Privacy Policy

Last updated: 4 May 2026

1. Who we are

LawImNotSure is the data controller for personal data you provide when using this service. You can contact us at privacy@lawimnotsure.com.

2. What we collect

• Account data: email address, hashed password, signup date, role.
• Usage data: documents generated, monthly counters, subscription tier, basic logs.
• Document inputs: the situation details you type into the generator. These may include personal data about yourself or others (names, addresses, employment details, complaint details).
• Billing data: Stripe customer ID and subscription ID. We do not store your card number; that lives with Stripe.

3. Why we use it (lawful basis)

• Contract: to provide and bill for the service you signed up for.
• Legitimate interests: to keep the service secure, prevent abuse and improve quality.
• Consent: for any optional marketing emails. You can withdraw consent at any time.

4. AI processing

To generate your document, we send your inputs to Anthropic's Claude API. Inputs are processed to produce the generated text and are not used by Anthropic to train its models. Do not paste highly sensitive material (for example, special-category personal data about third parties) unless it is necessary for your document.

5. Sub-processors

• Netlify, Inc. — hosting, identity, blob storage.
• Stripe Payments Europe Ltd. — billing and card processing.
• Anthropic, PBC — AI document generation.

6. Retention

Account and usage data are kept for as long as your account is active and for up to 12 months after deletion to handle billing disputes. Document inputs are not retained server-side after the document is returned to you, except in transient logs that are rotated within 30 days.

7. Your rights

Under UK GDPR you have the right to access, rectify, erase, restrict, port and object to processing of your personal data. Email privacy@lawimnotsure.com to exercise these rights. You also have the right to complain to the UK Information Commissioner's Office (ICO).

8. Cookies

We use only strictly-necessary cookies for authentication and session management. We do not use advertising or third-party analytics cookies.

9. International transfers

Some sub-processors are based outside the UK. Where data is transferred internationally, we rely on UK-approved safeguards (UK addendum to the EU Standard Contractual Clauses).

10. Changes

We will post any updates to this policy on this page and update the "last updated" date.