This Privacy Policy explains how MyMcKenzieCS, owned and operated by Lenjordan Ltd, collects, uses, stores, and protects your personal data under the Data Protection Act 2018 and the UK GDPR.

By using the Platform, you agree to the practices described in this policy.

We are not a law firm, and we do not provide legal advice. We are a legal-tech service that supports Litigants in Person with AI-generated tools.

We only collect information necessary to provide and improve our services.

1. Personal Information
   • Name
   • Email address
   • Account login information
   • Subscription and billing metadata (for example, plan name, billing status, renewal dates, Stripe customer/subscription identifiers)
   • Limited payment method metadata where available (for example, card brand and last four digits via Stripe)
2. Case Information
   • Documents you upload (evidence, statements, court forms, letters, etc.)
   • Notes and details you add to your dashboard
   • Case summaries and preparation materials
3. AI Interaction Data
   • Chat messages
   • Document drafts
   • Queries submitted to the AI
4. Technical & Usage Data
   • IP address
   • Device and browser information
   • Session logs
   • Pages visited
   • Error logs

• Operating the Platform
• Generating AI-driven guidance and documents
• Analysing uploaded documents
• Providing customer support
• Improving functionality and features
• Ensuring security and preventing misuse
• Enforcing access rules based on subscription status (including read-only controls after lapse)
• Sending operational account and billing notices (verification, payment reminders, hard-lock/deletion warnings)
• Fulfilling legal or regulatory obligations

We do not use your data for advertising. We do not sell or transfer your data to third parties for marketing.

All data is stored securely using cloud infrastructure providers.

• Encrypted storage
• Encrypted file transfers
• Secure authentication
• Access control rules
• Monitoring and auditing tools

We apply additional restrictions via server-side security rules, role-based access, and document-level protection.

Our infrastructure providers may process data in secure data centres located inside and outside the UK/EU. Where data leaves the UK/EU, we ensure GDPR-approved safeguards, including:

• Standard Contractual Clauses (SCCs)
• Data minimisation policies
• Encryption

• Contractual necessity – to provide the features you signed up for
• Legitimate interests – ensuring security, preventing abuse, improving the service
• Consent – analytics or optional features
• Legal obligation – preventing fraud or complying with regulation

Your data may be shared only with:

• Cloud infrastructure providers (hosting, authentication, database, storage)
• Stripe (payments)
• Email service providers
• AI model providers used to generate assistant responses

All act as data processors under GDPR.

We do not share your data with solicitors, barristers, or legal representatives.

• Under a court order
• To law enforcement where legally required
• To comply with regulatory obligations

We never disclose data voluntarily to third parties for non-legal reasons.

Some account actions are automated, including entitlement checks, subscription status checks, and read-only/lifecycle gating based on billing state.

• These checks help us deliver the contract, prevent misuse, and apply account rules consistently.
• If you believe an automated account state is wrong, contact support to request review.

• Access your personal data
• Request correction
• Request deletion
• Restrict processing
• Data portability
• Object to certain processing
• Withdraw consent
• You may also complain to the Information Commissioner’s Office (ICO).

• Authentication
• Session management
• Security
• Analytics (optional, only after consent)

You may disable cookies in your browser, but the Platform may not function correctly. A separate Cookie Policy will provide full details.

• Your account data is kept while your account is active
• Failed renewals may enter a grace phase (typically up to 5 days, or as stated in billing notices) with billing reminders
• After lapse, account features may move to read-only until billing is resumed
• Hard-lock/archive phase may apply around day 30 from lapse, with warning notices sent before the milestone
• Deletion phase may apply around day 90 from lapse, with warning notices sent before the milestone
• You can resume a paid plan before deletion deadlines to restore normal access
• Backups may persist briefly
• If your account is deleted, associated data is removed unless legally required otherwise

Where timelines are updated, we will reflect this in product notices and policy updates.

To improve reliability and continuity, we may store limited account-related data in browser storage (such as draft notes and dismissed notification preferences).

• This data is tied to your browser session/profile and can be cleared in browser settings.
• Browser storage is used for product functionality, not ad tracking.

The Platform is not intended for individuals under 18. We do not knowingly collect data from minors.

We are not responsible for the privacy practices of external websites linked from the Platform.

We may update this Privacy Policy at any time. A new revision date will appear at the top of this page. Continued use of the Platform means you accept the changes.

Lenjordan Ltd
Email: support@mymckenziecs.com
Registered Office: 66 Chamberlain Way, Pinner HA5 2AT
Data Protection Contact: privacy@mymckenziecs.com