Key Moments
What This Video Covers
Your bundles, documents, and case details are stored and processed in the United Kingdom. BundleCreator is hosted on Google Cloud Run in the London region (europe-west2). Limited supporting services — payment processing and authentication — operate under UK GDPR-compliant transfer safeguards. Documents are encrypted at rest with AES-256 and in transit with TLS 1.3. UK GDPR and the Data Protection Act 2018 apply; the Information Commissioner's Office is the regulator. Particular reassurance for sensitive cohorts including domestic abuse, public children law, and redacted-document workflows.
Full Transcript
Your bundles, documents, and case details are stored and processed in the United Kingdom. BundleCreator is hosted on Google Cloud Run in the London region. Limited supporting services — payment processing and authentication — operate under UK GDPR-compliant transfer safeguards. UK GDPR and the Data Protection Act 2018 apply. The Information Commissioner's Office is the regulator.
Documents are encrypted at rest with AES-256 and in transit with TLS 1.3. Authentication is handled through Clerk and supports two-factor sign-in. Access controls are role-based, and the database enforces row-level security so only your account can see your bundles. An audit log records every action and is retained for seven years.
If your case involves sensitive material — a domestic abuse application, public children law, a redacted document — where your bundles are stored and who can reach them is a safety question. BundleCreator was built with that in mind. The London-hosted, UK-only architecture is the answer.
The full data retention policy and data processing agreement are linked in the description. If you have questions, our DPO is reachable through the privacy page.