Privacy Policy


Effective date: 29 June, 2025

This Privacy Policy explains how TermsEngine, operated by Kredista Sp. z o.o., collects, uses, and protects personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Irish data protection laws. TermsEngine is committed to transparency and clarity, ensuring individuals understand how their data is processed and safeguarded.


1. Who is TermsEngine

1.1 TermsEngine is a legal copywriting and compliance service for businesses across Ireland and the EU. Our services include document drafting, legal content audits, and consulting.
1.2 TermsEngine is a legal service brand operated primarily by Kredista Sp. z o.o., a private limited company registered in Poland. Elements of service delivery may also be supported by affiliated business partners based in Ireland and Poland. For GDPR and data protection compliance, Kredista acts as the data controller for all client information collected through the TermsEngine website.
1.3 You can contact us at:
 1.3.1 Email: info@termsengine.com
 1.3.2 Website: www.termsengine.com


2. What information we collect

We collect and process personal data necessary to operate our services, communicate with clients, and ensure legal compliance. The types of data we may collect include:

2.1 Contact details. This includes your full name, email address, and phone number as provided through our forms, emails, or during consultations.

2.2 Business information. We may collect details about your business such as your company name, registered trading name (if applicable), website URL, business sector, and any relevant operational context that helps us customise your legal documents.

2.3 Service-related data. This includes all information you provide when requesting a free audit, legal copywriting, or document drafting services. It may include project briefs, document outlines, and the content of submitted web pages or business materials.

2.4 When processing payments, we may collect data such as billing address, invoice recipient name, VAT registration number (if applicable), and payment confirmation. All financial transactions are securely handled by third party payment processors. No full card details are stored on TermsEngine servers; PCI-DSS handled by Stripe.

2.5 We collect limited technical data when you interact with our website, including your IP address, browser type, time zone, pages visited, referral sources, and device identifiers. This is collected via cookies and analytics tools and is used only to improve site performance and security.

2.6 When you book a call or consultation, we collect details such as your preferred date and time, contact information, and any notes or questions submitted through the booking form.

2.7 We retain copies of any direct communication you initiate with us, including emails, attachments, client notes, and internal logs related to the delivery of services or support.


3. How we collect data

We collect personal data through direct interactions with you and by monitoring your use of our website and services. This includes the following methods:

3.1 This includes forms such as the free audit request, contact form, service enquiry, or document intake questionnaire. The information you provide may include your name, email address, website URL, and any specific requests or instructions.

3.2 When using our scheduling tool, you voluntarily submit information required to confirm your booking, such as your name, email address, and availability. This data is collected and stored securely by Calendly in line with GDPR standards.

3.3 If you contact us directly through email or messaging, we may retain those communications along with any details you provide, including attachments or follow-up notes related to your service needs.

3.4 We automatically collect certain technical data when you visit our website, such as IP address, browser type, visited pages, and referral sources. This helps us understand user behaviour and optimise site performance. Non essential cookies are used only with your consent, and you may adjust these settings via our cookie banner.


4. Why we collect your data

We collect and process personal data in order to operate our business, provide legal and compliance services, and fulfil both contractual and legal obligations. Specifically, we use your data for the following purposes:

4.1 Enquiries. When you contact us through our website, email, or consultation form, we collect the information necessary to communicate with you, assess your needs, and provide relevant service information.

4.2 We require your data in order to prepare customised legal policies, agreements, audits, and related deliverables. This may involve analysing your business model, website content, or provided instructions to ensure documents are accurate and legally suitable.

4.3 Billing. We collect and store information required for generating quotations, issuing tax compliant invoices, and processing secure payments through third party providers such as Stripe or bank transfer.

4.4 We use usage data, analytics tools, and behavioural insights to understand how visitors interact with our website. This allows us to improve user experience, identify performance issues, and tailor services more effectively.

4.5 We may retain and process certain data to meet statutory requirements, including those related to financial record-keeping, taxation, fraud prevention, or regulatory reporting.


