Privacy Policy

OmniDeed is a document intelligence platform for UK conveyancing firms. This Privacy Policy explains how personal data is handled when firms and authorised users access the platform, upload documents, generate outputs, and use related services.

For UK GDPR purposes, OmniDeed will generally act as a controller for account, billing, security, and website usage data, and may act as a processor in relation to client matter data and uploaded documents processed on behalf of law firms.

If you publish a legal entity name, registered address, or dedicated privacy contact address elsewhere on the site, those details should be aligned with this policy before publication.

• Account and profile data, such as names, work email addresses, organisation names, job titles, and login details.
• Organisation data, such as firm name, SRA number, workspace roles, team membership, and admin settings.
• Uploaded document data, such as title registers, search packs, TA forms, CPSE forms, heads of terms, leases, plans, and other conveyancing materials.
• Matter-related data entered by users, such as notes, prompts, follow-up questions, and workflow selections.
• Generated content, such as draft reports, analyses, issue summaries, risk flags, extracted text, document chunks, and chat history.
• Technical and usage data, such as IP addresses, browser information, timestamps, device information, access logs, and security events.
• Billing and transaction data, such as credit purchases, invoices, payment status, and limited payment-provider metadata.
• Support and communications data, such as emails, contact form messages, and troubleshooting information.

• To create and manage accounts, firm workspaces, and user authentication.
• To process uploaded documents and provide extraction, analysis, drafting, and document Q&A features.
• To administer organisation credits, billing, purchases, and payment records.
• To maintain platform security, monitor misuse, prevent unauthorised access, and investigate incidents.
• To provide customer support, respond to queries, and resolve technical issues.
• To improve platform performance, reliability, and usability.
• To comply with legal obligations, regulatory expectations, contractual duties, and lawful requests.

Under UK GDPR, OmniDeed may rely on one or more legal bases depending on the type of personal data and the purpose of processing.

• Contract, where processing is necessary to provide the platform and related services to users or organisations.
• Legitimate interests, where processing is necessary for security, service improvement, platform administration, fraud prevention, and proportionate operational management.
• Legal obligation, where processing is necessary to comply with applicable law, regulation, accounting requirements, or lawful requests.
• Consent, where consent is specifically requested for a particular activity.

OmniDeed uses automated tools, including OCR, document extraction, classification, search, and AI-assisted drafting, to help legal teams review conveyancing documents more efficiently.

These tools are designed to support legal professionals, not replace them. Firms remain responsible for checking outputs, exercising professional judgment, and deciding what advice or action is appropriate.

Personal data may be shared where reasonably necessary with service providers that support the operation of the platform.

• Hosting, database, and authentication providers.
• Cloud storage and document processing providers.
• AI and language-model service providers.
• Payment processors and billing providers.
• Professional advisers, auditors, or insurers where necessary.
• Courts, regulators, law enforcement, or other third parties where required by law or where necessary to protect legal rights.

OmniDeed is positioned around UK legal-sector use, and the intention is to keep services and handling aligned as closely as possible with UK and London-based operational requirements.

Where personal data is stored or processed in the UK, that will be reflected in OmniDeed’s technical and provider choices. If any provider processes data outside the UK, OmniDeed should ensure that an appropriate lawful transfer mechanism is in place under UK GDPR before that transfer occurs.

If you want the public wording to say everything is kept in London, that should only be stated if your hosting, storage, backups, logs, and subprocessors genuinely support that statement in practice.

Personal data is kept only for as long as reasonably necessary for the purposes described in this policy, including service delivery, security, legal compliance, and dispute handling.

Retention periods may differ depending on the type of data, the organisation’s usage, deletion settings, backup cycles, and legal obligations.

• Account and organisation records may be retained while the account is active and for a reasonable period afterwards.
• Billing, payment, and tax records may be retained for as long as required by law and accounting obligations.
• Support records may be retained for operational, audit, and troubleshooting purposes.
• Security logs may be retained for incident response, fraud prevention, and platform protection.

OmniDeed uses technical and organisational measures intended to protect personal data against unauthorised access, loss, misuse, or unlawful disclosure.

These measures may include access controls, authentication, encrypted transmission, role-based permissions, audit logging, and provider-level security controls.

No online platform can guarantee absolute security, so users and firms should avoid uploading irrelevant personal data and should use the platform in line with their own confidentiality and risk-management obligations.

Subject to applicable law, individuals may have rights in relation to their personal data.

• The right to request access to personal data.
• The right to request correction of inaccurate or incomplete data.
• The right to request erasure in certain circumstances.
• The right to request restriction of processing in certain circumstances.
• The right to object to certain processing.
• The right to data portability where applicable.
• The right to lodge a complaint with the Information Commissioner's Office.

OmniDeed may use cookies or similar technologies for authentication, security, basic site functionality, and performance monitoring.

If non-essential cookies or analytics tools are used, the site should present appropriate notices and choices in line with applicable UK rules.

This Privacy Policy may be updated from time to time to reflect service changes, legal developments, or operational updates.

The latest version should always be published on the website, together with the effective date of the current version.

For privacy-related queries, data protection requests, or concerns about how personal data is handled, users should contact OmniDeed using the privacy or support contact details published on the website.