Privacy Policy
Last updated: 5 June 2026 · Effective: 5 June 2026 · Probatur | probatur.co.uk
1. Who We Are
Probatur is a contextual legal outcome prediction platform for UK solicitors and barristers. The service is operated by George Johnson, trading as Probatur, a sole trader registered in England and Wales ("Probatur", "we", "us", "our").
Contact details:
George Johnson, Probatur
Email: hello@probatur.co.uk
Website: probatur.co.uk
We are committed to protecting your personal data and processing it in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).
2. What This Policy Covers
This Privacy Policy explains how we collect, use, store, share, and protect personal data when you:
- Visit our website at probatur.co.uk;
- Join our early access or waitlist programme;
- Use the Probatur platform and its prediction features (when available);
- Contact us by email or any other means.
It does not cover the personal data contained within publicly available case law, judicial records, or third-party data sources we analyse — those data subjects are not our users and their data is processed under separate lawful bases described in Section 4.
3. Data We Collect
3.1 Data you provide directly
| Category | Data collected | When |
|---|---|---|
| Waitlist registration | Email address | When you submit the waitlist form |
| Account creation | Full name, email address, professional credentials (SRA/BSB number), law firm name | On registration (when available) |
| Subscription & billing | Payment method details, billing address, transaction records | On subscription (processed via Stripe — we do not store raw card data) |
| Communications | Name, email address, message content | When you contact us |
| Professional verification | SRA/BSB registration number, declared practice area | At sign-up to verify legal professional status |
3.2 Data collected automatically
| Category | Data collected | Purpose |
|---|---|---|
| Usage data | Pages visited, features used, briefing queries submitted, time on page, click paths | Platform improvement and analytics |
| Technical data | IP address, browser type and version, operating system, device type, referrer URL | Security, fraud prevention, technical operation |
| Cookies | Session cookies, analytics cookies (Google Analytics 4) | See Section 9 (Cookies) |
3.3 Case input data
When you use the Probatur prediction feature, you may enter information about a legal matter — including case type, legal issues, and facts — to generate a briefing. This input data may constitute personal data where it relates to identifiable individuals (such as named parties or witnesses).
Important: You should not enter special category personal data (as defined in Article 9 UK GDPR) or data relating to criminal convictions unless strictly necessary for your preparation query. Do not enter data that could identify any person beyond what is required to generate your briefing.
4. How We Use Your Data and Our Lawful Basis
| Purpose | Data used | Lawful basis (UK GDPR) |
|---|---|---|
| Providing the waitlist and notifying you of early access | Email address | Consent (Article 6(1)(a)) — you can withdraw at any time |
| Providing and administering the Probatur platform | Account data, professional credentials, case input data | Performance of a contract (Article 6(1)(b)) |
| Processing payments and managing subscriptions | Billing data, transaction records | Performance of a contract (Article 6(1)(b)) |
| Verifying legal professional status | SRA/BSB number, email domain | Legitimate interests (Article 6(1)(f)) — to restrict access to verified legal professionals and reduce regulatory risk |
| Maintaining a prediction audit log | Anonymised query records, output metadata | Legitimate interests (Article 6(1)(f)) — accuracy monitoring, model improvement, legal compliance |
| Communicating about your account and service updates | Email address, name | Performance of a contract (Article 6(1)(b)) |
| Security, fraud prevention, and abuse detection | IP address, usage data, technical data | Legitimate interests (Article 6(1)(f)) |
| Website analytics and product improvement | Anonymised usage data, cookies | Legitimate interests (Article 6(1)(f)) / Consent (where cookies require it) |
| Complying with legal obligations | Any data required by applicable law | Legal obligation (Article 6(1)(c)) |
4.1 Processing public legal data
Our core service analyses publicly available data — including judgments published on BAILII, court hearing lists (HMCTS CaTH), judge profiles published by the judiciary, parliamentary records (Hansard), and legislation. This corpus may incidentally contain the names of judges, barristers, solicitors, and parties in proceedings. Such data is sourced from public records under the open justice principle and is processed under legitimate interests (Article 6(1)(f)) for the purpose of providing analytical preparation tools to legal professionals.
5. How Long We Keep Your Data
| Data category | Retention period | Reason |
|---|---|---|
| Waitlist email addresses | Until you unsubscribe or 24 months from collection, whichever is sooner | Consent-based — deleted on withdrawal |
| Account data (active users) | Duration of the account plus 6 months after closure | Contract performance, dispute resolution |
| Billing and transaction records | 7 years from the transaction date | HMRC tax record obligations |
| Case input data (query logs) | Anonymised within 30 days; raw data deleted within 90 days | Minimal retention — anonymised for model accuracy audit only |
| Communications (email) | 3 years from last contact | Legitimate interests — dispute resolution |
| Analytics data (Google Analytics) | 14 months (GA4 default — configured accordingly) | Product improvement |
| Security logs (IP, access) | 90 days | Security monitoring and incident response |
6. Who We Share Your Data With
We do not sell your personal data. We do not share it with third parties for their own marketing purposes. We share data only with the following categories of processor, each operating under a data processing agreement:
| Recipient | Purpose | Location |
|---|---|---|
| Supabase Inc. | Database hosting, authentication, file storage | EU / EEA (configurable) |
| Vercel Inc. | Frontend hosting and deployment | USA (EU-US Data Privacy Framework) |
| Stripe, Inc. | Payment processing | USA (Standard Contractual Clauses) |
| Google LLC (Google Analytics 4) | Website analytics | USA (EU-US Data Privacy Framework) |
| Anthropic, PBC | AI generation (Claude API) — case input data is processed to generate briefings | USA (Standard Contractual Clauses) |
| OpenAI, Inc. | Embedding generation for RAG pipeline — case input data processed for vector search | USA (Standard Contractual Clauses) |
| Railway / Render | API server hosting | USA / EU (as selected) |
We may also disclose personal data where required to do so by law, court order, or regulatory authority, or to protect the rights, property, or safety of Probatur, its users, or others.
