Privacy Policy
Last updated: 15 January 2025
1. Introduction
This Privacy Policy explains how Popsall Ltd ("we", "us", or "our") collects, uses, and protects your personal data when you use RedactProof ("the Service").
Data Controller:
Popsall Ltd
Company Number: 16306252
71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom
Email: privacy@redactproof.com
2. Our Privacy-First Approach
RedactProof is designed with privacy at its core. Unlike traditional document processing services, we use client-side processing - your documents are never uploaded to our servers.
What this means for you:
- Your documents never leave your device
- We cannot access your document content
- All AI processing happens in your browser
- Only cryptographic hashes are sent for verification certificates
3. Data We Collect
3.1 Account Information
When you create an account, we collect:
- Email address: For account authentication and communication
- Account preferences: Settings you configure in the Service
- Subscription information: Plan type, billing period, payment status
3.2 Verification Data
When you create verification certificates, we store:
- Document hashes: Cryptographic fingerprints (SHA-256) of your documents - these cannot be reversed to reveal document content
- Certificate metadata: Timestamp, entity counts, certificate ID
- Attribution: Your email or reference ID (depending on your settings)
3.3 Usage Data
We collect anonymous usage statistics to improve the Service:
- Feature usage patterns
- Error reports
- Performance metrics
3.4 Consent Records
When you subscribe, we record:
- Consent timestamp and version
- IP address and user agent (for fraud prevention)
- Which consents you provided (terms acceptance, auto-renewal, immediate access)
4. How We Use Your Data
We process your personal data for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Providing the Service | Contract performance |
| Processing payments | Contract performance |
| Sending transactional emails | Contract performance / Legitimate interest |
| Fraud prevention | Legitimate interest |
| Service improvements | Legitimate interest |
| Marketing communications | Consent (opt-in only) |
| Legal compliance | Legal obligation |
5. Consent Records and Retention
Important: Consent Record Retention
We retain records of your consent for 3 years from the date of consent. This includes records of your acceptance of terms, auto-renewal consent, and immediate access consent. After 3 years, these records are automatically deleted.
This retention period ensures we can demonstrate valid consent for any subscription that was active within the standard limitation period for contract disputes in the UK (6 years) while minimising data retention.
6. Data Sharing
We share your data only with:
- Stripe: Payment processing (see Stripe Privacy Policy)
- Resend: Transactional email delivery
- Cloudflare: Infrastructure and security
We do not sell your personal data. We do not share your data for advertising purposes.
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 2 years |
| Consent records | 3 years from consent date |
| Verification certificates | Indefinite (publicly verifiable) |
| Audit logs (Pro/Team) | Duration of subscription + 1 year |
| Payment records | 7 years (legal requirement) |
| Email logs | 1 year |
8. Your Rights
Under the UK GDPR and Data Protection Act 2018, you have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Limit how we process your data
- Portability: Receive your data in a machine-readable format
- Objection: Object to certain processing activities
- Withdraw consent: Withdraw marketing consent at any time
To exercise these rights, contact us at privacy@redactproof.com. We will respond within 30 days.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk
9. Cookies and Tracking
We use minimal cookies:
- Essential cookies: Session management, authentication (required)
- Preference cookies: Your settings and preferences
We do not use advertising cookies or third-party tracking pixels.
10. International Data Transfers
Our infrastructure is hosted on Cloudflare's global network. Data may be processed in countries outside your jurisdiction. When we transfer data outside the UK/EEA, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs)
- Data protection agreements with processors
- Selection of processors with appropriate certifications
11. Security Measures
We protect your data through:
- TLS encryption for all data in transit
- Encryption at rest for stored data
- Access controls and authentication
- Regular security reviews
- Client-side processing (documents never leave your device)
12. Children's Privacy
The Service is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
14. Contact Us
For privacy-related questions or to exercise your rights:
Email: privacy@redactproof.com
Post: Data Protection, Popsall Ltd, 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom