Last updated: 30 June 2026
This notice covers Almost Legal Business (almostlegal.ai/business and the /fleet workspace) and forms part of the Business Terms. It explains where we act as a data controller and where we act as your processor under the UK GDPR. For consumer services, the consumer Privacy Policy applies.
We are the controller of the data about you and your business — your account, company-verification details, usage and billing data. We are your processor for the personal data about third parties that you put into the platform (for example debtors, drivers, employees and contract counterparties): you decide why and how it is used, and we process it on your instructions to run the tool you asked for.
We use this to provide and bill the service, prevent trial abuse, give support, and meet legal obligations. Our lawful bases are performance of our contract with you and our legitimate interests in running and securing the service.
The following terms govern our processing of personal data you input (“Customer Personal Data”) and apply where the UK GDPR requires a controller-processor contract (Article 28).
| Subject-matter | Generating fine appeals, debt-recovery and legal letters, contract reviews and templates from data you submit. |
| Duration | For the term of your subscription and the short retention period in clause 3.6. |
| Nature & purpose | Storage and AI-assisted generation of documents on your instructions. |
| Types of data | Names, contact details, vehicle registrations, amounts owed, contract and case details, and any other personal data you choose to enter. Please do not enter special-category data unless necessary. |
| Data subjects | Your debtors, drivers, employees, customers, suppliers and counterparties. |
You authorise the following sub-processors; we will give notice before adding or replacing one so you can object:
| Provider | Purpose |
|---|---|
| Anthropic | AI generation — processes your inputs to produce the document, under a no-training arrangement. |
| Vercel | Application hosting. |
| Upstash | Workspace data storage. |
| Clerk | Authentication / user accounts. |
| Stripe | Payment processing (billing data only). |
| Resend | Transactional email delivery. |
Customer Personal Data is used only to produce your output. It is not used to train AI models; our AI provider processes it under a no-training arrangement.
Where a sub-processor processes data outside the UK, that transfer is covered by an appropriate safeguard (UK adequacy or the International Data Transfer Agreement / addendum to the EU Standard Contractual Clauses).
You can delete cases and documents from your workspace at any time. On termination, we delete Customer Personal Data within 30 days unless we are required by law to keep it, except for backups which expire on our normal cycle.
Data is encrypted in transit (TLS) and at rest with our infrastructure providers; access is restricted and authenticated; payment-card data never touches our systems. No system is perfectly secure, but we take measures appropriate to the risk.
For data we hold as controller (your account and business data) you have the UK GDPR rights of access, rectification, erasure, restriction, portability and objection — email hello@almostlegal.ai. Where a third party exercises rights over Customer Personal Data, they should contact you as the controller; we will assist you in responding.
We keep account and billing records for as long as you are a customer and afterwards as required for legal, tax and accounting purposes. Customer Personal Data is retained per clause 3.6.
We may update this notice; the date above shows when, and material changes are notified to the account owner. Questions or requests: hello@almostlegal.ai, Almost Legal Limited, 9 Tynwald Street, Douglas, Isle of Man, IM1 1BF. You may also complain to the UK Information Commissioner’s Office (ico.org.uk).