Privacy Policy
Effective date: 28/04/2026
Last updated: 28/04/2026
This Privacy Policy explains how Beecredo Ltd ("ContractShield", "we", "us", "our") collects, uses, and protects personal data when you use our website https://contractshield.co.uk and our contract review service (the "Service").
We are the data controller for personal data we collect about you as a user of our Service. For personal data contained within contracts you upload for review, we act as a data processor — see our Data Processing Agreement for details.
1. Who we are
Company: Beecredo Ltd
Company number: 13763129
Registered address: 48 Caistor Close, Manchester, M16 8NW, UK
Contact for privacy matters: privacy@contractshield.co.uk
ICO registration number: CSN4396481
2. What personal data we collect
Data you provide to us
- Account data: name, business email, company name, job title, password (stored hashed).
- Billing data: billing address, VAT number (where applicable). Card details are collected and stored directly by Stripe — we never see or store full card numbers.
- Contract content: documents you upload for review. These may contain personal data of third parties (counterparties, signatories). We do not retain uploaded contract files — they are processed and then deleted immediately after processing completes. We do retain the review outputs (analysis, risk flags, summaries) generated from your contract. See the DPA for how we handle this.
- Communications: messages you send us via email, support channels, or forms.
Data we collect automatically
- Usage data: pages visited, features used, session duration, referring URL.
- Device data: IP address, browser type and version, operating system, device type.
- Cookies and similar technologies: see our Cookie Policy.
Data from third parties
- Payment confirmation data from Stripe (transaction ID, last 4 digits of card, card brand).
- Email deliverability data from our email service provider.
3. Why we process your data and our lawful basis
| Purpose | Lawful basis (UK GDPR Art. 6) |
|---|---|
| Creating and managing your account | Performance of a contract |
| Providing contract review functionality | Performance of a contract |
| Taking payment and issuing invoices | Performance of a contract; legal obligation (tax records) |
| Responding to support requests | Performance of a contract; legitimate interests |
| Sending service announcements (e.g. outages, breaking changes) | Legitimate interests (keeping you informed about a service you use) |
| Sending marketing emails | Consent (you can withdraw at any time) |
| Fraud prevention and securing the Service | Legitimate interests |
| Analytics to improve the Service | Legitimate interests |
| Complying with legal obligations (e.g. tax, law enforcement requests) | Legal obligation |
Where we rely on legitimate interests, we have carried out a balancing test to ensure our interests do not override your rights and freedoms. You can request details of our assessment by contacting us.
4. How long we keep your data
| Data category | Retention period |
|---|---|
| Account data | For as long as your account is active, plus 12 months after closure |
| Uploaded contract files | Not retained. Deleted immediately after processing completes (typically within minutes of upload) |
| Contract review outputs (analysis, risks, summaries) | For the life of your account unless you delete them |
| Billing records and invoices | 7 years (UK tax law) |
| Support communications | 3 years |
| Marketing preferences | Until you unsubscribe, plus 3 years for suppression-list purposes |
| Website analytics | 26 months |
We do not retain copies of the original contracts you upload. If you need to re-review a contract, you will need to upload it again. We recommend keeping your own copy of any contract you submit.
You can delete review outputs at any time from your account dashboard or by emailing support@contractshield.co.uk.
5. Who we share your data with
We share personal data with the following categories of recipients, who act as our processors or as independent controllers:
- AI processing provider: Anthropic PBC (via the Claude API) — to run the contract analysis. Content you upload is transmitted to Anthropic for processing under Anthropic's Commercial Terms of Service, which contractually prohibit the use of your content to train Anthropic's models. Anthropic retains API inputs and outputs for a maximum of 30 days for abuse monitoring. [If applicable: We operate under a Zero Data Retention (ZDR) arrangement with Anthropic, meaning your content is not retained by Anthropic at rest after the API response is returned, except as required for abuse screening.]
- Payment processor: Stripe Payments Europe Ltd (controller for payment data).
- Cloud hosting: DigitalOcean (London).
- Email service provider: Postmark.
- Analytics: Google Analytics.
- Professional advisers: lawyers, accountants, auditors under duties of confidentiality.
- Law enforcement or regulators: where required by law.
- Acquirers: in the event of a sale or reorganisation of our business (subject to confidentiality).
A current list of our sub-processors is available at https://contractshield.co.uk/sub-processors.
We do not sell your personal data. We do not share it with advertisers.
6. International transfers
Some of our processors are located outside the UK, including in the United States. Where we transfer personal data outside the UK, we rely on:
- UK adequacy regulations where they apply (e.g. EEA countries).
- The UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses for other transfers, combined with supplementary measures where necessary.
You can request a copy of the safeguards in place by contacting privacy@contractshield.co.uk.
7. Your rights
Under UK GDPR, you have the right to:
- Access the personal data we hold about you.
- Rectification of inaccurate or incomplete data.
- Erasure ("right to be forgotten") in certain circumstances.
- Restriction of processing in certain circumstances.
- Portability of data you have provided to us.
- Object to processing based on legitimate interests or direct marketing.
- Withdraw consent where processing is based on consent.
- Not be subject to automated decision-making that produces legal or similarly significant effects. Note: our contract analysis provides recommendations for human review; it does not make automated decisions about you.
To exercise any of these rights, email privacy@contractshield.co.uk. We will respond within one month. We may need to verify your identity before responding.
If you are unhappy with how we handle your data, you can complain to the Information Commissioner's Office (ICO):
- Website: https://ico.org.uk
- Helpline: 0303 123 1113
We would appreciate the chance to resolve any concerns before you contact the ICO.
8. Security
We describe our technical and organisational security measures in our Security page. In summary: encryption in transit (TLS 1.2+) and at rest (AES-256), access controls, audit logging, and regular security reviews.
9. Children
Our Service is intended for business use and is not directed at anyone under 18. We do not knowingly collect personal data from children.
10. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be notified to you by email or a prominent notice on the Service at least 14 days before they take effect. The "Last updated" date at the top reflects the current version.
11. Contact
For any privacy-related questions:
- Email: privacy@contractshield.co.uk
- Post: Beecredo Ltd, 48 Caistor Close, Manchester, M16 8NW, UK