CaseRunway is bankruptcy intake management software that helps law firms track every prospect from consultation to filing. It includes a case dashboard, client self-service portal, document tracking, and automated follow-up alerts.

What problem does CaseRunway solve?

60-80% of bankruptcy consultations never convert to retained clients because prospects disappear during document collection. CaseRunway solves this with automated stale case alerts, a client self-service portal for document uploads, and streamlined follow-up workflows.

Does CaseRunway work for Chapter 7 and Chapter 13?

Yes, CaseRunway supports both Chapter 7 and Chapter 13 bankruptcy cases with customized document checklists for each chapter type.

Do clients need to create an account to use CaseRunway?

No, clients access their portal via a secure link - no login or account creation required. They can upload documents and message their attorney directly.

Privacy Policy | CaseRunway

This Privacy Policy explains how CaseRunway (“we”, “our”, “us”) collects, uses, retains, and protects information when you use the CaseRunway service at caserunway.com (the “Service”). It covers both information from your firm’s users and information your firm enters about its clients.

1. Information we collect

1.1 Account information

When a firm creates an account we collect the firm name, the registering user’s name and email address, and a password (which is stored hashed by our authentication provider, never in cleartext on our side).

1.2 Case content

Your firm enters case information into the Service. For bankruptcy intake this typically includes debtor name, date of birth, Social Security Number (SSN), home address, contact details, employer and income information, marital status and dependents, and uploaded documents such as tax returns, pay stubs, bank statements, and other financial records. Case content belongs to your firm; we process it on your behalf.

1.3 Billing data

Subscription billing is handled by Stripe. We do not see or store full payment card numbers. We retain your Stripe customer ID, subscription status, plan, and the email address used at checkout.

1.4 Operational logs

We log who logged in and when, who created or modified case data, who downloaded exports, and other audit events. Logs include IP addresses and user-agent strings. Logs do not contain SSNs or document contents.

2. How we use information

To run the Service for your firm and its clients.
To send transactional email (signup confirmation, password reset, team invitations, document upload notifications, stale case digests).
To bill your firm and recover unpaid amounts.
To answer support requests.
To detect and prevent abuse, fraud, and unauthorized access.
To comply with legal obligations, including responses to lawful subpoenas and court orders.

We do not sell personal information. We do not use case content to train artificial intelligence models. We do not share case content with third parties except as listed in Section 4 (sub-processors) or as required by law.

3. Encryption and security

SSNs are encrypted at the application layer with a per-deployment key before being written to the database. Uploaded documents are stored in encrypted object storage and accessed via short-lived signed URLs. Database storage and network traffic are encrypted in transit (TLS) and at rest. Multi-tenant access is enforced both in the application layer and at the database layer (PostgreSQL row-level security) scoped to your firm. Production credentials are not embedded in client-side code.

4. Sub-processors

We rely on the following third parties to deliver the Service. Each processes information only on our instructions and only for the purpose listed.

Sub-processor	Purpose	Data they may process
Supabase	Database, authentication, file storage	All account data, case content, uploaded documents
Stripe	Subscription billing	Firm name, billing email, payment method, subscription state
Resend	Transactional email delivery	Recipient email, name, subject and body of system emails
Render	Application hosting	Operates the servers that run our backend; processes everything in transit
Vercel	Frontend hosting	Serves the web application; processes requests in transit
Microsoft (Graph API)	Calendar sync (only if your firm connects it)	Case dates, attendee names
Google (Calendar API)	Calendar sync (only if your firm connects it)	Case dates, attendee names
Clio	Matter sync (only if your firm connects it)	Matter metadata, contact name, case status

5. Data retention

Cases: retained for the life of your subscription. When a case is deleted, it is soft-deleted for 30 days (recoverable by support request) and then permanently purged. Firms that need a longer retention window for state ethics rules can keep cases active until they choose to delete.
Leads: retained for the life of your subscription. Soft-deleted leads are purged after 30 days.
Documents: tied to the case; deleted with the case.
Audit logs: retained indefinitely while your subscription is active and for at least 90 days after termination for compliance and dispute response.
Account closure: when a firm cancels and confirms deletion, we delete firm, user, case, lead, document, and message records within 30 days. Audit logs are retained as above.
Backups: daily backups are retained for up to 30 days.
Legal hold: if we receive a subpoena, court order, or written legal hold notice covering a particular case or firm, we will suspend deletion for the affected records until the hold is released.

6. Your rights

You may request to access, correct, export, or delete personal information by emailing support@caserunway.com from the email address associated with your account. We respond within 30 days. California residents have additional rights under the California Consumer Privacy Act and California Privacy Rights Act, including the right to opt out of the sale or sharing of personal information; we do not sell or share personal information for cross-context behavioral advertising.

7. Breach notification

If we discover a security incident that compromises personal information, we will notify affected firms without undue delay and in any event within 72 hours of confirmation, and will support firms in meeting their own state breach-notification obligations.

8. International users

CaseRunway is operated from the United States and intended for use by US-licensed legal professionals. We do not target the European Union or United Kingdom and do not process personal data under GDPR/UK GDPR.

9. Children

The Service is not directed to children under 13. We do not knowingly collect personal information from children.

10. Changes to this policy

We may update this Privacy Policy. The version date at the top of the page reflects the most recent material change. If a change materially reduces your rights we will notify firm administrators by email before it takes effect.

11. Contact

Privacy questions: support@caserunway.com.