Logo
CourtCraftAdvocate
AboutHow It WorksBlogTemplatesPricingDashboardContact
Register Now1 free question — no card required

Legal

Privacy Policy

Last updated: 30 April 2026

1. Who We Are

CourtCraft Advocate Ltd ("CourtCraft", "we", "us", "our") operates the website at courtcraftadvocate.com and the CourtCraft Advocate platform. We are registered in England and Wales.

The platform is owned and operated by CourtCraftAdvocate Ltd.. We act as the data controller for personal data processed through this platform. If you have any questions about this policy or your personal data, please contact us at privacy@courtcraftadvocate.com.

2. What Data We Collect

We collect and process the following categories of personal data:

  • Account data: name, email address, and password (stored as a secure hash) when you register.
  • Profile data: any additional information you choose to add to your profile, such as your role in proceedings.
  • Case data: information you enter about your family law case, including court dates, case references, and notes. This data is stored solely to provide the service to you.
  • Document data: documents you create or upload using the Document Builder tool.
  • Payment data: billing information processed securely by Stripe. We do not store full card details on our servers.
  • Communication data: messages you send to us via email or the platform's support features.
  • Usage and security data: pages visited, features used, device/browser information, IP address, session identifiers, and access timestamps collected for platform improvement and security monitoring (see Section 10).
  • McKenzie Friend session data: information relating to any McKenzie Friend support sessions you book through the platform.

3. How We Use Your Data

We use your personal data for the following purposes and on the following legal bases:

Providing the Service

Legal basis: Performance of a contract. We process your account, case, and document data to deliver the CourtCraft platform features you have subscribed to.

Payment Processing

Legal basis: Performance of a contract. We share billing data with Stripe to process subscription payments securely.

Communications

Legal basis: Legitimate interests / consent. We send transactional emails (account verification, court date reminders, booking confirmations) and, where you have opted in, product updates.

Platform Improvement

Legal basis: Legitimate interests. We analyse aggregated, anonymised usage data to improve features and fix issues.

Security and Fraud Prevention

Legal basis: Legitimate interests. We process IP addresses, session data, and access patterns to detect and prevent unauthorised access, scraping, and abuse of the platform.

Legal Compliance

Legal basis: Legal obligation. We may process data to comply with applicable laws, court orders, or regulatory requirements.

4. Special Category Data

Family law proceedings often involve sensitive personal data, including information about children, health, finances, and domestic circumstances. We treat all case data you enter as special category data and apply enhanced security measures accordingly. We process this data solely on the basis of your explicit consent and to provide the service you have requested.

We strongly advise you not to enter the personal data of third parties (including your children or the other party) beyond what is strictly necessary for your own case preparation.

5. Data Sharing

We do not sell your personal data. We share data only with trusted third-party processors who are contractually bound to protect it:

  • Supabase — database hosting and authentication (EU data centres).
  • Stripe — payment processing (PCI-DSS compliant).
  • Resend — transactional email delivery.
  • Anthropic / OpenAI — AI-assisted document drafting features. Prompts you submit may be processed by these providers' APIs; we do not use your data to train AI models, and our proprietary system prompts are never transmitted to the client.
  • Vercel / Rocket.new — platform hosting and deployment infrastructure.
  • Google Analytics — anonymised usage analytics (where you have consented to analytics cookies).

We may also disclose data where required by law, to protect the rights or safety of any person, or in connection with a business transfer (in which case you will be notified).

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the service. Specifically:

  • Account data is retained until you delete your account.
  • Case and document data is retained for the duration of your subscription plus 12 months, after which it is permanently deleted unless you request earlier deletion.
  • Payment records are retained for 7 years to comply with HMRC requirements.
  • Communication records are retained for 3 years.
  • Security logs (IP addresses, session fingerprints, access timestamps) are retained for 12 months for fraud prevention and legal compliance purposes.

7. Your Rights Under UK GDPR

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the following rights:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — ask us to correct inaccurate or incomplete data.
  • Right to erasure — request deletion of your data in certain circumstances ("right to be forgotten").
  • Right to restriction — ask us to restrict processing of your data.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interests or for direct marketing.
  • Rights related to automated decision-making — we do not make solely automated decisions with legal or significant effects on you.

To exercise any of these rights, email us at privacy@courtcraftadvocate.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

8. Cookies

We use essential cookies to keep you logged in and maintain your session. We may also use analytics cookies (e.g. Google Analytics) to understand how the platform is used. You can control non-essential cookies through your browser settings. By continuing to use the platform, you consent to our use of essential cookies.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include encrypted data transmission (TLS), hashed passwords, row-level security on our database, rate limiting on all API endpoints, and access controls. However, no internet transmission is completely secure, and we cannot guarantee absolute security.

10. Session Fingerprinting and Security Monitoring

To protect the integrity of the Service and prevent unauthorised access, scraping, and abuse, we employ session fingerprinting and anomalous access pattern detection. This involves collecting and analysing:

  • IP address and geolocation (country/region level).
  • Browser user-agent string and device characteristics.
  • Request frequency, timing patterns, and API call sequences.
  • Session identifiers and authentication tokens.

This data is processed on the legal basis of our legitimate interests in protecting our intellectual property and preventing abuse of the Service. It is retained for 12 months and is not used for any purpose other than security monitoring and fraud prevention.

Unusual access patterns may trigger automated rate limiting or account suspension. If you believe your account has been incorrectly flagged, please contact support@courtcraftadvocate.com.

11. Children's Data

Our platform is intended for adults (18+) who are parties to family law proceedings. We do not knowingly collect personal data directly from children. If you believe a child has provided us with personal data without appropriate consent, please contact us immediately.

12. International Transfers

Some of our third-party processors (including Anthropic and OpenAI) may process data outside the UK and EEA. Where this occurs, we ensure appropriate safeguards are in place, including standard contractual clauses approved by the ICO, to protect your personal data to the same standard as required under UK GDPR.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice on the platform. The "Last updated" date at the top of this page reflects the most recent revision.

14. Contact Us

For any privacy-related queries or to exercise your rights, please contact our Data Protection contact at:

CourtCraft Advocate Ltd

Data Protection: privacy@courtcraftadvocate.com

General: support@courtcraftadvocate.com

Website: courtcraftadvocate.com

← Back to HomeTerms of Service →DMCA / IP Notice →

© 2024–2026 CourtCraft Advocate™ Ltd. All rights reserved.
Owner: CourtCraftAdvocate Ltd. Proprietary and confidential.