credit-hire.ai

Privacy Policy

Effective date: 26 March 2026 | Version 1.0

This Privacy Policy explains how credit-hire.ai collects, uses, and protects personal data when you use this platform. We are committed to handling your data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

credit-hire.ai is operated by Steve Evans (“we”, “us”, “our”). We are the data controller for personal data processed through this platform.

Contact: sae@credithire.org.uk

2. What Personal Data We Collect

We collect and process only a minimal amount of personal data:

Data	Purpose	Legal Basis
Full name	Account registration and identification	Performance of a contract (UK GDPR Art. 6(1)(b))
Email address	Account authentication, email confirmation, and account approval notifications	Performance of a contract (UK GDPR Art. 6(1)(b))

    Queries are not stored. When you submit a legal research query through the platform, that query is transmitted to an AI processing service (see section 5) and a response is returned to your screen. We do not store, log, or retain the content of your queries on our servers.
  

3. What We Do Not Collect

We do not collect, store, or process:

The content of your legal research queries (these are processed in real time and not retained)
Details of the cases, clients, or matters you are researching
IP addresses or device identifiers beyond those automatically handled by our hosting infrastructure
Payment information (the platform currently operates without payment processing)
Cookies beyond those set by the authentication service for session management

4. How We Use Your Data

Your name and email address are used solely to:

Create and manage your account
Send you an email confirmation when you register
Notify you when your account access is approved
Display your email address within the application as confirmation you are signed in

We do not use your personal data for marketing, profiling, automated decision-making, or any purpose beyond the operation of your account.

5. Third-Party Data Processors

We use the following third-party services to operate the platform. Each acts as a data processor on our behalf:

Processor	Role	Data involved	Server location
Vercel Inc. vercel.com	Application hosting and delivery	Standard web traffic data (IP address, request logs) handled by Vercel's infrastructure. We do not separately log or store this data.	United Kingdom (London). Vercel's serverless functions for this deployment run in the London region (lhr1), meaning application hosting and request processing remain within the UK.
Supabase Inc. supabase.com	Authentication and user account storage	Name and email address	Your name and email are stored in a Supabase database. Supabase offers EU-region hosting; our deployment region can be confirmed on request.
Anthropic PBC anthropic.com	AI query processing	The text of each query you submit is sent to Anthropic's Claude API to generate a response. Anthropic does not use API inputs to train its models. Queries are not retained by us after the response is delivered.	United States. Data is transferred under the UK-US Data Bridge and standard contractual clauses. See Anthropic's Privacy Policy.

We do not share your personal data with any other third parties, sell your data, or use it for purposes unrelated to the operation of this platform.

6. International Data Transfers

The platform is hosted on Vercel's London (UK) infrastructure — application hosting and request processing do not involve international data transfers. User authentication data is stored in Supabase (region to be confirmed). Query processing is handled by Anthropic's Claude API, which is operated by a US-based company. When query content is transmitted to Anthropic for processing, we rely on the following transfer mechanisms:

The UK-US Data Bridge (where applicable)
Standard Contractual Clauses approved under UK GDPR

Queries do not contain personally identifiable data in normal use. You can request further information about transfer mechanisms in place by contacting us at the address in section 1.

7. Data Retention

We retain your name and email address for as long as your account remains active. If you request deletion of your account, we will delete your personal data from the Supabase authentication database within 30 days, except where retention is required by law.

8. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

Right of access — to request a copy of the personal data we hold about you
Right to rectification — to request correction of inaccurate data
Right to erasure — to request deletion of your account and associated data
Right to restriction — to request that we restrict processing in certain circumstances
Right to data portability — to receive your data in a structured, machine-readable format
Right to object — to object to processing based on legitimate interests

To exercise any of these rights, contact us at sae@credithire.org.uk. We will respond within one calendar month.

9. Security

We take reasonable technical and organisational measures to protect your personal data, including:

All connections to the platform are encrypted via HTTPS/TLS
Authentication is handled by Supabase, which stores passwords using bcrypt hashing and provides secure token-based sessions
Account registration requires email confirmation and manual approval by the platform administrator before access is granted

10. Children

This platform is intended for professional use by legal practitioners and claims professionals. It is not directed at children under the age of 18 and we do not knowingly collect data from minors.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The effective date at the top of this page will reflect the date of the most recent revision. Continued use of the platform after any update constitutes acceptance of the revised policy.

12. Complaints

If you believe we have not handled your personal data in accordance with UK GDPR, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Helpline: 0303 123 1113

Data Controller Contact
Steve Evans — credit-hire.ai
sae@credithire.org.uk