Overview
UK Contract Clause Checker is operated as an independent product at ukcontractclause.com. This policy explains what information is collected when you use this website, how it is used, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We collect the minimum data necessary to operate the service. We do not sell your data. We do not use your data for advertising.
What Data We Collect
1. Clause text submitted for analysis
When you paste a clause into the analysis tool and submit it, that text is transmitted to our AI analysis service via a secure server-side proxy. Clause text submitted by users who are not logged in is not stored. It is processed solely to generate the analysis and is discarded after the response is returned.
If you are logged in and choose to save an analysis, the clause text and analysis output are stored in your account. You can delete saved analyses from your dashboard at any time.
2. Account information
If you create an account, we collect your email address and a hashed password (we never store your password in readable form). If you sign in using Google, we receive your email address and name from Google in accordance with Google's OAuth process — we do not receive your Google password.
Account information is used solely to provide account functionality: saving analyses, accessing your dashboard, and managing your preferences.
3. Solicitor referral data
If you submit a solicitor referral request, we collect your name, email address, the clause or contract type you wish to have reviewed, and any notes you provide. This information is shared with the appointed solicitor for the purpose of facilitating the review you have requested. You will be informed of the solicitor's identity and provided with a link to their privacy notice before you submit.
Referral data is retained for 12 months to enable referral tracking and service quality monitoring, after which it is deleted.
4. Waitlist and contact form submissions
If you join the Pro waitlist or submit a contact form, we collect your name and email address. This is used only to respond to your enquiry or to notify you about the Pro product launch. We will not send marketing communications without your explicit consent.
5. Automatically collected information
We collect standard server log data including hashed IP addresses, browser type, pages visited, and time of access. IP addresses are hashed before storage and cannot be used to identify individual users. This data is used for security monitoring, rate limiting, and aggregate analytics only.
6. Cookies
This site uses only essential cookies necessary for the website to function — specifically, session tokens to keep you logged in. We do not use tracking, advertising, or analytics cookies. No cookie consent banner is required for essential cookies under UK GDPR.
How We Use Your Information
| Data | Purpose | Legal basis |
|---|---|---|
| Clause text (session only) | Generate analysis output | Legitimate interest / Contract |
| Saved analyses | Account dashboard functionality | Contract (account terms) |
| Account email & password hash | Authentication and account management | Contract |
| Referral data | Facilitating solicitor review | Consent (at submission) |
| Contact form submissions | Responding to enquiries | Legitimate interest |
| Server logs (hashed IP) | Security and rate limiting | Legitimate interest |
Third-Party Services
AI analysis providers
Clause text submitted through the tool is processed by third-party AI services (Google Gemini and Anthropic Claude) to generate the analysis. These services process data in accordance with their respective data processing terms. Our service operates as an intermediary and does not retain submitted clause text beyond the session unless you choose to save an analysis.
Hosting and infrastructure
This site is hosted on Cloudflare Pages and the API backend runs on Cloudflare Workers. Data is stored in Cloudflare D1 (database) and Cloudflare KV. Cloudflare's Privacy Policy applies to data processed through their infrastructure.
Email delivery
Transactional emails (referral confirmations, contact form responses, account notifications) are sent via Resend. Email content is processed by Resend in accordance with their Privacy Policy.
Authentication
If you choose to sign in with Google, your authentication is handled by Google's OAuth service. We receive only your email address and name. Google's Privacy Policy applies to the authentication process.
Solicitor Referrals — Article 13 Notice
When you submit a solicitor referral, your name, email address, clause or contract details, and any notes you provide will be shared with the appointed solicitor. The solicitor's identity and a link to their own privacy notice are provided to you on the referral confirmation screen before you submit.
The solicitor will process your information as an independent data controller for the purpose of providing legal services. Their privacy notice governs how they handle your data once the referral is accepted.
Data Retention
We retain as little data as possible for as short a time as necessary. This is a deliberate design decision, not a limitation.
Important: We do not store full contracts on this platform. When you request a solicitor review, your contract is sent directly by you to the solicitor — it never passes through or is stored on our systems. This significantly limits our data exposure and yours.
| Data | Free tier | Pro tier |
|---|---|---|
| Clause text submitted for analysis | Not retained beyond the session | Retained if you choose to save the analysis; deleted when you delete it |
| Analysis output (scores, summaries) | Not retained beyond the session | Retained for 180 days or until you delete |
| Account data (email, password hash) | — | Retained while account is active; deleted within 30 days of closure |
| Solicitor referral records | Retained for 6 years (business/legal records requirement). Records contain referral metadata and consent log — not contract documents. | |
| Contact form submissions | Retained for 6 months | |
| Server logs (hashed IP) | 30 days | |
| Waitlist emails | Until Pro launch or unsubscribe | |
You can request deletion of your data at any time using the contact form. Deletion requests are processed within 30 days.
Your Rights Under UK GDPR
You have the following rights in relation to your personal data:
- Access: request a copy of the personal data we hold about you
- Rectification: request correction of inaccurate data
- Erasure: request deletion of your data (subject to legal retention obligations)
- Restriction: request that we limit processing in certain circumstances
- Portability: receive your data in a structured, machine-readable format
- Objection: object to processing based on legitimate interest
- Withdraw consent: where processing is based on consent, withdraw it at any time
To exercise any of these rights, please use the contact form. We will respond within one calendar month.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe we have not handled your data lawfully.
Changes to This Policy
We may update this policy from time to time to reflect changes in the product or applicable law. The date at the top of this page reflects the most recent update. For material changes, we will notify registered users by email.
Contact
For privacy-related enquiries, please use our contact form and select "General Enquiry." We aim to respond within 5 business days.