5. Legal basis for processing

We process personal data in accordance with the General Data Protection Regulation (GDPR), relying on one or more of the following lawful bases depending on the specific purpose of the processing:

5.1 We process your personal data when it is necessary to enter into or perform a contract with you. This includes handling service enquiries, preparing quotations, drafting legal or compliance documents, conducting audits, and delivering services you have requested. Without such data, we would not be able to fulfil our obligations or provide our services effectively.

5.2 We may process your data to meet legal or regulatory requirements. This includes retaining certain records for tax purposes, issuing legally compliant invoices, and complying with financial, anti-fraud, or commercial laws applicable in Ireland and the EU.

5.3 We may process personal data where it is necessary for our legitimate business interests, provided these interests are not overridden by your rights and freedoms. Our legitimate interests include monitoring and securing our website, improving service quality and customer support, managing workflow and internal tools used for document production, and following up on incomplete enquiries or prior service engagement.

5.4 We have conducted a legitimate interest balancing test to ensure these interests do not override your data protection rights.

5.5 Where required, we rely on your clear and informed consent before processing certain types of data. This includes your consent for the use of non essential cookies and similar technologies, your subscription to optional updates or newsletters, and any situation in which you voluntarily provide additional personal information outside of contractual necessity.


6. Use of third-party tools

To operate efficiently and deliver our services, TermsEngine uses several trusted third-party service providers. All providers are selected for their security, compliance with EU data protection regulations, and relevance to our business needs.

6.1 Client Communication and Scheduling
6.1.1 Calendly: Used for scheduling consultations and appointments.
6.1.2 Zoom: Used for client meetings, consultations, and screen shares. Meetings may be recorded only with client consent.

6.2 Document Collaboration and Storage
6.2.1 Google Drive: Secure cloud storage for client documents, project materials, and internal records.
6.2.2 Notion: Used internally for document drafting, content collaboration, and project organisation.
6.2.3 DocuSign: Used for collecting digital signatures on contracts and agreements.

6.3 Sales, Payments and CRM
6.3.1 Pipedrive: CRM platform used to manage leads, client onboarding, and sales processes.
6.3.2 Stripe: Used to securely process online card payments. Stripe may store limited customer payment and contact details in accordance with PCI-DSS and GDPR standards.
6.3.3 Revolut Business / Nest Bank: Used for receiving and managing client payments, generating invoices, and internal accounting. Only basic payment metadata is stored.

6.4 Analytics and Site Performance
6.4.2 WebHostingIreland: Provides hosting and SSL certificate services for our website and client-facing platform. All data is stored within EU data centres.

6.5 AI-Powered Support Tools
6.5.1 ChatGPT (OpenAI): Used internally to assist with document drafting, structuring, and analysis. We do not submit identifiable personal data or sensitive information for processing or model training. The tool is used strictly to enhance productivity and quality.


7. Cookies and tracking

7.1 Use of Cookies

Our website uses cookies and similar tracking technologies to support core functionality, analyze performance, enhance user experience, and monitor how visitors engage with our content. Cookies are small text files placed on your device when you visit our website.

7.2 Categories of Cookies Used
7.2.1 Strictly Necessary Cookies are required for the basic operation of the website, including security, navigation, and accessibility. These cookies cannot be disabled.
7.2.2 Performance and Analytics Cookies help us understand how visitors interact with our website, including which pages are visited and how users navigate the site.
7.2.3 Functionality Cookies remember your preferences, such as language settings or region, to enhance your experience.
7.2.4 Marketing and Third Party Cookies. May be set by services like embedded tools, external analytics, or social media plugins. These cookies can track your behavior across different websites.

7.3 You will be prompted to provide consent for non-essential cookies through a cookie banner upon your first visit. You can accept or reject these cookies and manage your preferences at any time via the banner settings or by adjusting your browser configuration.

7.4 Some cookies may originate from third-party providers such as Calendly or ChatGPT integrations. These providers may collect usage or behavioral data as described in their respective policies.

