Privacy Policy

This Privacy Policy describes how Captain.Legal collects, uses, retains and protects your personal data, in accordance with the UK GDPR and the Data Protection Act 2018.

The data controller is Captain Legal LLC, the publisher of the site. For any question or to exercise your rights: our contact form.

We only collect the data necessary for the purposes described:

• Identification data: email address, first name, last name
• Data entered in forms: information needed to generate a document (which may relate to third parties, under your responsibility)
• Order and billing data: documents purchased, amount, date, history
• Payment data: processed directly by PayPal and Stripe; we never access your full payment card details
• Technical and connection data: IP address, access logs, pages visited, session duration

Each processing operation relies on a lawful basis under Article 6 UK GDPR:

• Processing and delivery of your order, invoice sending — performance of the contract
• Management of your account and the customer relationship — performance of the contract
• Retention of invoices — legal obligation
• Security, fraud prevention and service improvement — legitimate interests
• Marketing communications and non-essential cookies — your consent, withdrawable at any time

Your data is never sold. It may be shared with processors acting on our behalf and bound by confidentiality obligations: PayPal and Stripe (payments), OVH SAS (hosting within the EU), an email delivery provider, technical and audience-measurement providers. Data may also be disclosed where required by law or at the request of a competent authority.

As the publisher, Captain Legal LLC, is established in the United States, certain data may be transferred or made accessible outside the UK and the EEA. Such transfers are subject to appropriate safeguards in accordance with the UK GDPR, in particular the UK International Data Transfer Agreement or addendum to the EU standard contractual clauses. Hosting is carried out within the European Union.

• Account data: up to 3 years after the last activity
• Order and billing data: 10 years (legal obligation)
• Data entered in forms: for the time of the service, unless linked to an order
• Marketing data: 3 years from the last contact
• Connection data: 12 months

After these periods, data is deleted or anonymised.

We implement appropriate technical and organisational measures (HTTPS/TLS encryption, access control, secure hosting, PCI-DSS compliant payment providers). In the event of a personal data breach likely to result in a high risk to your rights, you will be informed in accordance with the UK GDPR.

Under the UK GDPR, you have the rights of access, rectification, erasure, restriction, portability, objection, the right to withdraw consent at any time and to lodge a complaint.

To exercise your rights, use our contact form. A response is provided within one month. You may also lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Our site uses cookies whose nature, purpose and duration are detailed in our Cookie Policy. Non-essential cookies are only set after obtaining your consent, which you may withdraw at any time.

The site is not intended for children under 13 (threshold applicable in the UK). We do not knowingly collect data relating to children without the consent of the holder of parental responsibility.

This policy may be modified at any time; the date of the latest update is shown at the top of the document. For any question, please contact us through our contact form.