Privacy Policy

Last updated: 22 March 2026

1. Who we are

Your Compliance Docs (“we”, “us”, “our”) operates the Your Compliance Docs platform. We are the data controller for personal data collected through the Service. Contact: yourcompliancedocs@tutamail.com

2. What data we collect

  • Account data: Email address, name, password (hashed), company name, trade/industry, location.
  • Usage data: Documents generated, exports, email sends, certificate uploads, feature usage, and timestamps.
  • Payment data: Processed by Stripe. We do not store card numbers. We receive your Stripe customer ID, subscription status, and payment history.
  • Uploaded files: Certificate images uploaded for OCR scanning.
  • Technical data: Browser type, IP address, device information, collected automatically via server logs.

3. How we use your data

  • To provide, maintain, and improve the Service.
  • To generate documents and business plans based on your inputs.
  • To process payments and manage subscriptions.
  • To send certificate expiry reminders and service notifications.
  • To enforce usage limits and prevent abuse.
  • To respond to support requests.

4. Legal basis for processing (UK GDPR)

  • Contract: Processing necessary to provide the Service you have signed up for.
  • Legitimate interest: Improving the Service, preventing fraud, ensuring security.
  • Consent: Where you have opted in to marketing communications (you may withdraw consent at any time).

5. Third-party services

We share data with the following third-party processors:

  • Supabase — Database hosting, authentication, file storage. Data stored in the EU/UK.
  • Stripe — Payment processing. Subject to Stripe's Privacy Policy.
  • OpenAI— AI document generation. Your project details are sent to OpenAI's API to generate documents. OpenAI's API data is not used for model training. Subject to OpenAI's Privacy Policy.
  • Resend — Transactional email delivery (certificate reminders, document emails).

6. Data retention

  • Account and document data is retained for as long as your account is active.
  • When you delete your account, all personal data and documents are permanently deleted within 30 days.
  • Payment records may be retained as required by tax and accounting regulations.

7. Your rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate data.
  • Erase your data (“right to be forgotten”).
  • Restrict or object to processing.
  • Data portability — receive your data in a structured format.
  • Withdraw consent at any time (where processing is based on consent).
  • Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, contact us at yourcompliancedocs@tutamail.com.

8. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. No cookie consent banner is required for strictly necessary cookies under UK regulations.

9. Security

We use industry-standard security measures including encrypted connections (TLS), secure authentication via Supabase Auth, and row-level security on database tables. However, no system is 100% secure. You are responsible for keeping your login credentials safe.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notice. The “last updated” date at the top reflects the most recent revision.

11. Contact

For privacy-related questions or requests: yourcompliancedocs@tutamail.com