Privacy Policy

Last updated: 2 April 2026

BundleRight is operated by Nimble Tech Ltd ("we", "us", or "our"). This privacy policy explains how we collect, use, and protect your personal data when you use our document bundling service.

1. Information We Collect

Waitlist Information: When you join our waitlist, we collect:

• Your full name
• Your email address
• The date and time you joined the waitlist

Account and Billing Information: When you purchase credits, we collect:

• Your firm name
• Your billing email address
• Payment information (processed securely by Stripe; we do not store your card details)
• Your licence key usage and credit balance

Document Processing: When you use BundleRight to process documents:

• Documents are processed in temporary, session-only storage
• Document content is sent to Anthropic's Claude API with Zero Data Retention (ZDR) enabled
• All documents are permanently deleted when your session ends
• We do not retain, store, or log any document content or metadata

2. How We Use Your Information

We use the information we collect to:

• Notify waitlist members when BundleRight launches
• Process payments and manage licence keys
• Provide the document bundling service
• Track credit usage against your licence key
• Send essential service communications (e.g., credit balance notifications)
• Respond to support requests

We will never:

• Sell or share your personal data with third parties for marketing purposes
• Use your document content for any purpose other than providing the service
• Retain your document content after your session ends
• Allow AI providers to train models on your documents

3. Zero Data Retention (ZDR)

BundleRight is built with law firm security requirements in mind:

• All Claude API calls are made with Zero Data Retention enabled
• Anthropic does not retain, log, or use your document content
• Documents are never used for model training
• All temporary files are permanently deleted at the end of each session
• No document content is stored in any database

4. Data Storage and Security

We implement appropriate security measures to protect your information:

• All data transmission uses HTTPS/TLS encryption
• Documents are processed in temporary, session-scoped storage only
• Services are hosted on AWS infrastructure in accordance with industry standards
• Payment processing is handled by Stripe, a PCI-compliant payment processor
• Access to systems is restricted and logged

5. Data Sharing

We share your information only with trusted service providers who help us operate BundleRight:

• Anthropic: To process documents using Claude AI (with ZDR enabled)
• Stripe: To process payments securely
• AWS: To host our application infrastructure

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

6. Your Rights

Under UK data protection law (UK GDPR), you have the right to:

• Access your personal data
• Correct inaccurate personal data
• Request deletion of your personal data
• Object to processing of your personal data
• Request restriction of processing your personal data
• Request transfer of your personal data (data portability)
• Withdraw consent at any time

To exercise any of these rights, please contact us at privacy@bundleright.co.uk.

7. Data Retention

• Waitlist data: Retained until launch, then for 90 days, then deleted unless you become a customer
• Account and billing data: Retained for the duration of your licence, plus 7 years for tax purposes
• Document content: Deleted immediately at the end of your session (typically within minutes)
• Usage logs: Credit usage records retained for 12 months for billing purposes

8. Cookies and Tracking

BundleRight uses minimal cookies:

• Session cookies: To maintain your active session (essential, deleted when you close your browser)
• Licence key storage: To remember your licence key for convenience (stored locally in your browser)

We do not use tracking cookies, analytics cookies, or advertising cookies.

9. International Transfers

Your personal data may be processed on servers located outside the UK (primarily in AWS data centres). When this occurs, we ensure appropriate safeguards are in place, including:

• Standard contractual clauses approved by the UK Information Commissioner's Office
• Compliance with UK GDPR requirements
• Zero Data Retention for all document processing

10. Children's Privacy

BundleRight is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by email (if you have provided one) or by posting a notice on our website. The "Last updated" date at the top of this policy indicates when it was last revised.

12. Contact Us

If you have questions about this privacy policy or how we handle your data, please contact us:

Nimble Tech Ltd
Email: privacy@bundleright.co.uk
Website: bundleright.co.uk

If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.