following contract termination
You may opt out of marketing communications at any time via unsubscribe links or by contacting [email protected].
You may request updates or deletion of your personal information by contacting [email protected].
Our Service may include links to third-party websites or integrations. This Privacy Policy applies only to Casechek’s Site and applications (including CaseDoc and Tray Management).
We may update this Privacy Policy from time to time. Significant changes will be communicated via email or a notice on our Site or applications.
If you have any questions regarding this Privacy Policy, please contact:
[email protected]
Let us know how we can help and a Casechek representative will contact you shortly!
"*" indicates required fields