Privacy Policy

    Last updated: February 2025

Review My Contract (“we”, “us”, “our”) operates the service at reviewmycontract.co.uk and is committed to protecting your privacy. This policy explains what information we collect, how we use it, and your rights in relation to your personal data. We do not use user accounts; the service works on a per-session basis (upload, payment, review).

1. Information We Collect

We collect information necessary to provide and improve our document explanation service:

Payment information

  • Email address and name (when you pay, via our payment provider)
  • Payment is processed by Stripe; we do not store your full card details

Document and session data

  • Documents you upload (PDF or plain text only)
  • Text extracted from your documents for analysis
  • The AI-generated review, held temporarily in your session so you can view and download it

Usage and technical information

  • Pages visited and actions taken during your visit
  • Date and time of access
  • Device and browser information
  • IP address (e.g. for rate limiting and security)

2. How We Use Information

We use the information we collect to:

  • Deliver the service: Process your documents and generate plain-English explanations using AI
  • Process payment: Complete transactions and handle refunds where applicable
  • Communicate: Send payment confirmations, respond to refund requests and support enquiries
  • Improve the service: Understand how the site is used so we can improve it (e.g. in aggregate)
  • Security: Protect against fraud, abuse and security threats (e.g. rate limiting, validation)
  • Legal compliance: Comply with legal obligations and enforce our Terms and Conditions

3. Data Storage & Security

We take data security seriously and use measures to protect your information:

  • Encryption: Data is encrypted in transit (TLS/SSL) and, where stored, at rest where applicable
  • Access control: Access to your data is limited to what is needed to operate the service
  • Secure infrastructure: The service runs on secure infrastructure with appropriate safeguards
  • Retention: Uploaded documents are processed solely to provide the review and are deleted shortly after processing, subject to limited technical backups. Session data (including the review output) is cleared when you leave or when the session expires; we do not keep your documents or reviews long term

No method of transmission or storage is 100% secure. We cannot guarantee absolute security but we work to protect your data to a high standard.

4. AI Processing

We use artificial intelligence (Amazon Bedrock) to analyse your documents and generate explanations. What you should know:

  • Third-party processing: The text extracted from your document is sent to our AI provider (AWS Bedrock) to generate the review
  • Processing only: Your document content is used in real time to produce the explanation. We do not use your documents to train AI models
  • No long-term storage of content: We do not permanently store your original files; they are deleted shortly after processing, subject to limited technical backups
  • Confidentiality: We use an AI provider that operates under strict data processing and security standards

This processing may involve data being handled outside the UK or EEA by our cloud provider, subject to appropriate safeguards.

In relation to documents you upload, we act as a data processor and process the content solely on your instructions to provide the review.

For more on how AWS handles data, see AWS compliance and GDPR and related AWS privacy documentation.

5. What We Store

We store the following information:

  • During your session: Your uploaded file (temporarily), the generated review, and session identifiers so you can view and download the result
  • After your session: We do not keep your documents or the full review content. Payment-related data (e.g. transaction ID, email if provided via payment) is retained as needed for accounting, refunds and legal obligations

6. Important Privacy Notice

Your documents are transmitted to our AI provider (AWS Bedrock) for processing. Do not upload documents that contain the following, unless you understand and accept the risks involved:

  • Passwords, PINs or security credentials
  • Full financial account or card numbers
  • Protected health information or detailed medical records
  • National insurance numbers, government ID numbers or similar
  • Information subject to strict confidentiality or non-disclosure obligations
  • Trade secrets or highly sensitive proprietary information

By uploading a document, you acknowledge that its content will be sent to our AI provider for processing and you confirm that you have the right to share that content with us for this purpose.

7. Cookies & Tracking

We use essential cookies and similar technologies to:

  • Keep your session active while you use the service (e.g. upload, payment, view results)
  • Remember preferences where relevant
  • Support security (e.g. CSRF protection)

You can control cookies via your browser settings. Disabling or blocking certain cookies may affect how the service works (e.g. you may not be able to complete the flow).

8. Your Rights (UK / GDPR)

Under UK and EU data protection law you have rights including:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data where we have no lawful reason to keep it
  • Export: Request a copy of your data in a portable format where technically feasible
  • Objection / restriction: Object to or request restriction of certain processing in specific circumstances

To exercise these rights, contact us using the details below. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in the UK: ico.org.uk.

9. Third-Party Services

We use the following third parties to run the service:

  • Payment: Stripe – to process payments securely. See Stripe’s privacy policy
  • AI: Amazon Web Services (AWS Bedrock) – to generate contract explanations. See AWS Privacy
  • Hosting: Our hosting provider stores and serves the application and may process logs and technical data in line with their privacy policy

We only use providers that meet strong privacy and security standards and, where relevant, comply with applicable data protection law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do:

  • We will update the “Last updated” date at the top of this page
  • For material changes, we may notify you by a notice on the website or by email where appropriate

Your continued use of the service after changes are published means you accept the updated policy. We encourage you to review this page periodically.

11. Contact

For questions, requests or concerns about this Privacy Policy or our data practices:

We aim to respond within 48 hours.