← LawBuddy

Privacy Policy

Last updated: 5 July 2026

1. Who We Are

LawBuddy operates this platform. We are the data controller for personal data processed through the service. Contact: privacy@lawbuddy.org.au.

2. Data We Collect

  • Account data: Name, email address, and hashed password
  • Documents: Files you upload for analysis — stored encrypted and not used for AI training
  • Usage data: Analysis history, chat sessions, and case records
  • Billing data: Payment information processed by Stripe — we do not store card details
  • Technical data: IP address, browser type, and session tokens

3. How We Use Your Data

We process your data to:

  • Deliver the analysis and document generation services
  • Manage your account and billing
  • Send transactional emails (verification, receipts, password reset)
  • Prevent fraud and maintain platform security

Legal basis: contract performance (UK GDPR Art.6(1)(b)) and legitimate interests (Art.6(1)(f)) for security and fraud prevention.

4. Documents You Upload

Documents uploaded for analysis are processed by Anthropic's Claude API to extract text. They are stored in our database to allow you to access your analysis history. Your documents are not used to train AI models and are not shared with third parties except as necessary to deliver the service.

5. Third-Party Services

  • Anthropic: Document reading and AI chat (data processed under their API terms)
  • Stripe: Payment processing (PCI-DSS compliant)
  • Resend: Transactional email delivery
  • Neon: Database hosting (UK/EU data residency)
  • Vercel: Platform hosting

6. Your Rights Under UK GDPR

You have the right to:

  • Access your personal data (Subject Access Request)
  • Rectify inaccurate data
  • Erasure ("right to be forgotten")
  • Data portability
  • Object to processing
  • Lodge a complaint with the ICO (ico.org.uk)

Exercise these rights via Settings → Privacy, or email privacy@lawbuddy.org.au. We will respond within 30 days.

7. Data Retention

Account data is retained for the duration of your account plus 2 years after deletion request. Uploaded documents are deleted upon account deletion. Billing records are retained for 7 years as required by law.

8. Security

We implement appropriate technical and organisational measures including encryption at rest and in transit, bcrypt password hashing, and access controls. No system is completely secure and we cannot guarantee absolute security.

9. Cookies

We use only essential session cookies necessary to operate the authentication system. We do not use advertising or tracking cookies.

10. Contact and Complaints

Data Controller: LawBuddy · privacy@lawbuddy.org.au
You may also complain to the Information Commissioner's Office: ico.org.uk or 0303 123 1113.