Last updated: 23 April 2026
ProPolicyForge is a trading name operated as a sole trader based in Cumbria, England. We provide AI-powered compliance document generation services at propolicyforge.com and propolicyforge.co.uk. You can contact us at support@propolicyforge.com.
When you use ProPolicyForge, we may collect the following information:
Organisation name, location and size you enter when generating documents. Sector-specific details you provide to personalise your document. Any existing policy documents you upload or paste into the Review & Update tool. Your email address if you contact us via our contact form. Payment information processed securely through Stripe (we do not store card details). Basic usage data such as pages visited and time spent on site (via anonymous analytics).
We do not collect sensitive personal data about individuals and we do not require you to create an account to use the service.
ProPolicyForge uses stateless AI processing. This means:
Document content you enter, paste or upload is used only to generate your document. Your content is never used to train AI models. Each generation is completely private and isolated. Uploaded files are processed in your browser to extract text — the file itself is not transmitted to or stored by our servers. For free and pay-per-document users, content is not retained beyond the duration of your session. For subscribed users, generated document content is stored securely in your private Vault.
This approach is specifically designed to protect organisations in regulated sectors such as healthcare, social care and legal services. Your content is never used to train AI models regardless of your plan.
We use the information you provide solely to:
Generate the compliance document you have requested. Store generated documents securely in your private Vault (subscribed users only). Enable document review, update and version tracking features (subscribed users only). Process your payment securely via Stripe. Respond to support enquiries submitted via our contact form. Improve our service based on anonymous usage patterns.
We do not sell, rent or share your personal data with third parties for marketing purposes.
Under UK GDPR, we process your data on the following legal bases:
Contract — to deliver the document generation service you have paid for or requested. Legitimate interests — to improve our service and prevent fraud. Consent — annual reminder emails, where email address is voluntarily provided. Legal obligation — to comply with UK tax and financial regulations.
ProPolicyForge retains personal data only for as long as necessary for the purposes for which it was collected, in accordance with the following schedule:
Document content (free and pay-per-document users): processed in real time and not retained beyond your active session.
Document content (subscribed users): stored in your private Vault until you choose to delete it. If you close your account, all stored documents are permanently deleted within 30 days of account closure.
Payment records: retained for 7 years as required by HMRC and UK financial regulations.
Support correspondence: retained for 2 years from the date of last correspondence.
Annual reminder email addresses: retained until the reminder is sent or you request deletion — whichever is earlier.
Contact form submissions: retained for 2 years.
Anonymous analytics data: retained in aggregated, non-identifiable form indefinitely.
Audit trail and vault metadata (subscribed users): retained for the duration of the subscription plus 30 days following account closure.
To request deletion of any personal data we hold, contact support@propolicyforge.com. We will respond within 30 days.
ProPolicyForge uses the following third party sub-processors to operate the platform. Each processor has been selected for their compliance with UK GDPR and equivalent data protection standards.
Anthropic (United States) — AI model processing for document generation. Data transferred under Anthropic's standard data processing terms. Document content is not retained by Anthropic beyond the processing request. International transfer mechanism: UK-US Data Bridge and Anthropic's standard contractual commitments.
Stripe (United States) — payment processing and subscription management. Stripe does not share card details with ProPolicyForge. International transfer mechanism: Stripe's standard contractual clauses and UK-US Data Bridge.
Resend (United States) — transactional email delivery including confirmation emails, review reminders and inspector communications. Email addresses are transmitted to Resend solely for the purpose of delivering the relevant email.
Vercel (United States, with EU edge deployment) — website hosting, deployment infrastructure and Vercel Blob document storage. Document content for subscribed users is stored in Vercel Blob configured to the EU region. International transfer mechanism: Vercel's Data Processing Addendum and standard contractual clauses.
Upstash (United States, London region store) — Redis database for vault metadata, document index, reminder scheduling and audit trail storage. Data stored in the London (EU) region. International transfer mechanism: Upstash's Data Processing Agreement.
Google Analytics (United States) — anonymous usage analytics. No personally identifiable data is transmitted. Analytics cookies are only set with your prior consent. International transfer mechanism: Google's standard contractual clauses.
Namecheap (United States) — domain registration for propolicyforge.com and propolicyforge.co.uk. No personal data beyond registrant contact details is processed.
A full Data Processing Agreement is available at propolicyforge.com/dpa for customers who require formal documentation of ProPolicyForge's data processing obligations.
ProPolicyForge is registered with the Information Commissioner's Office (ICO) under registration number ZC116446. Registration date: 6 April 2026.
Under UK GDPR you have the right to access the personal data we hold about you; request correction of inaccurate data; request deletion of your data; object to processing of your data; and lodge a complaint with the ICO (ico.org.uk).
To exercise any of these rights, contact us at support@propolicyforge.com and we will respond within 30 days.
ProPolicyForge uses two categories of cookies:
Essential cookies — required for the site to function correctly, including session management and authentication. These are always active.
Analytics cookies — we use Google Analytics to understand how visitors use our site. These cookies collect anonymous usage data only and do not identify individual users. Analytics cookies are only set with your prior consent via our cookie consent banner.
We do not use advertising or tracking cookies. You can withdraw your analytics consent at any time by clearing your browser's local storage for propolicyforge.com.
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated date. Continued use of the service after changes constitutes acceptance of the updated policy.
If you have a complaint about how ProPolicyForge handles your personal data, please follow this procedure:
Step 1 — Contact us directly: Email support@propolicyforge.com with the subject line 'Data Protection Complaint'. Please include your name, contact details, and a clear description of your concern. We will acknowledge your complaint within 5 working days.
Step 2 — Investigation: We will investigate your complaint thoroughly and aim to provide a full written response within 30 days. If your complaint is complex and requires more time, we will notify you and provide a revised timescale.
Step 3 — Resolution: We will set out our findings and any action we have taken or will take to resolve your complaint. If you are not satisfied with our response, you may escalate to the ICO.
Step 4 — ICO Referral: You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at any time. The ICO can be contacted at ico.org.uk, by telephone on 0303 123 1113, or by post at ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Our ICO registration number is ZC116446.
This procedure is effective from 23 April 2026.
If you have any questions about this Privacy Policy or how we handle your data, please contact us at support@propolicyforge.com. We aim to respond to all enquiries within 2 business days.