Privacy Policy

1. What this policy covers

This Privacy Policy explains how Zayn Productions Ltd ("we", "us", "our") collects, uses, stores, and protects personal data when you use DocsCheck at docscheck.co.uk and app.docscheck.co.uk. It applies to:

• Visitors to our marketing website (docscheck.co.uk)
• Registered users of the DocsCheck platform (app.docscheck.co.uk)
• Client data uploaded or submitted to the platform by regulated professional users

By using DocsCheck, you confirm that you have read and understood this policy. If you do not agree, you should not use the platform.

2. Data we collect

2.1 Account and organisation data

When you register for DocsCheck, we collect:

• Organisation name and type
• Your full name and email address
• Password (stored as a one-way hash — we cannot read it)
• Phone number (optional)
• Billing information (processed by our payment provider)
• Login timestamps, IP addresses, and browser/device information (for security)

2.2 Case and client data

When you use DocsCheck to manage immigration cases, you may upload or enter:

• Client personal information (names, contact details, dates of birth, nationality)
• Immigration documents (passports, financial records, employment evidence)
• Questionnaire responses submitted by your clients
• Case notes and internal file records

You are the data controller for your clients' personal data. We process this data on your behalf as a data processor. Our Data Processing Agreement sets out the terms under which we do so.

2.3 Usage and technical data

We automatically collect technical information when you use the platform:

• Pages visited and actions taken within the platform
• Document upload events and AI analysis results
• Error logs and performance data
• Session information

2.4 Communications data

If you contact us by email or through the platform's messaging system, we retain those communications for support and quality purposes.

3. Lawful basis for processing

4. How we use your data

We use the data we collect to:

• Provide and maintain the DocsCheck platform
• Process document uploads and run AI analysis via OpenAI GPT-4o
• Send automated reminders, questionnaire invitations, and platform notifications via Brevo
• Verify your identity and secure your account
• Provide customer support
• Generate usage statistics and platform health reports
• Comply with our legal obligations

We do not sell your personal data to any third party. We do not use your data or your clients' data to train AI models.

5. Data processors and third parties

We share data with the following third-party processors to operate the platform. All processors are subject to data processing agreements and are required to maintain appropriate security standards.

Where processors are located outside the UK, we use Standard Contractual Clauses (SCCs) or rely on adequacy decisions to ensure an appropriate level of data protection.

6. Data retention

We retain personal data for as long as your account is active and as required to provide the service. Specific retention periods:

• Account data: Retained for the duration of your subscription plus 90 days after cancellation, then deleted.
• Case and client data: Retained while your account is active. You can delete client data at any time from within the platform.
• Security and audit logs: Retained for 12 months.
• Billing records: Retained for 7 years to comply with UK financial regulations.
• Support communications: Retained for 2 years.

7. Your rights under UK GDPR

You have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Correct inaccurate or incomplete data.
• Right to erasure: Request deletion of your personal data in certain circumstances.
• Right to restriction: Ask us to limit how we use your data.
• Right to portability: Receive your data in a structured, machine-readable format.
• Right to object: Object to processing based on legitimate interests.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@docscheck.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Two-factor authentication (TOTP) for all staff and admin accounts
• Session-based authentication with server-side session storage
• Encrypted connections (HTTPS/TLS) for all data in transit
• Multi-tenant data isolation — your organisation's data is never accessible to another organisation
• Login audit logging with IP address and device tracking
• Automatic account lockout after repeated failed login attempts
• Daily health monitoring

For more information, see our Security page.

9. Cookies

We use essential cookies to operate the platform (session management, authentication). We do not use advertising cookies or third-party tracking cookies. For full details, see our Cookie Policy.

10. Children

DocsCheck is a professional platform intended for use by regulated legal professionals and their business clients. It is not directed at, and we do not knowingly collect personal data from, individuals under the age of 18.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify registered users of any material changes by email. The current version is always available at docscheck.co.uk/privacy. Continued use of the platform after changes take effect constitutes acceptance of the updated policy.

12. Contact us

For any questions about this Privacy Policy or how we handle your data: