Privacy Policy

Ratio. ("we", "our", or "us") operates The Digital Court Society platform at ratiothedigitalcourtsociety.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our platform. We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By accessing or using Ratio., you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the platform.

1. Data Controller

The data controller responsible for your personal data is:

Ratio. — The Digital Court Society is a platform operated by GMH Ltd. For all data protection enquiries, please contact our Data Protection Officer at privacy@ratiothedigitalcourtsociety.com.

2. Information We Collect

We collect information that you provide directly, as well as data generated through your use of the platform.

Information you provide:

• Account registration details, including your name, email address, university affiliation, and year of study
• Profile information such as your display name, biography, profile photograph, and Chamber membership
• Content you create or submit, including Law Book contributions, session participation records, argument submissions, case briefs, and moot court submissions
• Payment information when subscribing to paid plans (processed securely by Stripe; we do not store card details)
• Communications with us, such as support enquiries, feedback, or correspondence

Authentication data:

• Email address and hashed password (managed by Clerk, our authentication provider)
• Session tokens, authentication cookies, and login metadata (timestamps, IP addresses)

Information collected automatically:

• Device and browser information, including device type, operating system, browser version, and screen resolution
• Usage data, such as pages visited, features used, session duration, click patterns, and interaction data
• Performance and error data, including error logs, load times, and crash reports (collected via Sentry)
• Analytics data, including anonymised behavioural data and session recordings (collected via PostHog and Google Analytics 4, subject to cookie consent)
• IP address and approximate geolocation data

Video conferencing data:

• When you participate in live moot court sessions via Daily.co, video and audio streams are processed in real time. We do not record video sessions unless explicitly stated prior to a session. Session metadata (duration, participants, connection quality) may be retained.

AI interaction data:

• Prompts, submissions, and responses generated through the AI Judge and other AI-powered features. These may be processed by our AI providers (Anthropic and OpenAI) to generate responses. No personal data is intentionally included in AI queries.
• Case facts and evidence submitted during legal simulations are processed by AI to generate analysis, procedural guidance, and document drafts

Legal simulation data:

• Legal simulation data including case facts, issue descriptions, evidence descriptions, and AI-generated analysis and documents

Client matter intake data:

• Matter details you provide during the intake process, including factual descriptions, party information, timeline of events, desired outcomes, and legal category selection
• AI conversation transcripts from the Matter Analyst intake sessions, including your responses and AI-generated follow-up questions
• Evidence descriptions you provide (we do not store uploaded documents at this time; descriptions are text-based)
• Generated matter files, summaries, and structured outputs produced from your intake data
• Self-assessed familiarity level with legal processes
• Language preference for AI interactions
• Safeguarding flags — if the AI detects indicators of immediate risk (domestic violence, self-harm, homelessness, child welfare), a record of the safeguarding trigger is stored internally. No safeguarding data is shared externally. Resources are displayed to you immediately.

Anonymous intake: You may begin the client matter intake process without creating an account. Initial intake data is stored locally in your browser (localStorage) until you choose to save it, at which point you will be asked to create an account. Data entered anonymously is not transmitted to our servers until you explicitly save your progress.

3. Legal Basis for Processing

We process your personal data on the following legal bases under Article 6 of the UK GDPR:

• Performance of a contract (Article 6(1)(b)) — Processing necessary to provide you with the platform services, including account management, session scheduling, Chamber operations, subscription billing, and advocacy training features
• Consent (Article 6(1)(a)) — Where you have given explicit consent, such as for analytics cookies (PostHog, Google Analytics 4), marketing communications, and optional data processing activities. You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal
• Legitimate interests (Article 6(1)(f)) — Processing necessary for our legitimate interests, including platform security, fraud prevention, service improvement, error monitoring (Sentry), and internal analytics, provided these interests are not overridden by your rights and freedoms
• Legal obligation (Article 6(1)(c)) — Processing necessary to comply with legal obligations, such as tax and accounting requirements for subscription payments

4. How We Use Your Information

We use your information to:

• Provide and maintain the platform, including account management, session scheduling, and Chamber operations
• Deliver AI-powered services, such as the AI Judge feedback system, argument analysis tools, and case law research assistance
• Facilitate live video moot court sessions via Daily.co
• Calculate rankings, award badges, and maintain advocacy portfolios
• Process and display Law Book contributions, subject to editorial review
• Process subscription payments and manage billing through Stripe
• Send essential service communications, such as session reminders, Tribunal notifications, and account alerts
• Analyse usage patterns to improve the platform and develop new features
• Monitor and resolve technical errors and performance issues
• Ensure platform security and enforce our Terms of Service and Code of Conduct
• Comply with legal obligations and respond to lawful requests from public authorities
• Provide the Client Matter Intake service, including AI-driven questioning, fact extraction, legal issue identification, and matter file generation
• Detect safeguarding concerns and display appropriate emergency resources when indicators of immediate risk are identified

