Privacy Policy
Last updated: 13 June 2026
Who we are: REMEDY LEGAL TECHNOLOGY LTD ("Remedy", "we", "us"), a company registered in England and Wales. Company number 16535799. Registered office: Flat 1, 40 Leverton Street, London, England, NW5 2PG. Contact: hello@remedylegal.ai. For privacy and data protection requests: legal@remedylegal.ai.
We are registered with the UK Information Commissioner's Office (ICO), registration reference ZC031343.
We are the data controller for personal data we collect and use through our public website (the Site), our logged-in web application (the Platform), and the messaging channels we offer (including WhatsApp and email). This policy explains what we collect, why, how long we keep it, who we share it with, and your rights.
We are UK-only and our services are intended for people aged 18+. If you are under 18, please do not use the Platform.
Plain-English summary (not a substitute for the full policy)
- We collect what we need to run Remedy: your account details, the content and documents you put into your matter, messages you exchange with our AI assistant and our team, and usage and device data.
- Some features are AI-powered. The content of your matter (including messages, uploaded documents, and any email you choose to connect) is processed by vetted third-party AI providers under contract so we can deliver those features.
- If you connect your email inbox (Google/Gmail) or message us on WhatsApp, we describe separately below exactly what we access and how it is used.
- People may read your matter. Our support team, and (where relevant) the vetted partner organisations we work with, can see matter content in order to help you.
- We do not sell your personal data and we do not use it to train third-party AI models.
- Non-essential cookies and analytics require your consent, which you control through our cookie banner. See our Cookie Policy.
- You have UK GDPR rights (access, erasure, objection, and others). Email legal@remedylegal.ai to exercise them or to complain. You can also complain to the ICO.
1) What this policy covers
This policy applies when you visit the Site, use the Platform, or interact with us over our WhatsApp or email channels. It does not cover third-party websites or services we link to, including the websites of any partner organisation that takes on your matter. Check their own privacy notices.
2) What we collect
Depending on how you use Remedy, we may collect the following:
A. Account and identity data: name, email address, and (if you sign in by phone) mobile phone number; password (stored only as a secure hash). If you sign in with Google or Apple, we receive the basic profile information they share (typically name and email) for authentication only.
B. Contact and support data: messages you send us (including complaints) and the information needed to respond.
C. Matter data and documents: the information, facts, timelines, and files you upload or enter into the Platform to manage your housing matter. Because housing matters can involve sensitive circumstances, this content may contain special category or criminal-offence data (see section 3).
D. AI interaction data: the messages, questions, voice notes, and prompts you send to our AI assistant; the assistant's outputs; and any feedback you give on those outputs.
E. Connected email data (optional): if you choose to connect a Google/Gmail inbox, the email content and metadata we access on your instruction. See section 7 for the detail, including our Google "Limited Use" commitment.
F. Messaging data (WhatsApp/SMS): if you contact us or receive messages over WhatsApp or SMS, your phone number and the content of those messages. See section 8.
G. Usage and device data: IP address, device and browser type, app version, pages viewed, actions taken, diagnostics, and crash logs. Collected via our systems and, where you consent, analytics tools. See the Cookie Policy.
H. Marketing preferences: your communication preferences and opt-in/opt-out records (for example, newsletter subscriptions).
Payments. Where you purchase a paid service, payment is handled by our payment processor, Stripe. Your card details are provided to and handled by Stripe and are not stored by us. We keep records of the transaction (amount, date, service purchased) to meet our accounting and tax obligations.
Children. Our services are for 18+. We do not knowingly collect data from children.
3) Special category and criminal-offence data
Remedy is not a law firm. Housing matters can nonetheless involve special category data (for example, information about health, disability, or vulnerability) and criminal-offence data (for example, allegations of anti-social behaviour). We ask you not to share such data unless it is genuinely necessary for your matter.
Where this data is necessary, we rely on one or more of: your explicit consent; the condition for the establishment, exercise, or defence of legal claims; and the substantial-public-interest and related conditions in Schedule 1 to the Data Protection Act 2018. For criminal-offence data, we maintain an Appropriate Policy Document as required by that Act, which explains our basis, retention, and safeguards. You can request a copy from legal@remedylegal.ai.
