This Privacy Policy explains how LEGAL PROMOTION AND MARKETING SERVICES LIMITED (“Penwright”, “we”, “us”) collects, uses, shares and protects personal data when you use Penwright, our online-only AI drafting and marketing studio at legpromarser.shop. We are committed to handling your data lawfully, fairly and transparently. User input and generated output are processed only to provide the studio workflow described below.
1. Who is responsible for your data
The data controller is LEGAL PROMOTION AND MARKETING SERVICES LIMITED, registered office 80 St. Margaret Street, Dunfermline, KY12 7PE, Scotland, United Kingdom. For any privacy question or to exercise your rights, contact support@legpromarser.shop or +44 7856329042.
2. What we collect
- Contact information and account data: name, email address, phone number if provided, and authentication details when you register or subscribe.
- Studio inputs: the document you need, business context, audience, tone, key terms and facts you enter, plus any files or example data you choose to upload (for example a logo or reference document).
- Generated results: the document drafts, review flags, marketing copy, visual directions and promo storyboards produced from your inputs.
- Order & subscription data: plan, billing interval, subscription status and payment metadata received from our payment processor (never your full card number).
- Support & enquiry data: messages you send through Contact or the Document review clinic.
- Technical & usage data: IP address, device and browser type, and cookie identifiers, collected to run and secure the service.
3. Collection sources and where the data comes from
Most data comes directly from you when you register, use the studio, upload files, subscribe or contact us. Technical data is collected automatically by your browser and our hosting and analytics tools. Subscription and payment metadata is provided by our payment processor, Stripe.
This is an online-only digital AI service with no physical goods, shipping or installation services. Your studio inputs, uploaded reference files, example data and generated drafts are processed only to operate the studio, provide support and keep subscription records.
4. Why we use it and our legal bases
- To provide the service (generate document drafts, marketing, promo storyboards and exports) — performance of a contract.
- To take payment and manage subscriptions — performance of a contract.
- To provide support and respond to enquiries — legitimate interests and performance of a contract.
- To secure, maintain and improve the service, and prevent abuse — legitimate interests.
- To send service and, where permitted, marketing messages — consent or legitimate interests; you can opt out at any time.
- To meet legal and accounting obligations — legal obligation.
We do not use your studio inputs, uploaded files, example data or generated drafts to train AI models. They are processed only to produce and store your outputs and deliver the service to you.
5. How your inputs, uploads and generated drafts are handled
Your user input, studio inputs and any files you upload are sent to our infrastructure to generate your draft. Where an AI provider is enabled, the relevant text is sent to that provider solely to generate your result and is not used to train their models. Uploaded reference files and example data are cached for up to 30 days and then cleared unless you keep them in an active project. Generated output and generated drafts are retained so you can access your work, and you can delete them or your account at any time by emailing us.
6. Payment provider boundary
Payments are processed by Stripe. Card details are entered on Stripe’s secure, PCI-DSS-compliant checkout and are handled by Stripe, not by Penwright. We never receive or store your full card number, CVC or full card expiry. We receive only limited payment metadata (such as subscription status, the last four digits, card brand and billing country) needed to manage your subscription. Where we later offer PayPal, the same boundary applies to that provider.
7. Who we share it with
We share personal data only with processors and partners who help us run the service, under contract:
- Hosting & delivery: Vercel (application hosting and content delivery).
- Payments: Stripe (checkout, subscriptions and billing).
- Database, authentication & storage: Supabase (leads, accounts and uploaded files, where configured).
- AI processing: where an AI provider is enabled to enrich outputs, the relevant studio text is sent to that provider solely to generate your result; it is not used to train their models.
- Email & support tooling used to reply to you.
We do not sell your personal data. We may disclose data where required by law or to protect our rights.
8. International transfers
Some processors may store or process data outside the United Kingdom or European Economic Area. Where they do, we rely on appropriate safeguards such as UK/EU adequacy decisions or Standard Contractual Clauses to protect your data.
9. How long we keep it
- Account & subscription records: for the life of your account and as long as needed for legal, tax and accounting purposes.
- Studio inputs, uploaded files, example data and generated drafts: retained to let you access your work; uploaded reference files and example data are cached for up to 30 days and then cleared unless you keep them in an active project.
- Support messages: up to 24 months.
- Technical logs: typically up to 12 months.
You can ask us to delete your account and associated data at any time.
10. Security
We use encryption in transit, access controls and reputable infrastructure providers. Admin and payment configuration is handled server-side and secrets are never exposed to the browser. No method of transmission or storage is completely secure, but we work to protect your data and to notify you and regulators of any breach as required by law.
11. Your rights
Depending on where you live, you have rights over your personal data. Under UK GDPR and EU GDPR you may request access, rectification, erasure, restriction, portability, and object to certain processing, and withdraw consent at any time. Under the California Consumer Privacy Act (CCPA/CPRA) you may request to know, delete and correct personal information, and to opt out of sale or sharing.
Do Not Sell or Share
We do not sell your personal information and do not share it for cross-context behavioural advertising. To exercise any right, email support@legpromarser.shop. We will verify your request and respond within the timeframes required by law, and we will not discriminate against you for exercising your rights.
12. Cookies and analytics
We use strictly necessary cookies to run the service and, where enabled, limited analytics to understand usage. See our Cookie Policy for details and your choices.
13. Automated decisions and children
Penwright generates document drafts and marketing from your inputs, but these are informational drafts for you to review — they are not automated decisions with legal or similarly significant effects. Penwright is intended for adults running a business. It is not for anyone under 13, and users aged 13–17 must have the consent of a parent or guardian. We do not knowingly collect data from children under 13; if you believe we have, contact us and we will delete it.
14. Complaints and contact
Contact us first at support@legpromarser.shopand we will try to resolve your concern. If you are in the UK you may also complain to the Information Commissioner’s Office; in the EEA, your local supervisory authority.
15. Changes and last updated
We may update this policy from time to time and will change the date below when we do. This policy was last updated on 13 July 2026. Governing law: England and Wales.