Legal

Privacy Policy

Last updated: 9 April 2026

This Privacy Policy explains how TheLegalAid ("we", "us", "our") collects, uses, stores, and protects your personal data when you use our platform. We are committed to handling your data responsibly and in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

TheLegalAid is operated as a technology platform providing AI-assisted self-help tools for UK drivers challenging private parking charges. For data protection purposes, we act as the data controller for personal information collected through this platform.

Contact: privacy@thelegalaid.co.uk

2. What Data We Collect

Account information

• Full name and email address (required to create an account)
• Phone number (optional, used for SMS deadline reminders)
• Home address (provided voluntarily for document generation)
• Password (stored as a secure hash — we never store your plain-text password)

Case information

• Uploaded documents including Parking Charge Notices and County Court claim forms
• Vehicle registration numbers, PCN/claim numbers, dates, and charge amounts extracted from uploaded documents
• AI-generated case notes, audit results, and drafted documents
• Conversation history with our AI assistants (Alex and James Hartley KC)

Payment information

• Payment transactions are processed by Stripe. We do not store card numbers or payment credentials. We receive a transaction ID and payment status confirmation only.

Technical data

• IP address, browser type, and device information collected automatically when you use the platform
• Usage data including pages visited and features used

3. How We Use Your Data

We use your personal data for the following purposes:

• Providing the service — to create and manage your account, process your documents, generate legal documents, and track your case deadlines
• Communications — to send you deadline reminders by SMS (if you have provided a phone number and consented), and service-related emails
• Payment processing — to process premium payments via Stripe
• Platform improvement — to understand how the platform is used and improve its accuracy and reliability
• Legal compliance — to comply with our legal obligations

4. Legal Basis for Processing

• Contract performance — processing necessary to provide the service you have signed up for
• Legitimate interests — improving our platform and preventing fraud
• Consent — for optional communications such as SMS reminders
• Legal obligation — where required by law

5. Data Sharing

We do not sell your personal data to any third party. We share data only with:

• Supabase — our database and authentication provider, hosting your account and case data on secure servers
• Stripe — payment processing for premium subscriptions
• Google (Gemini API) — AI processing for document OCR and chat responses. Document content is transmitted for processing purposes.
• OpenAI (GPT-4.1) — AI processing for case audits and document drafting. Case details are transmitted for processing purposes.
• Twilio — SMS delivery for deadline reminders (if you have provided a phone number)

All third-party providers are bound by data processing agreements and are required to handle your data securely and in accordance with applicable data protection law.

6. Data Retention

We retain your personal data for as long as your account is active. If you request deletion of your account, we will delete your personal data within 30 days, except where we are required by law to retain it for longer.

Uploaded documents and case files are retained for the duration of your account. You may delete individual documents at any time from within your account.

7. Your Rights

Under UK GDPR, you have the following rights:

• Right of access — to request a copy of the personal data we hold about you
• Right to rectification — to request correction of inaccurate data
• Right to erasure — to request deletion of your personal data ("right to be forgotten")
• Right to restriction — to request that we limit how we use your data
• Right to data portability — to receive your data in a structured, machine-readable format
• Right to object — to object to processing based on legitimate interests
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at privacy@thelegalaid.co.uk. We will respond within 30 days.

8. Cookies

TheLegalAid uses strictly necessary cookies for authentication and session management. We do not currently use advertising or tracking cookies. If this changes, we will update this policy and seek your consent where required.

9. Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include encrypted data transmission (HTTPS), secure password hashing, and role-based access controls. However, no internet transmission is completely secure and we cannot guarantee absolute security.

10. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

ico.org.uk · 0303 123 1113

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. Continued use of the platform after any update constitutes your acceptance of the revised policy.