Skip to content

Privacy Policy — RAMScribe

⚠️ First-pass draft, NOT legal advice. Launched on Jordan's accepted risk (solo operator, no solicitor/data-protection adviser review yet — see Section 8 in particular). Get a qualified review once there's real paying revenue. RAMScribe sells to UK customers, so UK GDPR applies even though the operator is based outside the UK.

Controller: Jordan Mungujakisa, Uganda. Contact: info@ramscribe.co.uk. Effective date: 17 July 2026.

1. What we collect

  • Account / contact data: name, email (if you create an account or buy).
  • Document inputs: the information you enter to generate a RAMS — company, site name & address, author name & role, client/principal contractor, and any operative/competence details you choose to include. Some of this may be personal data (e.g. named individuals).
  • Payment data: handled by Paddle (we do not receive or store card details).
  • Usage/technical data: IP, device/browser, pages used, for security and analytics.

2. Why we use it (purposes & lawful bases)

| Purpose | Lawful basis (UK GDPR) | |---|---| | Generate your document & provide the Service | Performance of a contract | | Process payment | Contract / legal obligation (tax) | | Security, fraud prevention, service improvement | Legitimate interests | | Service emails (e.g. receipts) | Contract | | Marketing emails (if any) | Consent (opt-in) |

3. AI processing & sub-processors

To generate documents we send your inputs to third-party processors. We use providers on paid/enterprise tiers that do NOT use your data to train their models:

  • Google (Gemini API, paid tier) — AI generation. Confirmed on the paid Google AI Studio tier: inputs are not used to train Google's models.
  • Paddle.com Market Ltd — payments / merchant of record.
  • Vercel — hosting (frontend and backend). We have or will put data-processing terms in place with each. We do not sell your data.

4. International transfers

The operator and some processors are outside the UK (including Uganda and the providers above). Where we transfer personal data internationally we rely on appropriate safeguards (e.g. the providers' standard contractual clauses / adequacy mechanisms). (Launch-stage position; solicitor to confirm the exact transfer mechanism once there's real revenue.)

5. Retention

We keep document inputs and generated documents for 12 months from generation, then delete them, and payment/tax records for as long as the law requires. You can request earlier deletion at any time (see Section 6).

6. Your rights (UK GDPR)

You may request access, correction, deletion, restriction, portability, or object to processing, and may withdraw consent. Contact info@ramscribe.co.uk. You can complain to the UK Information Commissioner's Office (ICO).

7. Security

We use reasonable technical and organisational measures (encryption in transit, access controls). No system is perfectly secure.

8. UK representative

As a non-UK controller offering services to UK individuals, a UK GDPR Article 27 representative may be required (subject to the occasional-processing exemption for low-risk, non-large-scale processing, which likely applies at launch volume). Genuinely open, not yet resolved — get this confirmed by a solicitor before volume grows beyond occasional processing.

9. Children

The Service is for business users and not directed at children.

10. Changes

We may update this policy; the current version is published on the site.