← Back

Privacy Policy

Effective Date: June 9, 2026

1. Information We Collect

1.1 Information You Provide

When you create an account, use your workspace, or submit a complaint, we may collect:

  • Your name and contact information (email address, phone number)
  • Files, documents, and images you upload to your workspace, and the events, cases, and personal records you create there
  • The structured information you enter when you create and submit a complaint, including the names and professional roles of individuals, the type of allegation, and a description
  • Identity verification information required to authenticate your submission
  • Information contained within the files you upload, which may include sensitive personal information about you, your family, children, and other individuals
  • Communications you send to us

1.2 Automatically Collected Information

When you visit the site, we automatically collect certain technical data: IP address and approximate geographic location; browser type and operating system; pages visited and time spent on the platform; and referring URLs and session identifiers.

1.3 Authentication Information

You may authenticate by creating an account on systemcomplaints.com or by signing in with your existing Google account using Google OAuth. Authentication credentials and OAuth tokens are handled securely and are not stored in plaintext. We use industry-standard authentication practices to protect access to your account.

2. How We Use Your Information

CaseFort is an independent, nongovernmental platform operated by Colorado Resilience. We use the information we collect differently depending on whether it is in your private workspace or in the registry.

To provide your private workspace. We store your uploaded files and entries; run optional automated text recognition and AI analysis when you choose to use those tools; and help you organize events and cases and draft narratives and allegations — all solely to provide the workspace tools to you. We do not routinely review your private workspace content and do not use workspace content for registry aggregation. Access to workspace content is limited to circumstances necessary to provide, secure, troubleshoot, maintain, or improve the platform; respond to your request; investigate misuse; comply with legal obligations; protect CaseFort, users, or others; or as otherwise described in this policy.

To operate the registry. When you create and submit a complaint, we aggregate and correlate the structured complaint fields you submit — such as the name and professional role of an individual, the type of allegation, and a brief description — to identify patterns of repeated concern across many complaints, and to build aggregated, de-identified data that may support research, public education, policy analysis, oversight requests, advocacy, and other lawful collective efforts, and inform reports for independent oversight organizations, researchers, and advocacy groups. CaseFort does not represent users, initiate legal claims on behalf of users, or include a user’s identifying information in any legal or advocacy effort without separate written consent, except as required by law. For purposes of this policy, “systemic accountability” means research, pattern identification, public education, policy analysis, oversight requests, and advocacy concerning systems or institutions. CaseFort does not use registry data to make individualized findings of misconduct against any named person. Aggregation and correlation operate only on the structured complaint data you submit — never on your uploaded files or other workspace content. When submitting structured complaint information, please provide only the information reasonably necessary to describe the complaint and identify the relevant professional, agency, institution, or system.

We also use information to authenticate your identity and secure your account; process payments for paid subscriptions; send transactional emails; improve the functionality and performance of the platform; comply with legal obligations; and detect and prevent fraud, abuse, or unauthorized access. CaseFort does not review, assess, or act on individual complaints, and submitting a complaint is not a substitute for filing with the appropriate governing body, agency, or court.

3. Purposes for Processing

CaseFort processes information for the purposes described in this policy, including providing your private workspace, operating the registry, securing your account, processing payments, responding to your requests, complying with legal obligations, and preventing fraud, abuse, and misuse. Where we rely on your consent — including your separate consent to process sensitive information — you may withdraw that consent at any time, though withdrawal does not affect processing already carried out.

4. Information Sharing and Disclosure

We will never sell your personal information. We will not share your personal identifying information publicly, except as required by law or as described in this policy. We may share information in the following limited circumstances:

4.1 Service Providers and Subprocessors

We rely on trusted third-party vendors, bound by contractual confidentiality and data-protection obligations, who may use your data only to perform services on our behalf: Amazon Web Services (cloud hosting, storage, and document text recognition); Anthropic (AI processing of content you choose to analyze); SendGrid (transactional email); Stripe (payment processing; card details are handled by Stripe and not stored by CaseFort); and Google (authentication when you sign in with Google).

4.2 Researchers and Oversight Bodies

Aggregate and de-identified data — from which no individual can reasonably be identified — may be shared with researchers, independent oversight organizations, and advocacy groups to advance systemic accountability. Before any such report or data set is released, a member of our team reviews it to prevent the re-identification of individuals from small or unusual data sets. No personally identifying information is included in such disclosures without your explicit written consent.

4.3 Legal Requirements

We may disclose information if required to do so by law, court order, subpoena, or governmental authority, or if we believe disclosure is necessary to protect the rights, property, or safety of CaseFort, our users, or others. As noted in our Terms, your information is kept confidential but is not anonymous and may be disclosed if legally compelled.

4.4 Colorado Resilience Staff

Colorado Resilience staff do not routinely review your private workspace files or your individual complaint submissions for the purpose of advising you or evaluating your individual case. Limited access may occur for platform operation and security, legal compliance, abuse prevention, user support at your request, review of registry data before a report is released, or other purposes described in this policy. We have designed CaseFort so that your documents are yours.

5. Automated Processing and Artificial Intelligence

CaseFort offers optional tools that use automated text recognition and artificial intelligence to help you organize and analyze the documents and information you provide. These features are optional and run only when you trigger them.