7. International Transfers
Some of our service providers are located outside the UK. Where we transfer personal data to countries not recognised as providing an adequate level of protection under UK data protection law, we ensure appropriate safeguards are in place — typically UK International Data Transfer Agreements (IDTAs) or UK Addenda to EU Standard Contractual Clauses.
You may request details of the specific transfer mechanisms applied to your data by contacting us at hello@probatur.co.uk.
8. Your Rights Under UK GDPR
As a data subject under UK GDPR, you have the following rights:
| Right | What it means |
|---|---|
| Right of access | Request a copy of the personal data we hold about you (Subject Access Request) |
| Right to rectification | Request correction of inaccurate or incomplete data |
| Right to erasure | Request deletion of your data where we no longer have a lawful basis to retain it |
| Right to restriction | Ask us to pause processing your data in certain circumstances |
| Right to data portability | Receive your data in a structured, machine-readable format where processing is based on consent or contract |
| Right to object | Object to processing based on legitimate interests — we will cease unless we can demonstrate compelling legitimate grounds |
| Right to withdraw consent | Withdraw consent at any time where processing is consent-based, without affecting prior lawful processing |
| Rights re automated decision-making | Not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects |
To exercise any of these rights, contact us at hello@probatur.co.uk. We will respond within one calendar month. We may need to verify your identity before processing the request.
If you are dissatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk | 0303 123 1113.
9. Cookies
Our website uses cookies and similar tracking technologies. A cookie is a small text file placed on your device.
| Cookie type | Purpose | Consent required |
|---|---|---|
| Strictly necessary | Session management, security, basic site functionality | No — these are essential |
| Analytics (Google Analytics 4) | Aggregate usage statistics — pages visited, session duration, referral sources. IP anonymisation enabled. | Yes — set only with your consent |
| Functional | Remembering preferences (e.g. cookie consent choice) | No — proportionate to the functionality provided |
We do not use advertising, retargeting, or third-party behavioural tracking cookies. You can manage or withdraw your cookie consent at any time via your browser settings or our cookie consent tool on the website. Withdrawing consent for analytics cookies will not affect your ability to use the platform.
10. AI-Generated Outputs and Automated Processing
Probatur generates analytical briefings using large language models (currently Claude by Anthropic) combined with our own statistical and retrieval pipeline. The following applies to all outputs:
- Outputs are not legal advice. All Probatur briefings are analytical preparation tools. They do not constitute legal advice, represent the view of any court, or predict any outcome with certainty.
- No solely automated legal decisions. Probatur outputs are provided to inform a legal professional's own judgment. No output constitutes a binding determination. The practitioner retains full professional responsibility under SRA or BSB obligations.
- Bias disclosure. Statistical profiles derived from historical case law may reflect historical judicial bias. We apply confidence tiers and model cards to surface data limitations. You should treat low-data-tier profiles with caution.
- Accuracy. We do not warrant the accuracy, completeness, or timeliness of any output. Outcomes depend on facts and judicial discretion not modellable by any system.
11. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, disclosure, alteration, or destruction. These include:
- Encrypted data transmission (HTTPS/TLS) across all services;
- Authentication and access controls via Supabase Auth (JWT-based);
- API rate limiting and abuse monitoring;
- Prediction audit logs for integrity and compliance review;
- Third-party processors subject to data processing agreements.
No transmission over the internet is completely secure. If you have reason to believe your data has been compromised, please contact us immediately at hello@probatur.co.uk.
12. Children
Probatur is designed exclusively for verified legal professionals. It is not directed at, and we do not knowingly collect personal data from, individuals under the age of 18. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.
13. Links to Third-Party Sites
Our platform may contain links to external resources including BAILII, HMCTS services, judiciary.gov.uk, and legal publications. We are not responsible for the privacy practices of those sites and recommend you review their policies independently.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Where changes are material, we will notify registered users by email at least 14 days before the changes take effect. The "Last updated" date at the top of this document will always reflect the current version.
Continued use of Probatur after the effective date of any updated policy constitutes acceptance of those changes.
15. Contact Us
All data protection enquiries, Subject Access Requests, and complaints should be directed to:
George Johnson
Probatur
hello@probatur.co.uk
probatur.co.uk
We aim to respond to all requests within one calendar month in accordance with UK GDPR Article 12.