Effective Date: May 23, 2026 Version: 1.1
This Privacy Policy describes how CourtPulse LLC (“CourtPulse,” “we,” “us,” or “our”) collects, uses, stores, discloses, and protects information when you use the CourtPulse software-as-a-service platform, website at mycourtpulse.com and app.mycourtpulse.com, and related services (collectively, the “Service”).
This Privacy Policy is incorporated into and forms part of the CourtPulse Terms of Service. Capitalized terms not defined here have the meanings given in the Terms of Service.
By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.
When you register for and use the Service, you provide the following information:
Account information: your name, email address, bar admission information (jurisdiction, bar number, status), firm or organization name, telephone number, and password.
ECR Credentials: your username, password, and any other authentication credentials issued to you by the Maricopa County Superior Court Clerk’s office or other supported court records authority. See Section 3 for how we handle ECR Credentials, which receive heightened protection.
Case selections: the case numbers, parties, and other identifying information for cases you select to monitor through the Service.
Notification preferences: your alert thresholds, notification frequency, recipient email addresses (including any paralegal or co-counsel CC addresses), and similar configuration settings.
Payment information: if and when CourtPulse charges fees for the Service, billing information (handled by our payment processor; we do not store full credit card numbers on our systems).
Communications: the content of emails, support requests, feedback, and other communications you send to us.
When you access or use the Service, we automatically collect:
Log data: IP address, browser type and version, operating system, referring URL, pages visited, timestamps, and other standard server log information.
Usage data: information about how you interact with the Service, including features used, frequency of access, and configuration changes.
Cookies and similar technologies: we use minimal cookies necessary to maintain your authenticated session. We do not use third-party advertising or tracking cookies.
When you authorize us to use your ECR Credentials, we periodically retrieve the following information from the ECR System on your behalf:
The list of filings on the cases you have selected to monitor;
Filing metadata (date, document type, party identifiers, document identifiers); and
If you have enabled the document-storage feature, copies of the filed documents themselves.
We do not retrieve information from cases on which you are not an attorney of record or party.
We use the information described above to:
Provide, operate, and maintain the Service, including detecting new filings and sending Notifications;
Authenticate your access to your CourtPulse Account;
Communicate with you about the Service, including service updates, security notices, technical support, and billing matters;
Improve the Service, including diagnostics, debugging, and analytics;
Comply with our legal obligations, including tax, regulatory, and recordkeeping requirements;
Enforce the Terms of Service and Acceptable Use Policy; and
Detect, investigate, and prevent fraud, abuse, and security incidents.
We do not sell your personal information. We do not use your personal information for cross-context behavioral advertising.
ECR Credentials receive heightened protection because of their sensitivity:
3.1 Encryption at Rest. ECR Credentials are encrypted at rest using a symmetric encryption key (the “Master Key”). The encrypted credentials are stored in our application database.
3.2 Master Key Separation. The Master Key is stored separately from the encrypted credentials database, in an environment-variable secrets store maintained by our hosting provider. The Master Key is not present in our application database, in our source code repository, in our logs, or in our backups.
3.3 Decryption Only When Needed. ECR Credentials are decrypted in memory only at the moment they are needed to authenticate to the ECR System, and are not persisted in decrypted form.
3.4 No Logging. ECR Credentials are not written to application logs, error logs, or any other persistent log under any circumstance.
3.5 No Third-Party Sharing. We do not share your ECR Credentials with any third party, except (a) as required to provide the Service (i.e., transmitting them to the ECR System for authentication on your behalf), or (b) as required by law upon valid legal process.
3.6 Effect of Encryption. Because ECR Credentials are stored encrypted at rest with the Master Key stored separately, ECR Credentials are “encrypted” within the meaning of A.R.S. § 18-552 in the event of a security incident that compromises only the credentials database without compromising the Master Key.
We disclose your information only in the following circumstances:
We use the following third-party service providers to operate the Service. Each provider receives only the information necessary to perform its specific function, under contractual terms requiring confidentiality and limited use.
| Service Provider | Purpose | Categories of Data |
|---|---|---|
| Railway (railway.com) | Application hosting, database hosting, environment-variable secrets storage | Application data, encrypted ECR Credentials, Master Key |
| Amazon Web Services (aws.amazon.com) | Document storage (S3) if you enable the document-storage feature | Court document files |
| Resend (resend.com) | Transactional email delivery (Notifications, account emails) | Recipient email addresses, email subject and body, attached court documents (PDFs) when included with a Notification |
| 2Captcha (2captcha.com) | Solving CAPTCHA challenges encountered during automated ECR System access | Anonymized CAPTCHA images (no personal information) |
We may engage additional service providers from time to time. Material changes to our sub-processor list will be communicated by updating this Privacy Policy.
We may disclose information when required by law, court order, subpoena, or other valid legal process, or when we believe disclosure is necessary to protect our rights, your rights, or the rights of others, including to comply with the rules of professional conduct or to prevent harm.
If CourtPulse undergoes a merger, acquisition, sale of assets, or change of control, your information may be transferred as part of that transaction. We will notify you of any such transfer and the implications for your information.
We may disclose information with your express consent or at your direction.
