Privacy Policy

Effective from: 2026-05-01

Version 1.0 — Effective from 2026-05-01
History

1. Introduction

DirectCase s.r.o. is committed to protecting privacy and securing users' personal data. This Privacy Policy explains how we collect, use, share, and protect data when using our DirectCase application available at directcase.ai ("Service"), enabling search and analysis of legal sources using AI technologies. By accessing and using the Service, users consent to this Policy.

2. Processing of personal data and legal basis

We may collect and process the following types of data:

Personal data:

  • Identification data: name, email address, contact information.
  • Usage data: information on how the user uses the Service.

Non-personal data:

  • Technical data: IP address, browser type, device/OS information.
  • Analytical data: usage statistics, performance metrics, aggregated data.

Legal bases for processing:

  • Performance of contract — processing is necessary to provide the Service.
  • Legitimate interest — system security, abuse prevention, performance monitoring, UX improvement.
  • Consent — marketing communications and personalised content are carried out only on the basis of free and informed consent, which may be withdrawn at any time.

2a. Cookies

The Service uses the following cookie types:

  • Essential cookies — enable the basic functioning of the Service. Cannot be turned off.
  • Analytical cookies — used to improve the Service based on aggregated data. Active only with prior consent.
  • Marketing cookies — enable relevant advertising. Active only with prior consent.

Consent can be withdrawn at any time via cookie settings on the site or in the browser.

3. Use of data

  • Providing and managing the Service — functionality, security, performance.
  • Improving the Service — analysing aggregated and anonymised data.
  • Communication — answering queries, providing change information, technical support; marketing only with consent.
  • Data sharing — with third-party service providers to ensure functionality; only anonymised or aggregated data, unless otherwise stated in Appendix A — DPA.
  • Legal obligations — complying with statutory duties and enforcing the Terms.

4. User queries and content

Queries on case law and other legal documents entered by the user are not further processed for any purpose other than retrieving and displaying the relevant information within the Service.

5. Scope of this policy — DirectCase's role

This policy applies exclusively to processing in which DirectCase acts as Controller — i.e., user account data.

Content entered into the Service (queries, case descriptions, client data) is processed by DirectCase as Processor on the user's instructions. This processing is governed by Appendix A — DPA.

6. Data sharing and international transfers

Third-party providers: Personal data from user account data (Cat. 1) is shared only with payment and operational service providers. Content entered into the Service (Cat. 2) is shared by DirectCase as Processor with sub-processors per Appendix A — DPA.

Legal requirements: Data may be disclosed if required by law, regulation, court order, or to protect rights and safety.

Business transactions: In the event of a merger, acquisition, or sale of assets, data may be transferred as part of the transaction.

International transfers:

  • OpenAI, Inc. — USA
  • Anthropic PBC — USA
  • Google LLC — USA
  • Amazon Web Services, Inc. — USA
  • RunPod, Inc. — USA

Hetzner Online GmbH — Germany (EU). DirectCase's servers are located in Germany (EU).

Transfers are made solely in accordance with GDPR, based on the European Commission's adequacy decision (EU-US Data Privacy Framework) and Standard Contractual Clauses (SCC). Users have the right to obtain a copy of the SCC upon request.

7. Marketing use of data

Where the user has given consent, we may send commercial communications. Unsubscribe is possible at any time following the instructions in the communication or by contacting info@directcase.ai.

8. Data storage and security

Storage: Data is stored on secure servers located in Germany with industry-standard security.

Security: Measures pursuant to Art. 32 GDPR:

  • encryption of data at rest and in transit,
  • role-based access control (RBAC),
  • regular security testing.

Retention:

  • Account data: for the duration of the contract and 3 years thereafter.
  • Accounting documents: 10 years (statutory obligation).
  • Content entered into the Service: see Appendix A — DPA (automatic deletion after 90 days).

Breach notification: DirectCase notifies affected users without undue delay pursuant to Art. 33(2) GDPR.

DPIA: On request we provide information and cooperation under Art. 35 GDPR.

Data Protection Officer (DPO): Given the nature of processing, no DPO has been appointed under Art. 37 GDPR. Contact: info@directcase.ai.

9. User rights

  • Access — to personal data held about them.
  • Rectification — of inaccurate or incomplete data.
  • Erasure — under certain conditions.
  • Restriction — of processing.
  • Portability — to another provider.
  • Objection — to processing, including marketing.

Right to lodge a complaint: with the competent supervisory authority.

Automated decision-making: DirectCase does not perform automated decision-making with legal or similarly significant effects under Art. 22 GDPR. AI outputs are for information only.

10. Children's data protection

The Service is intended only for users over 18. We do not knowingly collect data from younger persons. If we become aware of such data, we will delete it promptly.

11. Third-party links and services

The Service may contain links to third-party websites or services not controlled by DirectCase. DirectCase is not responsible for their privacy policies or content.

12. Changes to the policy

We may update this Policy from time to time. We will notify users by publishing a new version on this page. Material changes will be communicated to users by email at least 14 days before they take effect.

13. Third-party provider policies

By using the Service users also consent to the terms and policies of the following AI providers:

14. Contact

DirectCase s.r.o.
Zenklova 2530/23, 180 00 Praha
VAT ID: CZ24337269 | Company ID: 24337269
Email: info@directcase.ai