Agency Data Ownership
Customer case records, clients, evidence, notes, reports, and billing details remain the agency customer's data. CaseCore stores and processes them only to provide the service.
Trust Center
Security built for investigation work.
CaseCore is designed for agencies that handle sensitive clients, case records, evidence, reports, billing, and field operations. SOC 2 certification is a formal audit milestone. CaseCore is designed around SOC 2-aligned controls, evidence collection, recovery workflows, tenant isolation, and owner-visible security operations while that audit readiness work continues.
Protection Standard
Built to protect agencies while audit readiness continues.
CaseCore's standard is to build the controls first: limit access, log important actions, preserve recovery options, prepare incident response, and keep sensitive agency records separated by workspace and role.
CaseCore is a software provider and does not claim ownership of customer case files. One agency's users cannot browse, use, or work another agency's client records through the platform.
Tenant Isolation
Agency workspaces are separated by organization-scoped access checks and database-backed row-level security patterns.
Role-Based Access
Owner, admin, case worker, and support roles are enforced server-side so sensitive areas stay limited to authorized users.
Billing Privacy
Contractors and case workers do not receive owner billing controls or agency margin visibility.
Evidence Protection
Evidence uploads include file metadata and hash records for stronger chain-of-custody documentation.
Recovery Holds
Evidence removal moves items into a recovery window instead of immediate destruction, with owner/admin restore controls.
Audit Events
Security, support, recovery, staff, and administrative actions are logged for owner/admin review and audit exports.
Incident Response
CaseCore includes workflows for opening, containing, resolving, and documenting security incident response drills.
Abuse Protection
Public and costly workflows use rate limits, security headers, and platform firewall protections to reduce abuse risk.
Audit Readiness
Controls are being built before the audit.
CaseCore’s goal is to have the operating controls, logs, drills, and documentation already in place before formal SOC 2 fieldwork, so customers are protected now and the audit becomes confirmation of an existing security program.
Security
Access controls, audit logs, incident response, security headers, account lockdown, and rate-limit protections are built into the product.
Availability
The app runs on managed cloud infrastructure with production deployment rollback and continuity practices. Vendor backup evidence is reviewed as part of audit preparation.
Confidentiality
Case data, billing controls, evidence, staff records, and client links are scoped by role, organization, and purpose.
Processing Integrity
Evidence metadata, timestamps, hash values, report activity, billing activity, and case events help agencies verify operational records.
Privacy
Privacy policy, terms acceptance, audit logs, deletion request routing, U.S./Canada scope, and sensitive-record handling are documented.
Data Recovery
CaseCore includes recovery holds, restore workflow, security event logging, and owner/admin recovery drills so data protection is operational, not just a policy statement.
Incident Response
Agencies can lock suspected compromised accounts, review audit history, preserve evidence, and document containment from the Security Center.
Responsible Scope
CaseCore is currently scoped for United States and Canada users unless country-specific legal, privacy, and data protection requirements are approved in writing.
Need a security answer for a customer?
Use the honest line.
CaseCore is being built and operated with SOC 2-aligned security controls: audit logging, recovery workflows, incident response records, access restrictions, billing privacy, and data protection practices designed to meet the expectations customers associate with professional software security.