← Back to homeCaseBase

Effective date: 28 March 2026

Privacy Policy

This policy describes how we handle personal data when you visit our website or use CaseBase — casework, correspondence, campaigns and MP website tools for parliamentary offices.

1. Who we are

CaseBase is operated by the team behind the CaseBase product ("we", "us", "our"). This policy explains how we collect, use, store and share personal data in connection with our website and services.

We aim to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. For data protection enquiries, contact hello@casebase.org.uk.

2. What data we collect

Depending on how you use CaseBase, we may process categories such as:

  • Identity and contact data — name, work email, office or constituency details, and similar identifiers you provide when you sign up, request a demo, subscribe to updates or correspond with us.
  • Account and service data — login identifiers, roles, configuration and usage information needed to run the platform (for example casework, campaigns and website content you create within CaseBase).
  • Constituent and casework-related data — where your office uses CaseBase to manage constituents, mail and campaigns, we process the data you (or your users) enter or import, subject to your instructions and our agreement with you.
  • Technical data — IP address, device and browser type, and logs used for security, debugging and service reliability.

We do not ask you to provide special category data unless a specific feature clearly requires it and you choose to supply it.

3. How we use your data

We use personal data where we have a lawful basis under UK GDPR, including:

  • Contract — to provide CaseBase, onboard your organisation, and bill where applicable.
  • Legitimate interests — to improve and secure the service, respond to enquiries, and send product updates where appropriate (you can opt out of non-essential marketing).
  • Legal obligation — to meet accounting, tax or regulatory requirements.
  • Consent — where we rely on consent (for example certain marketing emails), you may withdraw it at any time.

4. How we store and protect data

We use reputable cloud infrastructure and technical measures such as encryption in transit, access controls and monitoring. Retention depends on the type of data: we keep it only as long as needed to provide the service and meet legal obligations, then delete or anonymise it in line with our retention practices.

5. Sharing your data

We may use carefully vetted processors (for example hosting, email delivery and payment providers) who process data on our instructions under contract. We do not sell personal data. International transfers, if any, are made with appropriate safeguards (such as the UK IDTA or Addendum where required).

6. Your rights

Under UK GDPR you may have the right to access, rectify, erase, restrict or object to certain processing, and to data portability where applicable. To exercise these rights, contact us at the email above. You may also complain to the ICO: ico.org.uk.

7. Cookies and similar technologies

We use cookies or similar technologies where needed for the site to function (for example security and session management). If we use non-essential analytics or marketing cookies, we will ask for your consent where required by law.

8. Updates

We may update this policy from time to time. The effective date at the top will change when we do; continued use of the site or service after changes may constitute acceptance where permitted by law.