7.5 Cookies may collect information including, but not limited to, IP address, browser type, device identifiers, operating system, pages visited, session duration, and referring URLs. This information helps us identify trends, troubleshoot issues, and improve functionality.

7.6 Retention of Cookies
7.6.1 Session cookies are temporary and expire once you close your browser.
7.6.2 Persistent cookies remain on your device for a set period or until manually deleted by the user.

7.7 You may manage or delete cookies at any time through your browser settings. Most browsers allow you to disable or restrict cookie placement. However, disabling essential cookies may impair core site functionality.

7.8 For a full list of cookies used on this website, including their purpose, duration, and provider, please refer to our standalone Cookie Policy.


8. Who we share data with

We treat all personal data with strict confidentiality and only share it when necessary for the performance of our services, legal compliance, or secure operations. Specifically, we may share your data under the following conditions:

8.1 We may engage vetted legal or technical professionals to support service delivery. Any subcontractors or consultants operate under written confidentiality and data processing agreements to ensure GDPR compliance and secure handling of client data.

8.2 In order to complete financial transactions, your billing details and payment metadata may be processed by third-party providers such as Stripe or our accounting software. These providers are GDPR-compliant and authorised to store financial information where required by law.

8.3 We use trusted EU-based providers to host our website, store files, manage communications, and protect our infrastructure. Data may be securely stored on cloud platforms such as Google Drive or within our hosting and CRM systems.

8.4 We do not engage in the commercial sale, licensing, or unauthorised sharing of your personal or business data with advertisers, marketers, or unrelated third parties.

8.5 Where a service provider hosts data outside the EEA, we rely on SCCs, adequacy decisions, or equivalent safeguards. For example, if a third party provider has servers outside the EU, we ensure that such transfers are protected by Standard Contractual Clauses (SCCs), adequacy decisions, or equivalent legal safeguards.

8.6 For more details on how we handle personal data on behalf of our clients, please see our Data Processing Agreement.


9. AI tools and automated processing

We manually review AI-generated output to prevent disclosure of personal data or legal inaccuracies.

9.1 Use of AI Technologies
TermsEngine may use artificial intelligence (AI) tools such as OpenAI's ChatGPT to assist in drafting, analysing, and optimising legal content, including Terms, Privacy Policies, Cookie Notices, and other compliance documentation. These tools are used strictly to improve content quality, consistency, and efficiency.

9.2 Data Processing with AI
Any personal data used during AI assisted workflows is anonymised or pseudonymised where possible. We do not use AI tools to profile users, make automated decisions about clients, or train models on your personal data unless explicitly agreed otherwise.

9.3 Lawful Basis and Transparency
Our use of AI tools is governed by a legitimate interest in improving service delivery (Article 6(1)(f) GDPR), while ensuring your rights and data security are not adversely affected. No sensitive data is knowingly submitted to AI platforms.

9.4 Third-Party AI Providers
We may process limited data through secure, GDPR compliant AI providers (such as OpenAI or its APIs). These providers do not retain or use submitted data beyond delivering the requested output. We ensure appropriate contracts and data processing agreements are in place.

9.5 Your Rights
You can object to the use of AI tools in connection with your data at any time. Simply contact us at info@termsengine.com and we will accommodate your request.


10. Data storage and retention

We retain personal data only for as long as it is necessary to fulfil the purposes for which it was collected, including the delivery of services, record keeping, legal compliance, and internal reporting. All data is stored securely in encrypted and access-controlled environments, with access limited to authorised personnel only.

10.1 Client data, communications, and supporting documents are stored using GDPR compliant cloud services and infrastructure. We apply encryption, multi-factor authentication, and routine access audits to protect all information.

10.2 We follow structured data retention practices, which include:

10.2.1 Information submitted through our free audit forms or discovery questionnaires is retained for a period of up to 12 months. This allows us to follow up on unresolved enquiries, provide context for repeat requests, and assess service improvement needs.

10.2.2 Data relating to completed services, including invoices, agreements, final deliverables, and related correspondence, is stored for up to 6 years. This is required for financial record-keeping, dispute resolution, and statutory compliance under Irish and EU law.