4) How we use your data (purposes and lawful bases)
We only process personal data where we have a lawful basis under UK GDPR:
| Purpose | Examples of what we do | Categories | Lawful basis |
|---|---|---|---|
| Provide the Platform, Site, and channels | Create and manage your account; authenticate you (email, phone, Google, or Apple); run the AI assistant, workflows, and tools; respond over web, WhatsApp, and email; provide support | A-G | Contract; Legitimate interests (to operate, secure, and improve the service) |
| AI-powered features | Process your messages, documents, and connected-email content through third-party AI providers to assess your situation, answer questions, draft materials, and manage tasks | C, D, E | Contract; Legitimate interests (to deliver and improve the features); Consent where required for certain inputs |
| Help from our team and partners | Our support staff, and vetted partner organisations working on your matter, view matter content to assist you | A-E | Contract; Legitimate interests (to deliver assistance and connect you with appropriate help) |
| Special category / criminal-offence data | Process sensitive details where they are necessary for your matter | C, D, E | Explicit consent and/or legal claims, plus a DPA 2018 Schedule 1 condition |
| Security and fraud prevention | Monitoring, logging, access control, bot/abuse prevention (including CAPTCHA), incident response | A, G | Legitimate interests (to keep the service and users safe); Legal obligation |
| Analytics and product improvement | Understand performance and usage to improve the product | G | Consent for non-essential analytics; Legitimate interests for essential quality and diagnostics |
| Marketing communications | Send updates and newsletters where you have opted in | H, A | Consent (with a soft opt-in for our own similar services to existing users), with the right to opt out at any time |
| Legal and compliance | Handle complaints, claims, and regulatory or law-enforcement requests | All as needed | Legal obligation; Legitimate interests; for sensitive data, legal claims |
5) AI features, human involvement, and automated decision-making
Some features use third-party AI providers to process your content. The main categories are:
- Large language model (LLM) providers that power the assistant's reasoning and drafting: Google (Vertex AI / Gemini) and Anthropic (Claude). The content of your matter (messages, document extracts, and matter context) is sent to these providers to generate responses. Depending on the feature and our configuration, this processing may take place in the EU or in the United States (see section 10, International transfers).
- AI tooling providers that the assistant uses to do research on your behalf, such as a web-search provider and a managed-browser provider. Search queries and page content the assistant handles for your matter may pass through these providers.
We require all AI providers, by contract, to protect the confidentiality and security of your data and to act only on our instructions. We do not permit them to use your content to train their models, and we do not sell your data.
Human involvement. Our AI assistant responds to you directly within a conversation. It is a tool to help you, not a substitute for professional legal advice, and its output may be incorrect or incomplete, so you should review it before acting. Our team and (where relevant) partner organisations can review and take part in your matter. We do not make solely automated decisions that produce legal or similarly significant effects about you. If that ever changes, we will tell you and explain your rights.
6) Cookies and similar technologies
We use a small number of strictly necessary cookies to keep you signed in and secure, and (with your consent) analytics technologies to understand and improve the product. Non-essential analytics are off until you consent, and you can change your choice at any time through our cookie banner. For the full detail, including the specific tools we use, see our Cookie Policy.
7) Connected email (Google/Gmail)
If you choose to connect a Google/Gmail inbox, we ask Google for permission to read your messages and to send email on your behalf, so the assistant can find relevant correspondence for your matter and send letters or replies that you direct. We request only the scopes we need (gmail.readonly and gmail.send); we do not request permission to delete your email or manage your whole account.
When you ask the assistant to look at your inbox, the content of the relevant messages (including bodies and attachments) is processed by our AI providers under section 5 in order to help with your matter. We store your connection tokens securely on our servers and never expose them to your browser. You can disconnect at any time, which revokes our access with Google on a best-effort basis.
Google "Limited Use" commitment. Remedy's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use Google user data only to provide and improve the features you ask for, we do not sell it, we do not use it for advertising, and we only allow humans to read it where you have given permission, it is necessary for security or to comply with law, or the data is aggregated and anonymised.
8) WhatsApp and SMS messaging
You can interact with Remedy over WhatsApp, and we may send you SMS messages (for example, one-time passcodes). These channels are delivered through our messaging provider. When you message us, we receive your phone number and the content of your messages, and we handle that content as matter and AI-interaction data under this policy. Standard message and data rates from your own carrier may apply.
9) Who can access your data, and who we share it with
Our team. Authorised Remedy staff can access your account and matter content to provide support, resolve issues, and operate the service. Administrative access is restricted and logged.