5.1 Account Data. We retain your Account information for as long as your Account is active and for a reasonable period thereafter (typically 90 days following Account closure) to facilitate Account reactivation, dispute resolution, and compliance with our legal obligations.
5.2 ECR Credentials. ECR Credentials are deleted from our systems within 30 days following Account closure or your written request to revoke our authorization to use them.
5.3 Stored Court Documents. If you have enabled the document-storage feature, retrieved court documents are stored in Amazon S3 under a lifecycle policy that automatically deletes documents after a defined retention period (the current retention period is communicated within the Service).
5.4 Logs and Diagnostic Data. Server logs and diagnostic data are retained for up to 12 months for security monitoring, debugging, and capacity planning.
5.5 Notification History. Notification metadata (which case, which filing, when the Notification was sent) is retained for the life of your Account to provide audit history and to avoid duplicate Notifications.
5.6 Legal Holds and Compliance. Notwithstanding the foregoing, we may retain information longer if required by law, regulation, court order, or to enforce our legal rights.
5.7 Sub-Processor Retention and Access. The sub-processors listed in Section 4.1 retain data according to their own retention policies, which we do not control. In particular, Resend retains copies of sent Notification emails — including subject, body, and any attached court documents — for an operational period that varies by service plan, for the purposes of delivery diagnostics, bounce analysis, and customer support. CourtPulse personnel may access these retained copies through Resend's dashboard solely for legitimate operational purposes, including: investigating a delivery failure reported by a user; debugging an alert that did not arrive as expected; verifying that a Notification was sent and what it contained; or investigating a security incident. Access for any other purpose, including routine review of user activity or curiosity about case content, is prohibited by CourtPulse's internal access policy. CourtPulse maintains an internal log of each instance of such access. Sub-processor retention periods may exceed CourtPulse's own retention periods set forth above; users with questions about a specific sub-processor's retention should consult that provider's privacy policy.
We implement commercially reasonable administrative, technical, and physical safeguards designed to protect your information against unauthorized access, alteration, disclosure, and destruction. These include:
Encryption of ECR Credentials at rest with master-key separation as described in Section 3;
Transport-layer encryption (HTTPS/TLS) for all communications between your browser and the Service;
Authentication controls for administrative access to our systems;
Logical separation between our production and development environments;
Regular review of access controls and security configurations; and
Use of reputable hosting and infrastructure providers.
No security measure is perfect. We cannot guarantee that our security measures will prevent every possible security incident.
In the event of a security incident that compromises personal information stored by us, we will respond as required by applicable law, including Arizona Revised Statutes § 18-552.
7.1 Investigation. Upon becoming aware of a security incident, we will promptly investigate to determine whether a breach has occurred and the scope of any compromised information.
7.2 Notification Timing. If we determine that a breach of unencrypted and unredacted personal information has occurred and notification is required under A.R.S. § 18-552, we will notify affected individuals within 45 days after such determination, except as permitted by law enforcement delay requests.
7.3 Notification Method. Notification will be provided by email to the address associated with your Account, or by such other method as permitted under A.R.S. § 18-552.
7.4 Additional Notifications. If the breach affects more than 1,000 individuals, we will also notify the three largest nationwide consumer reporting agencies, the Arizona Attorney General, and the Director of the Arizona Department of Homeland Security as required by A.R.S. § 18-552.
7.5 Encrypted Data. Consistent with A.R.S. § 18-552’s safe harbor for encrypted information, notification is not required if the compromised information was encrypted and the decryption key was not also compromised.
You have the following rights with respect to your personal information:
You may request a copy of the personal information we hold about you by emailing support@mycourtpulse.com. We will respond within 30 days, except as limited by law.
You may correct inaccurate personal information directly within your Account settings or by emailing support@mycourtpulse.com.
You may request deletion of your Account and associated personal information by emailing support@mycourtpulse.com. Upon receipt, we will delete your Account and associated information in accordance with Section 5, except information we are required to retain by law.
You may revoke your authorization for CourtPulse to use your ECR Credentials at any time by deleting your Account or by emailing support@mycourtpulse.com.
We currently do not send marketing communications. If we begin sending them, you will have the right to opt out.
If you are a resident of a U.S. state or other jurisdiction with additional privacy rights (such as California, Virginia, Colorado, Connecticut, or Utah), additional rights may apply to you. The Service is currently offered to attorneys licensed in U.S. jurisdictions; if you assert rights under another jurisdiction’s privacy law, please describe the right and the basis in your request to support@mycourtpulse.com.
The Service is not directed to children under the age of 18. We do not knowingly collect personal information from children under the age of 18. If you believe we have collected information from a child under the age of 18, please contact support@mycourtpulse.com and we will delete the information.
CourtPulse is based in the United States. The Service is intended for use by attorneys licensed in U.S. jurisdictions. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to such transfer.
We may update this Privacy Policy from time to time. The updated Privacy Policy will be posted at mycourtpulse.com with a revised Effective Date. We will notify you of material changes by email or in-app notice at least 30 days before the changes take effect.
For questions about this Privacy Policy or about our handling of your personal information, contact:
CourtPulse LLC Attn: Privacy 7650 E Williams Dr., Unit 1069 Scottsdale, Arizona 85255 Email: support@mycourtpulse.com
Last updated: May 22, 2026