10.2.3 General correspondence not directly tied to a contracted service is stored for a period of 12 to 24 months, depending on relevance. This includes messages received via our contact forms or direct email communications.

10.3 Retention periods are reviewed annually to verify ongoing necessity.


11. Your rights (under GDPR)

As a data subject within the European Union (EU), you have specific rights under the General Data Protection Regulation (GDPR). We are committed to ensuring that your rights are respected and can be exercised easily and transparently.

11.1 You have the right to request access to the personal data we hold about you, including details about how and why it is processed.

11.2 If your personal data is inaccurate, incomplete, or outdated, you have the right to request that it be corrected without undue delay.

11.3 You may request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, or if you withdraw consent and no other legal basis exists for retention. This right is subject to limitations, particularly where data must be retained for legal or contractual reasons.

11.4 You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest its accuracy or object to processing based on legitimate interest.

11.5 Where processing is based on consent or contract, and carried out by automated means, you may request a copy of your personal data in a structured, commonly used, and machine-readable format. You may also request that we transfer this data directly to another controller where technically feasible.

11.6 You may object to the processing of your data where it is based on legitimate interests, including profiling. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

11.7 If processing is based on your consent, you have the right to withdraw it at any time. This will not affect the lawfulness of processing prior to withdrawal.

11.8 You have the right to lodge a complaint with the Data Protection Commission (DPC) in Ireland or with your local data protection authority if you believe your rights have been violated.

11.9 When processing is restricted, we will store the data but not further process it unless legally required.

11.10 To exercise any of your rights under GDPR, you may contact us at info@termsengine.com. We may request verification of your identity before fulfilling certain requests, in order to protect your data from unauthorised access.


12. Under the age of 16 data

12.1 Our services are designed for use by adults and businesses only, and we do not offer services intended for individuals under the age of 16.
Our website, consultations, and legal products are targeted at professionals, entrepreneurs, and legal representatives acting on behalf of businesses or organisations.

12.2 We do not knowingly collect, use, or store personal data of individuals under the age of 16.
If we discover that a user under this age has submitted personal information without verified parental or guardian consent, we will take appropriate steps to delete the data as quickly as possible.

12.3 If you believe that we may have unknowingly collected data from a minor, please contact us immediately at info@termsengine.com so we can investigate and take corrective action in accordance with applicable law. We encourage parents to contact us if they believe a minor has provided data.


13. Updates to this policy

13.1 We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, technologies, or data processing practices.

13.2 When we make changes, we will revise the "Effective Date" at the top of this page. In the case of material changes (such as new data uses or third party sharing) we may also notify you directly via email (if you are an active client) or through a prominent notice on our website.

13.3 We encourage all users to review this Privacy Policy periodically to stay informed about how we protect personal data and comply with applicable laws. Continued use of our website or services after updates constitutes acceptance of the revised policy.

13.4 If you have provided an email address for marketing consent, we may also notify policy changes via that channel.


14. Questions or complaints

14.1 If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, you may contact us at info@termsengine.com. We aim to respond to all legitimate enquiries within one calendar month, in accordance with GDPR requirements.

14.2 If you are not satisfied with our response or believe that your data has been processed unlawfully, you have the right to lodge a complaint with the supervisory authority in your country.
In Ireland, this is the Data Protection Commission, which you can contact via www.dataprotection.ie or 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland.


15. Legal entity

15.1 TermsEngine is a legal service brand operated by Kredista Sp. z o.o., a private limited company registered in Poland. The company is responsible for the operation, delivery, and data processing activities carried out under the TermsEngine name, unless otherwise specified.

15.2 © 2025 TermsEngine (Kredista Sp. z o.o.). All rights reserved. No part of the Website, documents, or services may be copied, reproduced, or distributed without prior written consent.

Not sure where to start?

Find out where your website stands before it becomes a legal issue. We’ll review your existing policies, flag what’s missing or outdated, and explain exactly what you need to stay protected. GDPR checks, website audit, and no strings attached