top of page

Privacy Policy

Last updated: 5th of March, 2026

​

RefCase ("we", "our", or "us") operates the RefCase Chrome Extension and related web application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect information when you use our Service.

By using RefCase, you agree to the collection and use of information in accordance with this policy.

​

​

1. Who We Are

RefCase is a software tool designed to help sales professionals quickly find and share customer reference cases and supporting information.

​

The Service includes:

  • A Chrome browser extension

  • A web application dashboard

  • Supporting infrastructure used to store and process uploaded customer reference data

 

If you have questions regarding this policy, you can contact us at:

Email: privacy@refcase.io

 

2. Information We Collect

We collect information in the following ways.

 

2.1 Account Information

When you create or log into an account, we may collect:

  • Name

  • Email address

  • Authentication provider (Google or Microsoft)

  • Organization or company name

  • Account metadata (account creation date, login activity)

 

Authentication is processed through third-party identity providers.

We do not store your password when using SSO authentication.

 

2.2 Customer Reference Data Uploaded by Users

RefCase allows users to upload structured reference data through CSV uploads.

This may include:

  • Customer company names

  • Industry categories

  • Company size

  • Geographic region

  • Case study tags

  • Product usage information

  • Internal notes about reference customers

​

This data is provided and controlled by the user or their organization.

Users are responsible for ensuring they have the right to upload and process this data.

 

2.3 Website Context Data (Magic Match Feature)

The RefCase Chrome Extension includes a feature called Magic Match.

When a user activates this feature:

  • The extension analyzes the current webpage domain

  • It extracts publicly available company context (such as domain name)

  • This information is used to suggest relevant customer reference cases

 

RefCase does not continuously monitor browsing activity.

Website information is only processed when the user explicitly triggers the feature.

​

2.4 Usage Data

We may automatically collect certain usage data including:

  • Browser type

  • Extension version

  • Device type

  • Feature usage

  • Interaction logs

  • Error logs

  • Performance diagnostics

​

This information helps us improve the reliability and functionality of the Service.

 

2.5 Cookies and Similar Technologies

Our web application may use cookies or similar technologies to:

​

  • Maintain login sessions

  • Store user preferences

  • Improve product functionality

  • Analyze product usage

​

Users can control cookies through their browser settings.

 

3. How We Use Information

We use collected information to:

  • Provide and operate the RefCase Service

  • Enable users to search and share reference cases

  • Process uploaded customer reference data

  • Authenticate users through SSO providers

  • Improve product functionality

  • Monitor service performance and reliability

  • Detect misuse, abuse, or security incidents

  • Provide customer support

​

We do not sell personal information to third parties.

 

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), our legal basis for processing personal data includes:

  • Contractual necessity

  • Processing is required to provide the RefCase Service.

  • Legitimate interests

​

We process data to:

  • Improve the Service

  • Maintain security

  • Prevent fraud

  • Analyze usage patterns

 

Consent

In certain cases we may rely on consent, such as for optional analytics.

 

5. Data Storage and Infrastructure

RefCase uses third-party infrastructure providers to host and operate the Service.

These may include:

  • Cloud hosting providers

  • Database infrastructure providers

  • Authentication providers

​

All user data is stored on servers located within the European Union (EU) or the European Economic Area (EEA).

We select infrastructure providers that maintain industry-standard security practices and comply with applicable data protection regulations, including the General Data Protection Regulation (GDPR).

​

Where third-party providers process data on our behalf, they do so under data processing agreements (DPAs) that ensure appropriate safeguards for personal data.

 

6. Data Sharing

We do not sell or rent user data.

We may share information only in the following circumstances.

 

6.1 Service Providers

We may share data with trusted service providers who assist in operating the Service, such as:

  • Hosting providers

  • Authentication services

  • Infrastructure providers

  • Security and monitoring services

​

These providers are contractually obligated to protect the data.

 

6.2 Legal Requirements

We may disclose information if required to do so by law, regulation, or legal process.

​

This includes responding to:

  • Court orders

  • Law enforcement requests

  • Government requests

 

6.3 Business Transfers

If RefCase is involved in a merger, acquisition, or sale of assets, user data may be transferred as part of that transaction.

Users will be notified if such a transfer occurs.

 

7. Data Retention

We retain personal data only for as long as necessary to:

  • Provide the Service

  • Comply with legal obligations

  • Resolve disputes

  • Enforce agreements

 

Users may request deletion of their data at any time.

Upon account deletion, we will remove personal data unless retention is legally required.

 

8. Security

We implement reasonable technical and organizational measures to protect data against:

  • Unauthorized access

  • Alteration

  • Disclosure

  • Destruction

 

Security practices include:

  • Encrypted connections (HTTPS)

  • Secure authentication protocols

  • Access controls

  • Infrastructure security measures

 

However, no internet transmission or storage system is completely secure.

 

9. User Responsibilities

Users who upload data to RefCase are responsible for ensuring that:

  • They have lawful permission to process the data

  • The data does not violate privacy or confidentiality obligations

  • The data complies with applicable data protection laws

 

RefCase acts as a data processor for data uploaded by users.

​

10. Your Privacy Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data

  • Correct inaccurate data

  • Request deletion

  • Restrict processing

  • Request data portability

  • Object to certain processing

 

To exercise these rights, contact:

privacy@refcase.io

 

11. Children's Privacy

RefCase is intended for professional users and business use.

The Service is not directed toward individuals under the age of 16, and we do not knowingly collect data from children.

 

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically.

If material changes occur, we will notify users through:

  • The website

  • The application

  • Email notifications when appropriate

 

The updated policy will include a revised "Last updated" date.

​

13. Contact Information

For any privacy-related questions or requests, please contact:

RefCase Privacy Team

Email: privacy@refcase.ai

bottom of page