  • Document text recognition (OCR): Scanned or image-based files you upload may be sent to Amazon Web Services (AWS Textract) to create a machine-readable extraction file based on your document. This extraction may be incomplete or inaccurate and should not be treated as a certified, complete, or official record.
  • AI analysis and drafting: At your direction, extracted text, file contents, and information you provide may be sent to Anthropic to generate summaries, build timelines, identify dates, people, and claims, suggest tags, and help you draft narratives and allegations.

The information sent may include sensitive personal information contained in your files, including information about you, your children, your family, and other named individuals. We share only the data necessary to perform the task you request. We use these providers’ commercial offerings, which do not use your content to train their models by default. Where supported by vendor terms and account settings, CaseFort configures these services to prevent your content from being used for model training or service improvement. Vendor terms and configurations may change, and we will update this policy to describe material changes. Automated analysis and drafting may contain errors or omissions, may reflect the direction and perspective you provide rather than an independent assessment, and are provided to assist you. You direct, review, edit, and adopt all such output, and you should review it before relying on it. CaseFort does not use AI tools to make legal, professional, disciplinary, eligibility, safety, custody, employment, housing, financial, healthcare, educational, insurance, or government-service decisions about any user or named individual.

6. Third-Party Data — Named Individuals

Complaints you submit may include the names and professional roles of individuals in their capacity as court personnel, agency employees, or other professionals. This information is collected solely to identify patterns of concern across multiple complaints. All entries are allegations, not verified findings, including complaints already formally filed elsewhere. CaseFort does not publish the names of individuals complained about in any public forum, and does not release any report identifying an individual, without independent substantiation, legal review, and human review to prevent re-identification from aggregated data. If you believe information about you has been submitted in error or in bad faith, please contact us at hello@systemcomplaints.com. CaseFort may review such requests to determine whether correction, restriction, removal, preservation, or other action is appropriate. CaseFort will not disclose the identity of the complainant or the contents of a complaint to a named individual unless legally required, authorized by the complainant, or otherwise permitted by law.

7. Data Retention

Workspace data (uploaded files, AI-generated meta-files, and your journal, events, and cases)

  • While your account is active, we retain your workspace data so it is available whenever you need it.
  • You may delete any file, event, case, or your entire workspace at any time. When you do, we remove it from our active systems within a reasonable period and purge it from routine backups within our normal backup cycle.
  • If your paid subscription ends, you may export and download your workspace data during an export period of at least sixty (60) days, after which CaseFort deletes or de-identifies your workspace data from active systems according to its retention schedule, except where retention is required or permitted for backups, security, fraud prevention, legal compliance, dispute resolution, audit obligations, or other lawful operational purposes. CaseFort may offer an optional paid archive feature, but payment is never required to request access to, correction of, deletion of, or export of your data where those rights apply under applicable law.
  • Accounts with no paid subscription that remain inactive for twelve (12) months may be deleted after advance notice.

Registry data (the structured complaint fields you submit)

  • We retain registry submissions to support ongoing pattern identification. If you withdraw a registered complaint or close your account, we remove or separate direct identifiers from the structured complaint data and may retain de-identified or aggregated information using reasonable safeguards designed to reduce the risk of re-identification. Because some fact patterns are unique, CaseFort cannot guarantee that de-identified data can never be linked back to you, and may suppress or generalize small or unusual data sets to further reduce that risk.
  • Deleting or cancelling your workspace does not by itself withdraw complaints you have submitted to the registry. Registry withdrawal is a separate action; contact us to request it.

8. Security

We use reasonable technical and organizational safeguards designed to protect your personal information, including SSL/TLS encryption for data in transit (HTTPS enforced); encryption of stored data and uploaded files; secure authentication, including the option to sign in with Google OAuth; cloud infrastructure with access controls; and restricted access to personal data on a need-to-know basis. No method of transmission or storage is completely secure. While we take reasonable steps to protect your information, we cannot guarantee absolute security, and by submitting information you acknowledge this risk. If CaseFort determines that a security incident requires notice under applicable law, CaseFort will notify affected users and regulators as and when required by law.

9. Your Rights and Choices

You have the right to request a copy of the information we hold about you; delete files, events, cases, or your entire workspace at any time; request withdrawal of a registered complaint; request correction of inaccurate or incomplete information; withdraw your consent to processing at any time; and object to or request restriction of certain types of processing, subject to legal limitations. To exercise any of these rights, contact us at hello@systemcomplaints.com.

10. Cookies and Tracking

CaseFort may use session cookies and similar technologies to maintain your login session and improve your experience. We do not use third-party advertising cookies. You may configure your browser to refuse cookies, though this may affect platform functionality.

11. Children’s Privacy

CaseFort is for adults only. Only adults may create an account or submit information, and we do not knowingly collect personal information directly from minors as users. You may include information about children in your workspace and in the complaints and documents you submit, where that information is relevant to your case. Do not upload or submit information about a child unless you have the legal authority to do so and the disclosure does not violate any court order, protective order, sealing order, confidentiality order, juvenile-record restriction, school-record rule, medical-record rule, child-welfare confidentiality law, or other applicable legal restriction. Children’s information is the most sensitive category of data we handle, and we ask that you include only the minimum necessary information about a child in the structured fields you submit to the registry. Information about children that remains in your private workspace is not used for registry aggregation and is not routinely reviewed by our staff. If you believe a minor has created an account or provided information directly to us, please contact us and we will address it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the effective date and, where appropriate, notify you by email or via a notice on the platform. Your continued use of CaseFort after changes are posted constitutes acceptance of the revised policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

CaseFort — Colorado Resilience
Email: hello@systemcomplaints.com
Website: systemcomplaints.com