Privacy Policy

Last updated: 24 April 2026

1. Who we are

UnlockedEditor ("we", "us", or "our") is a company operating from the United Kingdom. This Privacy Policy explains what personal data we collect when you use our websites, software, and related services (the "Services"), how we use it, and the choices you have. We are the "controller" of your personal data under the UK GDPR and the Data Protection Act 2018.

If you have any questions about this policy or how we handle your data, contact us at [email protected].

2. What we collect

We keep data collection to a minimum. The categories of data we collect are:

  • Account information. When you sign up, we collect your email address. That's it. We do not collect names, addresses, phone numbers, or any other personal details unless you voluntarily share them with us (for example, by emailing support).
  • OAuth profile data. If you choose to sign in with Discord or another OAuth provider, we receive the basic profile information that provider shares with us (such as your username and user ID). We do not request or store additional scopes beyond what is necessary to identify your account.
  • Session logs. When you use our software or authenticate against our services, we record session logs that include your IP address and a hardware identifier ("HWID"). These are retained to protect against fraudulent chargebacks, account sharing, and abuse, and are automatically cleared 7 days after the session.
  • AI prompts and outputs. When you use our AI features, we process the prompts you submit, any content you attach, and the outputs generated in response. See section 3 for details.
  • Anonymous telemetry. Our software may send anonymous telemetry about how it is used and how it performs, for example, crash rates, feature usage counts, and general environment information. This telemetry is not tied to your account or identity.

Payments. We use Stripe to process payments. When you buy something from us, any card or billing details you enter (such as card number, expiry, billing name, and billing address) are submitted directly to Stripe and are stored by Stripe, not by us. We only receive a limited record of the transaction, including a Stripe customer and payment identifier, the amount, currency, status, and the email you used, which we use to deliver what you bought, provide support, and handle refunds or chargebacks. Stripe's handling of your data is governed by its own privacy policy.

We do not sell your personal data, and we do not collect any data we don't need.

3. AI features and prompts

Parts of the Services use artificial intelligence. When you use an AI feature, the prompts you submit, any content you attach, and related metadata are transmitted to third-party model providers ("AI Providers") such as Anthropic and OpenAI so they can generate a response. Each AI Provider processes that data under its own privacy and data-handling policies. We choose providers that, under the API or enterprise terms we use, commit not to train their public models on our customers' inputs, but we cannot guarantee a provider's practices will never change.

On our side, we may temporarily log prompts, outputs, and associated identifiers to operate the Services, apply rate limits, investigate abuse, and diagnose errors. We do not sell prompts or outputs, we do not use them to train our own models, and we do not share them with advertisers or data brokers.

Please avoid submitting sensitive personal data, credentials, secrets, or regulated information (such as health or financial records) to AI features. Once a prompt has been sent to an AI Provider, we cannot retrieve or delete copies held by that provider outside of the rights granted by their own policies.

4. How we use your data

  • To create and operate your account, and to log you in.
  • To deliver and maintain the Services, including updates and bug fixes.
  • To provide AI features, which includes transmitting your prompts and attachments to AI Providers and returning their responses to you.
  • To prevent fraud and abuse, including handling chargebacks and detecting attempts to circumvent account bans.
  • To respond to your support requests and other communications.
  • To improve our products and services, and to publish aggregate or anonymous statistics (for example, public metrics about user counts, feature usage, or performance).
  • To comply with our legal obligations.

5. Anonymous telemetry and public metrics

Anonymous telemetry data may be displayed publicly (for example on our website as aggregate statistics) or used internally to improve the Services. Because this data is aggregated and not linked to you, it cannot be used to identify you.

6. Legal bases for processing

Under the UK GDPR, we rely on the following legal bases:

  • Contract. To provide the Services you have signed up for (your email, account, purchases, and AI features you request).
  • Legitimate interests. To protect our business and customers against fraud, chargeback abuse, and unauthorised access (IP and HWID logging), to keep AI features secure and within usage limits, and to improve the Services (anonymous telemetry).
  • Legal obligation. Where we are required by law to retain or disclose information.
  • Consent. Where you have given it (for example, by connecting an OAuth account).

7. How long we keep data

We keep your account information for as long as your account is active. Session logs (including IP and HWID) are automatically cleared 7 days after the session, except where we need to retain specific entries for longer to investigate an active fraud, chargeback, or abuse case, or to comply with a legal obligation. AI prompt and output logs held by us are retained for up to 30 days for abuse prevention and debugging, after which they are deleted or anonymised, except where we need to retain specific entries to investigate an active case. Anonymous telemetry is kept indefinitely because it is not personal data. When you delete your account, we remove or anonymise associated personal data, except where we must retain it to comply with legal obligations or defend against legal claims.

8. Who we share data with

We share limited data with a small number of third parties who help us run the Services:

  • Stripe, our payment processor, which collects and stores the card and billing details you submit at checkout and handles chargeback disputes on our behalf.
  • AI Providers such as Anthropic and OpenAI, which receive the prompts and attachments you submit to AI features so they can generate responses. We may add, change, or remove AI Providers over time.
  • Infrastructure, hosting, authentication, and analytics providers that host our website, databases, and services.
  • Authorities, regulators, or other parties, where we are legally required to share information or where it is necessary to protect our rights or the safety of others.

We do not sell your personal data to advertisers or data brokers.

9. International transfers

Our providers, including AI Providers, may process data outside the United Kingdom. Where they do, we rely on appropriate safeguards (such as adequacy decisions or the UK International Data Transfer Agreement) to make sure your data remains protected.

10. Your rights

Under UK data protection law you have the right to access, correct, delete, restrict, or object to our processing of your personal data, and to data portability. You can exercise any of these rights by emailing [email protected]. You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.

11. Security

We use industry-standard technical and organisational measures to protect your data. No system is perfectly secure, however, so we cannot guarantee absolute security. If you believe your account has been compromised, contact us at [email protected] immediately.

12. Children

The Services are not directed at children under 13. If you believe a child has provided us with personal data, contact us so we can remove it.

13. Changes to this policy

We may update this Privacy Policy at any time. When we do, we will update the "Last updated" date above and, where the changes are material, we will notify you either by email or the next time you launch our software. Please review this policy regularly.

14. Contact

For any privacy-related questions or requests, email us at [email protected].