Legal

Privacy Policy

Last updated: April 2026

CompliantDocs is committed to protecting your personal data. This policy explains what data we collect, how we use it, and your rights under UK data protection law including the UK GDPR and the Data Protection Act 2018.

1. Who We Are

CompliantDocs is operated as a sole trader business based in Northampton, England. We are the data controller for the personal data you provide to us. Contact: hello@compliantdocs.co.uk

2. What Data We Collect

When you place an order we collect the following information:

  • Your name and business name
  • Your email address
  • Your business address and postcode
  • Your phone number
  • Business information relevant to your document pack (such as number of staff, chemicals used, and use of sharp instruments)
  • Payment information (processed by Stripe, we do not store card details)
  • Your IP address
  • GDPR consent timestamp

3. How We Use Your Data

We use your data to:

  • Generate your compliance documents
  • Deliver your documents and order confirmation by email
  • Send reminder and renewal emails related to your purchase
  • Maintain records of transactions for legal and accounting purposes

4. Legal Basis for Processing

We process your data on the basis of contract performance (to fulfil your order) and legitimate interests (to send renewal reminders). Marketing communications are based on your consent.

5. Data Retention

Your document download link and associated files are deleted from our systems 5 days after your order is placed. Your order record is retained for up to 12 months for renewal reminder purposes and then deleted. Financial transaction records may be retained for up to 7 years as required by HMRC.

6. Third Parties

We share your data with the following third party services solely to fulfil your order:

  • Stripe (payment processing)
  • SendGrid (email delivery)
  • Google (document storage and delivery via Google Drive, and order records via Google Sheets)
  • Anthropic (document generation via Claude API)

All third party providers are required to handle your data in accordance with applicable data protection law.

7. Your Rights

Under UK GDPR you have the right to access, correct, or delete your personal data. You also have the right to object to processing and to data portability. To exercise any of these rights, contact us at hello@compliantdocs.co.uk. We will respond within 30 days.

8. Cookies

We use cookies on our website. Please see our Cookie Policy for full details.

9. Changes to This Policy

We may update this policy from time to time. The current version will always be available on this page.

10. ICO Registration

CompliantDocs is registered with the Information Commissioner's Office (ICO) as a data controller. ICO Registration Number: C1910089.