This Privacy Policy is effective as of May 31, 2025.

EmailAid is committed to protecting the privacy and security of our clients’ personal data. This Privacy Policy outlines how we collect, use, store, and protect your information when you use our one-off email drafting, editing, and bespoke communication services. We operate in compliance with the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, and other applicable data protection laws. For questions, please contact us at info@emailaid.co.uk.

We collect the following types of data to provide our services:

• Engagement Form Data: Information provided in the engagement form, such as your name, email address, service request details (e.g., email purpose, key points, tone preferences, bespoke service requirements), and additional instructions.
• Optional Document Submissions: Documents (e.g., PDFs, Word files, images) you choose to upload to support your service request, which may contain personal information relevant to drafting, editing, or bespoke services.
• Contact Details: Email address or phone number (if provided for accessibility purposes or consultation preferences).
• Payment Information: Billing details (e.g., payment method, transaction history) for one-off services, processed securely via third-party payment providers.

• Website and Portal Usage: Information about how you interact with our website (www.emailaid.co.uk) and client portal, such as IP address, browser type, and pages visited, collected via cookies (see Section 7).
• Service Usage: Details of your one-off service requests and engagement form submissions.

• Preferences for accessible formats (e.g., screen reader compatibility, large font), if provided, to ensure our services meet your needs, as per Section 1.2 of the Terms and Conditions.

We use your data solely to provide and improve our one-off communication services:

• Service Delivery: To draft, edit, or create bespoke outputs (e.g., emails, CVs, letters) based on your engagement form and optional documents, ensuring alignment with your voice and intent. Email serves as the receipt of service upon delivery of the output via email or the client portal, as per Section 4.2 of the Terms and Conditions.
• Communication: To deliver service outputs, confirm document retention/destruction, respond to inquiries, and notify you of service-related updates (e.g., cancellation due to abuse, per Section 5.3).
• Billing: To process payments for one-off services via secure third-party providers.
• Accessibility: To tailor outputs to your needs (e.g., accessible formats for visually impaired clients).
• Improvement: To analyze anonymized usage patterns and feedback to enhance our services (e.g., via surveys), as part of continuous improvement (Section 2.6).
• Compliance: To screen for legal content to avoid liability (Section 2.4) and ensure UK GDPR compliance.
• Abuse-Related Cancellations: To document reasons for service cancellation due to abuse (Section 5.3), ensuring a safe environment.

We do not use your data for marketing, profiling, or any purposes beyond what is necessary for our services.

We process your data under the following legal bases:

• Consent: You provide explicit consent via the engagement form and Document Handling Agreement for us to process your data for service delivery.
• Contractual Necessity: Processing is necessary to fulfill our service agreement (e.g., drafting outputs, billing).
• Legitimate Interests: For improving our services (e.g., anonymized analytics) and ensuring security (e.g., audit logs), where such interests do not override your rights.
• Legal Obligation: To comply with UK GDPR and other laws (e.g., documenting abuse-related cancellations).

• Storage: All data is stored on UK GDPR-compliant, encrypted cloud storage (EU-based servers) with AES-256 encryption.
• Access Control: Only authorized EmailAid staff access your data, with role-based permissions and audit logs.
• Document Retention: As specified in the engagement form (Section 6.4 of the Terms and Conditions):
  • Default: Documents are retained for 30 days post-service to allow for revisions, unless otherwise specified.
  • Client Options: You may choose immediate destruction, extended retention (up to 3 months with monthly consent renewal), or no retention (in-memory processing).
• Document Destruction: Documents are securely deleted using multi-pass overwrite methods upon request, expiration, or service completion. A destruction certificate is provided if requested via info@emailaid.co.uk.
• Security Measures: We use encryption, two-factor authentication on our client portal, and regular security audits to protect your data.

We do not share your personal data with third parties except in the following cases:

• Service Providers: We use UK GDPR-compliant third-party providers for payment processing (e.g., Stripe) and cloud storage (EU-based servers), bound by Data Processing Agreements.
• Legal Obligations: We may disclose data if required by law (e.g., court order), notifying you unless prohibited.

Under UK GDPR, you have the following rights:

• Access: Request copies of your data (e.g., engagement forms, documents).
• Rectification: Correct inaccurate or incomplete data.
• Erasure: Request deletion of your data, subject to legal retention obligations (e.g., invoicing records for 6 years).
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to data processing, triggering a review and potential cessation of services.
• Withdraw Consent: Withdraw consent at any time, affecting future processing (e.g., stopping extended document retention).

To exercise your rights, contact us at info@emailaid.co.uk. We will respond within 30 days. For accessibility support (e.g., screen readers for visually impaired clients), please specify your needs when contacting us, as per Section 1.2 of the Terms and Conditions.

• Essential Cookies: Used for website functionality (e.g., session management, accessibility settings).
• Analytics Cookies: Anonymized analytics (e.g., Google Analytics) to improve services, with your consent.
• Opt-Out: Manage cookie preferences via our website’s cookie banner at www.emailaid.co.uk. Disabling cookies may affect functionality.

In the event of a data breach, we will:

• Notify you within 72 hours if the breach is likely to affect your rights and freedoms.
• Inform the Information Commissioner’s Office (ICO) as per UK GDPR requirements.
• Take immediate steps to mitigate the breach and prevent recurrence.

All data is stored and processed within the EU on UK GDPR-compliant servers. If future operations require data transfers outside the EU, we will ensure adequate safeguards (e.g., Standard Contractual Clauses) are in place, notifying you of any changes.

Our services are not intended for individuals under 16, as our one-off communication services are designed for adult clients (Section 2 of the Terms and Conditions). We do not knowingly collect data from children. If such data is identified, we will delete it immediately.

We may update this Privacy Policy to reflect changes in our services or legal requirements. Updates will be communicated to users with accounts via email or the client portal, and guest users can access the latest version at https://emailaid.co.uk/documents. Significant changes affecting your rights will be notified via email. You should always visit https://emailaid.co.uk/documents for the most current version.

For questions, concerns, or to exercise your rights, contact us:

• Email: info@emailaid.co.uk
• Phone: Available upon request for accessibility purposes (contact via email first).
• Address: Available upon request, per UK GDPR compliance.

EmailAid is dedicated to handling your data with care, transparency, and respect, aligning with our mission to support clients in communicating effectively.