Role and scope: CasesMatter acts as the controller for
account-registration, authentication, session-security, and account-recovery data handled
by the Authentication Service. Your device may use a fingerprint, face scan, PIN, or
similar local authenticator to unlock a passkey, but CasesMatter does not receive or store
biometric identifiers or biometric templates from your device.
1. Scope of This Policy
This Privacy Policy explains how CasesMatter, LLC (“CasesMatter,”
“we,” “us,” or “our”) collects, uses, discloses,
and protects personal information in connection with the CasesMatter Authentication
Service. The Authentication Service handles account registration, sign-in, passkey
management, session security, and account recovery for the CasesMatter platform. This
Policy applies to personal information CasesMatter controls directly through the
Authentication Service. Other CasesMatter services may have their own privacy policies
with additional service-specific details.
2. Personal Information We Collect
We currently, and in the preceding 12 months, have collected or processed the following
categories:
Registration and account information:
- Your name.
- Your email address.
- Records showing whether your email address has been verified.
- Administrative records relating to account status, account disablement, or account-recovery activity.
Passkey and authenticator information:
- The public-key portion of each registered WebAuthn or FIDO2 credential.
- Credential identifiers and related technical metadata needed to validate authentication requests.
- Security counters or similar anti-cloning values.
- Authenticator metadata such as transport methods, backup status, and whether a credential is device-bound or synced.
- Passkey labels or nicknames that you assign for account-management purposes.
- Timestamps showing when a passkey was created, updated, or last used.
Session, device, and security information:
- IP address and user-agent information associated with authentication requests and active sessions.
- Session identifiers, session-creation times, last-activity times, expiration information, and session-revocation records.
- Security logs, rate-limit events, and records of suspicious or unauthorized access attempts.
Communications and support information:
- Records relating to transactional emails we send for verification, recovery, or important service and security notices.
- Information you provide if you contact support about an authentication issue.
3. Sources of Personal Information
We collect personal information:
- Directly from you when you register, add or manage a passkey, recover an account, or contact support;
- Automatically from your browser, device, or network when you use the Authentication Service;
- From security and operational systems that help us prevent fraud, troubleshoot issues, and maintain the service.
4. How We Use Personal Information
We use personal information for:
- Creating and administering authentication accounts;
- Verifying identity and authenticating sign-in attempts;
- Managing passkeys and active sessions;
- Sending transactional emails such as verification, recovery, and security notices;
- Detecting, investigating, preventing, and remediating fraud, abuse, unauthorized access, and other security incidents;
- Maintaining, monitoring, supporting, and improving the Authentication Service;
- Complying with legal obligations, resolving disputes, and enforcing our agreements.
5. How We Disclose Personal Information
We do not sell personal information. We do not share personal information for
cross-context behavioral advertising or targeted advertising. We may disclose personal
information to:
- Cloud hosting, communications, error-monitoring, and other service providers that process information on our behalf, such as Microsoft Azure, Azure Communication Services, Stripe where relevant to payment-linked identity workflows, and Bugsnag or similar error-monitoring providers;
- Affiliated service providers and contractors that support security, customer support, auditing, and professional services;
- Advisors, auditors, insurers, financing sources, or potential acquirers in connection with corporate transactions, subject to appropriate confidentiality measures;
- Law enforcement, regulators, courts, or other third parties when required by law or reasonably necessary to protect rights, safety, property, or the security and integrity of the service.
6. Cookies and Similar Technologies
The Authentication Service uses an essential authentication cookie to maintain secure
sessions. We may also use limited device-side storage for service-state and
authentication-flow integrity where technically required. CasesMatter does not use
advertising cookies, social-media pixels, or cross-site tracking technologies in the
Authentication Service.
7. Security
We maintain administrative, technical, and physical safeguards designed to protect
personal information, including encrypted connections, access controls, logging and
monitoring, secret-management practices, rate limiting, and secure session controls. No
security measure is perfect, and no method of transmission or storage is guaranteed to be
completely secure. You are responsible for protecting the devices and local authenticators
used to unlock your passkeys and for maintaining control of the email account associated
with your CasesMatter account.
8. Retention
We retain personal information for as long as reasonably necessary for the purposes
described in this Policy. In practice:
- Account and passkey records are retained while an account is active and for a reasonable period afterward for security, audit, fraud-prevention, and legal-compliance purposes;
- Session records and security logs are retained for shorter periods based on operational, security, and investigative needs;
- Backup and disaster-recovery copies may remain for a limited additional period before being overwritten or deleted in the ordinary course.
9. U.S. State Privacy Rights
Depending on where you live and subject to applicable exemptions, you may have the right
to:
- Confirm whether we process your personal information and access it;
- Correct inaccurate personal information;
- Delete personal information;
- Obtain a portable copy of certain personal information;
- Opt out of the sale of personal information, targeted advertising, or certain profiling (CasesMatter does not sell personal information and does not use personal information for targeted advertising in this service);
- Appeal a denial of your privacy-rights request where required by applicable law.
To submit a request, email
support@casesmatter.com. We may need to
verify your identity before acting on a request. If we deny a request and an appeal right
applies, you may appeal by replying to the denial or emailing
support@casesmatter.com with the subject
line “Privacy Appeal.”
10. Children’s Privacy
The Authentication Service is not directed to children under 13. CasesMatter does not
knowingly collect personal information online from children under 13 through the
Authentication Service. If you believe a child has provided personal information to us
through this service without appropriate authorization, contact us so we can investigate
and take appropriate action.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we
will post the updated version with a revised “Last updated” date and may
provide additional notice as required by law.
12. Contact Us
CasesMatter, LLC, 4301 Main St., Parsons, Kansas 67357,
support@casesmatter.com