Privacy Policy

Last updated: 4 July 2026

This policy explains how Case Review UK ("we", "us") collects and uses personal data when you use our website and case-review services. It is written in plain English and follows the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who we are

Data controller: [COMPANY NAME LTD], registered in England & Wales, company number [00000000], registered office [ADDRESS]. Contact: enquiries@casereviewuk.co.uk.

Placeholder: replace the bracketed details with your registered company info before launch.

What we collect

  • Contact details you give us (name, email, phone, prison, prisoner number).
  • The message and any documents you upload for review (court papers, sentencing remarks, etc.).
  • Payment information — processed by Stripe. We never see or store card numbers.
  • Account information if you sign in (email, hashed password, session tokens).
  • Basic technical data (IP address, browser, pages viewed) via privacy-friendly analytics.

Why we use it

  • To respond to your enquiry and deliver the case review you paid for (contract).
  • To operate the AI pre-scan feature and generate a draft report for a lawyer to verify (contract / legitimate interests).
  • To comply with legal, tax and anti-money-laundering obligations (legal obligation).
  • To keep the site secure and improve it (legitimate interests).

AI processing of your documents

Our AI pre-scan uses the Lovable AI Gateway (which routes to Google Gemini) to read the documents you upload and produce a draft summary. The AI provider processes your data on our instruction, does not use it to train models, and does not retain content beyond the request. The AI draft is not a final report — a senior UK lawyer reviews and verifies it before it is released to you.

Who we share it with

  • Supabase (EU/UK region) — hosting, database and secure file storage.
  • Stripe — payment processing.
  • Lovable AI Gateway (Google Gemini) — AI document analysis.
  • Regulated solicitors/barristers we refer you to, only with your consent.
  • UK authorities where required by law.

How long we keep it

Case files and reports: 6 years after the matter closes, in line with UK legal-services retention norms. Marketing consents: until you withdraw. Analytics: 14 months maximum.

Your rights

You can ask us to access, correct, erase, restrict, or port your data, and object to certain processing. Email enquiries@casereviewuk.co.uk to exercise any right. You can also complain to the UK Information Commissioner's Office at ico.org.uk.

Security

All data is transmitted over TLS, files are stored in a private bucket with row-level security, passwords are hashed, and access is limited to reviewers who need it.

Changes

We may update this policy; the "last updated" date at the top will change.

Start Your Case Review