Privacy Policy
ClaimBot UK ("we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and share information about you when you use our website and services.
We are a Data Controller under the UK General Data Protection Regulation (UK GDPR).
ICO Registration Number: [Pending Registration]
1. Information We Collect
We accumulate the minimum amount of data required to provide our service:
- Account Information: Name, email address, password (encrypted).
- Case Information: Details of your dispute (e.g., parking ticket details, correspondence history, tribunal references). This may include sensitive data if you choose to upload it.
- Payment Information: Processed securely by Stripe. We do not store your full card details.
- Usage Data: Analytics on how you use our site (via PostHog), IP address, browser type.
2. How We Use Your Data
We use your data on the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Providing the Service (Generating documents, managing your account) | Contract (Performance of our agreement with you) |
| Customer Support | Legitimate Interests (Helping you resolve issues) |
| Improving our Product | Legitimate Interests (Analysing usage to fix bugs) |
| Marketing (Newsletters) | Consent (You can opt-out at any time) |
| Legal Compliance | Legal Obligation (Tax records, fraud prevention) |
3. Sharing Your Data
We do not sell your personal data. We share data only with trusted third-party service providers ("Processors") necessary to run our business:
- Supabase (US/EU): Database hosting and authentication.
- Anthropic (US): AI Large Language Model provider. We send your case details to Anthropic to generate the documents. Their data processing agreement ensures they do not train their models on your API data by default.
- Stripe (US/EU): Payment processing.
- Vercel (US): Website hosting.
- Upstash (Global): Rate limiting and caching.
These providers are subject to strict contractual obligations to protect your data (Standard Contractual Clauses/International Data Transfer Agreements).
4. International Transfers
Some of our processors (like Anthropic) are based outside the UK/EEA. We ensure your data is protected by using UK-approved International Data Transfer Agreements (IDTAs) or ensuring the provider is certified under the UK-US Data Bridge.
5. Data Retention
- Case Data: We retain your case documents for as long as your account is active to allow you to manage your dispute. You can delete specific cases or your entire account at any time.
- Inactive Accounts: We may delete data from accounts that have been inactive for more than 24 months.
6. Your Rights
Under the UK GDPR, you have the right to:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Correct inaccurate data.
- Erasure ("Right to be Forgotten"): Ask us to delete your data.
- Restriction: Pause the processing of your data.
- Object: Object to processing based on legitimate interests.
- Portability: Get your data in a machine-readable format.
To exercise any of these rights, email privacy@claimbot.uk.
7. Security
We implement robust technical measures to protect your data, including encryption in transit (HTTPS) and at rest (database encryption). However, no internet transmission is 100% secure.
8. Cookies
We use cookies to make our site work and to understand how you use it. See our Cookie Policy for details.
9. Contact & Complaints
If you have concerns about how we handle your data, please contact us at privacy@claimbot.uk.
You also have the right to complain to the Information Commissioner's Office (ICO):
- Website: https://ico.org.uk/make-a-complaint/
- Helpline: 0303 123 1113