Privacy & Data Processing
What we collect, who processes it, and where it lives
Last updated: 2026-07-03
1. Data we collect
- Account data — the email address you sign in with, and basic account state.
- Uploaded documents — the .docx files you upload to edit, including all of their content.
- Generated content — the documents Ramsly produces and the inputs used to produce them (your change descriptions and selected options).
- Chat— messages you send in the in-app chat and the assistant's replies.
2. Sub-processors
To run the service, your data is shared with the third-party processors below. Each receives only what is described. Ramsly does not redact the content of your documents before sending it to AI providers or the preview viewer.
| Processor | What it receives | Location |
|---|---|---|
| Anthropic (Claude) | Document text and prompts you submit for generation (your uploaded source content and your change description). | United States |
| OpenAI (gpt-image-1) | Image prompts and any reference images, where image generation is used. | United States |
| Cloudflare R2 | Uploaded and generated documents, stored at rest. | Configurable region; US-headquartered provider. |
| Microsoft Office Online | The generated .docx file, when you preview it in the app — the viewer renders the document and therefore receives its content. | United States / global Microsoft infrastructure. |
| Resend | Your email address and transactional email content (e.g. sign-in, notifications). | United States |
| Vercel | Application hosting; request metadata and logs. | United States / global edge. |
| Neon (Postgres) | Account data, document metadata, generated content, and chat history. | eu-west-2 (London) |
3. Special-category data and what not to upload
Some safety documents — HAVS assessments in particular — can contain health data about named individuals, which is a special category of personal data under UK GDPR. When you upload such a document, its content is sent to the sub-processors above in the same way as any other upload.
Do not upload personal data, health data, or commercially sensitive material that you are not permitted to share with the processors listed in section 2. If you need to keep names or health details out of a generated document, remove or anonymise them in your source file before uploading.
4. Where your data is stored
Your primary database (Neon Postgres) is hosted in eu-west-2 (London). Document files are stored in Cloudflare R2. Several of the processors used for generation, email, hosting and document preview are US-based or operate globally, which means some of your data is processed outside the UK/EEA. By using Ramsly you accept this cross-border processing.
5. Retention and deletion
Account data, uploaded documents, generated content and chat history are retained while your account is active so the service can show your history and let you re-edit prior documents. A delete control to remove documents directly from within the app is being added; until it ships, you can request deletion of specific documents or your whole account by contacting us (see below) and we will action it.
6. Your rights and how to contact us
You can request access to, correction of, or erasure of your personal data, and you can object to or restrict its processing. To exercise any of these rights, or to ask a question about how your data is handled, email hello@ramsly.co.uk. We will respond and action verified requests as required under UK GDPR.
Related
See our Terms & Liability for how Ramsly output is intended to be used and reviewed.