Privacy Policy

Last Updated: December 1, 2025

1. Introduction

Welcome to AiDrafter ("we," "our," or "us"), a service provided by Property Marvel Ltd. We are committed to protecting your personal data and respecting your privacy.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and document generation services. It complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller Details

Legal Entity: Property Marvel Ltd.
Registered Address: Ty Antur, Navigation Park, Abercynon, CF45 4SN, United Kingdom.
Telephone: 020 3904 1691
Email: enquiries@propertymarvel.co.uk

Property Marvel Ltd is the Data Controller for your account information and billing data.

For the content you enter into our forms (e.g., employee names, specific site addresses), you act as the Data Controller and we act as the Data Processor.

3. The Data We Collect

We collect and process the following categories of personal data:

A. Information You Provide

  • Account Data: Name, email address, and password hash (we do not store plain-text passwords).
  • Billing Data: Transaction history. Note: We do NOT store full credit card numbers. Payments are processed directly by Stripe, and we only retain the payment token/status.
  • Document Data (User Content): The specific answers, text, and details you enter into our forms to generate documents (e.g., Risk Assessments, Contracts).

B. Information Collected Automatically

  • Usage Data: IP addresses, browser type, and device information via server logs.
  • Analytics: We use Google Analytics to understand how users interact with our site (e.g., pages visited, time spent).

4. How We Use Your Data (Legal Basis)

Purpose Legal Basis (UK GDPR)
To provide the Service: Generating documents based on your input. Performance of Contract
Billing & Invoicing: Processing payments and managing credits. Performance of Contract
Account Management: Password resets, service notifications. Performance of Contract
Accounting & Tax: Keeping records for HMRC. Legal Obligation
Security & Fraud Prevention: Protecting our infrastructure. Legitimate Interests
Product Improvement: Analyzing usage to improve our AI prompts. Legitimate Interests

5. Artificial Intelligence & Data Processing

Our service utilizes Google Cloud Vertex AI (specifically the Gemini model series) to draft documents.

  • No Training on Your Data: We use the Paid Enterprise Tier of Vertex AI. Google contractually guarantees that your inputs and generated documents are NOT used to train their AI models. Your data remains private to your instance.
  • Processing Location: AI processing is performed in Belgium (Europe-West1), ensuring data remains within the UK/EEA adequacy zone where possible.

6. How We Store & Secure Your Data

We employ industry-leading security measures ("Privacy by Design") to protect your sensitive Document Data.

  • Hosting: Our primary servers are hosted in the UK (Fasthosts Datacentre).
  • Database Backups: Stored securely in Azure UK South.
  • Advanced Encryption: We do not store your document inputs as plain text.
    • Key-Per-Record Encryption: Each document is encrypted with its own unique key using high-standard HMAC/AES encryption.
    • Key Management: These keys are themselves encrypted and managed via Google Cloud Key Management Service (KMS).
    • No Access: Our database administrators and developers cannot read your document contents directly from the database.
  • Document Storage: We store the HTML draft of your document to allow for editing. We do not store generated PDF or Word files; these are generated on-demand and downloaded directly to your device.

7. Data Retention

We only keep your personal data for as long as necessary:

  • User Account Data: Retained for the lifetime of your account. You may request deletion at any time.
  • Document Drafts: Retained for 2 years from the date of last edit. This allows you to renew annual documents (e.g., Risk Assessments) easily. After this period, inactive drafts are permanently deleted.
  • Financial Records: Retained for 6 years as required by UK Tax Law (HMRC).

8. Sharing Your Data

We do not sell your data. We share data only with the following trusted third-party processors required to run our service:

  1. Google Cloud (Vertex AI / KMS): For AI generation and encryption key management. (Location: Belgium/Global).
  2. Stripe: For payment processing. (Location: Global/US - Covered by Data Privacy Framework).
  3. Xero: For invoicing and accounting. (Location: Global).
  4. Google Analytics: For website usage statistics.

We ensure all third parties have robust Data Processing Agreements (DPAs) in place to protect your rights.

9. Your Rights

Under the UK GDPR, you have the right to:

  • Access: Request a copy of the data we hold about you.
  • Rectification: Correct inaccurate data.
  • Erasure ("Right to be Forgotten"): Request we delete your data (subject to our legal tax obligations).
  • Restriction: Pause processing of your data in certain scenarios.
  • Portability: Receive your data in a structured, machine-readable format.

To exercise any of these rights, please contact us at enquiries@propertymarvel.co.uk.

10. Changes to This Policy

We may update this policy from time to time. Any significant changes will be notified to you via email or a prominent notice on our dashboard.

© 2025 - Property Marvel Limited - a company registered in England & Wales - Company number 11935130
Ty Antur, Navigation Park, Abercynon, United Kingdom CF45 4SN | t: 020 3904 1691
Privacy | Terms | 216.73.216.187