Privacy Policy

Last updated: [Effective Date — TODO]

1. Introduction

This Privacy Policy explains how LotLens ('we', 'us', 'our') collects, uses, and protects your personal data when you use our service. LotLens is committed to protecting your privacy and processing your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data We Collect

We collect the following categories of personal data:

  • Account information — your name, email address, and password (stored as a secure hash)
  • Property details — names, addresses, and auction dates you enter
  • Documents you upload — legal pack files for analysis
  • Usage data — pages visited, features used, and error logs
  • Payment information — processed and stored securely by Stripe; we do not store full card details

3. How We Use Your Data

We use your data to:

  • Provide and maintain the LotLens service
  • Process your uploaded documents through our AI analysis pipeline
  • Send reports, notifications, and service updates
  • Process billing and manage your subscription via Stripe
  • Respond to support requests and enquiries

4. Document Processing

Documents you upload are sent to Anthropic's Claude API for analysis. Anthropic's privacy policy applies to data processed by their API. We do not permanently store your document contents beyond what is necessary to provide the service. Documents are stored encrypted in UK/EU-based cloud infrastructure and are accessible only to you and our automated processing systems.

5. Data Retention

We retain your account data for as long as your account is active. Generated reports are stored to allow you to view and download them. You may request deletion of your account and associated data at any time by contacting us or using the account deletion feature. Some data may be retained for legal or accounting obligations.

6. Your Rights (GDPR)

Under UK GDPR, you have the following rights:

  • Right to access — request a copy of your personal data
  • Right to rectification — correct inaccurate or incomplete data
  • Right to erasure — request deletion of your personal data
  • Right to portability — receive your data in a machine-readable format
  • Right to object — object to processing based on legitimate interests

7. Cookies

We use essential cookies for session management and authentication. These are strictly necessary for the service to function. We do not use tracking, analytics, or advertising cookies. You can control cookies through your browser settings, but disabling essential cookies may prevent the service from working correctly.

8. Contact for Data Requests

For data subject access requests, erasure requests, or any privacy concerns, please contact us at: [email protected]

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.