Legal
Privacy Policy
Last updated: June 2026
1. Overview
Nullify is built on a simple principle: we should see as little of your data as technically possible. This policy explains exactly what data is and is not processed when you use the Service, operated by Hidden Forge Ltd (UK), the data controller for the limited data described below.
2. Your documents
Manual redaction (free): your PDF never leaves your device. Opening, rendering, OCR, drawing redactions and exporting all happen inside your browser. No document data of any kind reaches our servers in this mode.
AI-assisted redaction (paid): when you press Go, plain text extracted from your document in your browser is sent to our server over an encrypted (TLS) connection in small batches. Our server holds that text in memory only while forwarding it to Anthropic's Claude API and returning the results — it is never written to disk, logged, or stored in any database. The PDF file itself, images, and page renders are never transmitted.
AI provider: the extracted text is processed by Anthropic (Claude) under its API terms. Anthropic does not use API data to train its models and applies limited-duration retention for abuse monitoring under its own policies. We send no identifiers linking the text to you.
Exported files and audit reports are generated in your browser and downloaded directly to your device. We never receive them.
3. Data we do collect
Because the Service has no accounts, the data we hold is minimal:
Payment records: when you purchase AI redaction we store a Stripe checkout session ID, the amount, currency, page count, run usage, timestamps and your purchase code. This record contains no name, email, card details or document content. Stripe, as an independent controller, processes your payment details (including card number and billing information) under its own privacy policy.
Technical logs: our infrastructure records standard request metadata (endpoint, timestamp, status code) for reliability and abuse prevention. Request bodies containing extracted text are not logged.
4. Data stored on your device
We use your browser's local storage to remember your purchase code so an unused purchase can be restored automatically. This value stays on your device, is removed automatically when the purchase is exhausted, and can be cleared at any time via your browser settings. We do not use advertising or analytics cookies, tracking pixels, or fingerprinting.
5. Legal bases (UK/EU GDPR)
a) Performance of a contract — processing payment records and transiently relaying extracted text to provide the AI feature you purchased.
b) Legitimate interests — minimal technical logging for security, fraud prevention and service reliability.
We do not sell personal data, and we do not use your data for marketing or profiling.
6. Retention
Document text: held in server memory for seconds during an AI request, then gone. Payment records: retained for up to 6 years to meet UK tax and accounting obligations. Technical logs: retained for a short rolling window. Local-storage purchase codes: until used, expired or cleared by you.
7. Sharing and processors
We share data only with the processors required to run the Service:
a) Stripe — payment processing (independent controller for payment data);
b) Anthropic — transient AI analysis of extracted text (AI mode only);
c) Hosting infrastructure — serving the application and relaying encrypted traffic.
We never share, sell or transfer document content — in manual mode we never possess it.
8. International transfers
Anthropic and Stripe may process data in the United States and other jurisdictions. These transfers rely on appropriate safeguards, including standard contractual clauses and, where applicable, the UK Extension to the EU–US Data Privacy Framework.
9. Your rights
Under UK/EU GDPR you have rights of access, rectification, erasure, restriction, portability and objection. In practice, note that we usually cannot identify you: payment records contain no name or contact details, so exercising rights over them typically requires your purchase code or Stripe session ID as proof of the transaction. To exercise any right, contact us via hiddenforge.co.uk. You also have the right to complain to the UK Information Commissioner's Office (ico.org.uk) or your local supervisory authority.
10. Security
All traffic is encrypted in transit using TLS. Our servers are stateless with respect to document content by design — the most effective security control we have is not holding your data in the first place. Payment card data is handled exclusively by Stripe (PCI DSS Level 1).
11. Children
The Service is not directed at children under 16, and we do not knowingly process their data.
12. Changes to this policy
We will update this page when our practices change and revise the date at the top. Significant changes will be highlighted on the site.
Questions? Contact us via hiddenforge.co.uk. See also our Privacy Policy and Terms of Service.
Nullify