Partner organisations. Remedy works with vetted partner organisations (which may include advice services and law firms). Where a partner is helping with your matter, their authorised staff may access the relevant matter content within the Platform. Where we hand a matter over to a partner organisation so they can take it on, that organisation becomes an independent controller of the information they receive and will handle it under their own privacy notice. We share matter information with a partner on this basis only where it is necessary to help you and, where required, with your consent.
Service providers (processors). We use third-party providers to run Remedy under contracts that require them to protect your data and act on our instructions. Categories include:
- Hosting and infrastructure (application hosting, database, file storage, backups, content delivery)
- Authentication and security (sign-in, bot/abuse prevention, breached-password checking)
- AI providers (to power AI features and tooling, as described in section 5)
- Communications (transactional email, SMS and WhatsApp messaging)
- Analytics and error monitoring
- Operational notifications (internal alerts to our team, for example when someone signs up)
- Professional advisers (legal, accounting) and authorities where required by law
We maintain a current list of our sub-processors and can provide it on request to legal@remedylegal.ai.
We do not sell your personal data, and we do not share it with third parties for their own marketing.
10) International transfers
We are UK-based, and we prefer providers that process data in the UK or EU. Some providers process data outside the UK (for example, in the United States). Where we make a restricted transfer, we put in place a valid safeguard, which may be: UK "adequacy" regulations (including the UK Extension to the EU-US Data Privacy Framework, the "UK-US Data Bridge", for certified US providers), the UK International Data Transfer Agreement (IDTA), or the UK Addendum to the EU Standard Contractual Clauses, together with a transfer risk assessment where appropriate. You can ask us for more detail about the safeguards for a specific provider.
11) How long we keep data (retention)
We keep personal data only as long as we need it for the purposes above and to meet legal and regulatory requirements. In summary:
- Account data: for the life of your account, then deleted (subject to short administrative and backup cycles) when you close your account.
- Matter data, documents, and AI conversation history: while your account is active. When you delete your account, this content is deleted from our live systems as part of the erasure process described in section 12.
- Connected-email tokens: until you disconnect or delete your account.
- Support communications: typically up to 2 years after your query is resolved.
- Security, system, and diagnostic logs: typically up to 24 months.
- Transaction records (if you buy a paid service): retained for the period required by tax and accounting law (typically 6 years).
Backups may persist for a limited period after deletion and are overwritten on a rolling cycle. We may retain specific data for longer where we are required to by law or where it is necessary to establish, exercise, or defend legal claims. Our detailed internal retention schedule is available to partners and assessors on request.
12) Your rights
Under UK data protection law you have rights to: access your data; ask us to correct it; ask us to delete it; restrict or object to processing (including objecting to direct marketing); request portability; and withdraw consent where we rely on it. You also have rights in relation to automated decision-making.
To exercise any right, email legal@remedylegal.ai. We may ask for information to verify your identity, and we will respond within one month (extendable by two further months for complex requests, which we will tell you about). There is normally no charge.
You can request deletion of your account from within the Platform settings or by emailing legal@remedylegal.ai. When we action this, we erase your account and its associated records (your matter content, documents, and AI conversation history) from our live database. Some data may persist for a limited period in encrypted backups before being overwritten, and some records may be retained where the law requires (see section 11). If you have connected a Google/Gmail inbox, you can revoke our access directly in your Google account at any time.
If you are unhappy with how we handle your data, you can complain to the Information Commissioner's Office (ICO):
ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Website: ico.org.uk. Helpline: 0303 123 1113.
13) Security
We use appropriate technical and organisational measures to protect personal data, including encryption in transit and at rest, access controls, secure password hashing, bot/abuse prevention, monitoring, and log sanitisation. No system is perfectly secure, but we work to prevent, detect, and respond to misuse and unauthorised access. If a breach affects your rights and freedoms, we will notify you and, where required, the ICO.
14) Direct marketing
We will only send marketing (for example, our newsletter) where you have consented or where a soft opt-in applies (our own similar services to existing users). You can opt out at any time using the unsubscribe link or by emailing legal@remedylegal.ai. We do not share your details with third parties for their own marketing.
15) Links and third parties
The Site and Platform may link to third-party sites or services, including partner organisations. Their privacy practices are their own; please read their privacy notices.
16) Changes to this policy
We may update this policy from time to time. We will post changes here and update the date above. If a change is significant, we will email you or notify you in the app.
17) Contact us
Questions or requests about this policy: legal@remedylegal.ai. General queries: hello@remedylegal.ai.