5. Third-Party Services

We use a limited number of third-party services to operate the platform. Each provider is selected for its commitment to data protection and processes data in accordance with their own privacy policies:

• Clerk — Authentication, user identity management, and session handling. Clerk processes your email, name, and authentication tokens. Clerk is SOC 2 Type II certified. Clerk Privacy Policy
• Convex — Backend database and real-time data synchronisation. Convex stores your profile data, session records, contributions, and platform content. Convex employs industry-standard encryption at rest and in transit. Convex Privacy Policy
• Stripe — Payment processing for subscription billing. Stripe handles all payment card data directly; we never store, process, or have access to your full card details. Stripe is PCI DSS Level 1 certified. Stripe Privacy Policy
• Daily.co — Video conferencing infrastructure for live moot court sessions. Daily.co processes video and audio streams in real time and may collect connection metadata. Daily.co Privacy Policy
• PostHog — Product analytics and session replay for platform improvement (subject to cookie consent). PostHog is self-hosted in the EU. Data includes anonymised behavioural events and interaction patterns. PostHog Privacy Policy
• Google Analytics 4 — Anonymous usage analytics (subject to cookie consent). IP addresses are anonymised. We use GA4 Consent Mode v2 and do not fire analytics until cookie consent is granted. Google Privacy Policy
• Sentry — Error monitoring and performance tracking. Error reports may include technical metadata (browser, device, page URL) but are configured to scrub personally identifiable information. Sentry Privacy Policy
• Anthropic / OpenAI — AI model providers for the AI Judge, argument analysis, and research tools. AI prompts and responses are processed by these providers. No personal data is intentionally included in AI queries.
• Vercel — Hosting, content delivery, and serverless compute. Vercel processes requests and may log IP addresses and request metadata. Vercel Privacy Policy
• Cloudflare — DNS management, CDN, DDoS protection, and bot verification (Turnstile). Cloudflare may process IP addresses and request headers. Cloudflare Privacy Policy
• Meta (Facebook) Pixel — Advertising conversion tracking and audience measurement (subject to cookie consent). Page view data is shared with Meta for the purpose of measuring advertising effectiveness. No personal data beyond browsing activity is shared. Meta Privacy Policy
• LinkedIn Insight Tag — Advertising conversion tracking (subject to cookie consent). Page view data is shared with LinkedIn for campaign measurement. No personal data beyond browsing activity is shared. LinkedIn Privacy Policy
• ElevenLabs — Text-to-speech synthesis for the AI Judge voice feature. Text content from AI-generated judicial feedback is sent to ElevenLabs for audio conversion. No personal user data is included in these requests. ElevenLabs Privacy Policy
• Resend — Transactional email delivery for session reminders, welcome emails, and notifications. Resend processes recipient email addresses and email content.

We do not sell, rent, or trade your personal data to third parties. Data shared with service providers is limited to what is strictly necessary for them to perform their functions on our behalf, and is governed by data processing agreements where required.

6. International Data Transfers

Some of our third-party service providers process data outside the United Kingdom. Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place, including:

• Transfers to countries recognised by the UK Government as providing adequate data protection
• Standard Contractual Clauses (SCCs) approved by the Information Commissioner's Office
• Binding Corporate Rules where applicable

You may request further details about the safeguards in place by contacting us at privacy@ratiothedigitalcourtsociety.com.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. The following retention periods apply:

When data is no longer needed, it is securely deleted or anonymised. Anonymised data that cannot be linked to any individual may be retained indefinitely for statistical and analytical purposes.

8. Data Storage and Security

Your data is stored and processed using Convex, our backend database provider. Convex employs industry-standard encryption for data at rest and in transit, and maintains robust access controls.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of all data in transit via TLS 1.2+
• Secure authentication through Clerk with session token management
• Regular security reviews and vulnerability assessments
• Access controls limiting employee access to personal data on a need-to-know basis
• Automated monitoring for suspicious activity and potential security incidents

While we take reasonable steps to protect your data, no method of electronic storage or transmission is entirely secure. We cannot guarantee absolute security but will notify affected Advocates promptly in the event of a personal data breach, in accordance with our obligations under Articles 33 and 34 of the UK GDPR.

9. Your Rights Under UK GDPR

As a data subject under the UK GDPR, you have the following rights in relation to your personal data:

• Right of access (Article 15) — You may request a copy of the personal data we hold about you, together with information about how it is processed
• Right to rectification (Article 16) — You may request correction of inaccurate or incomplete personal data. You can update most profile information directly through the Settings page
• Right to erasure (Article 17) — You may request deletion of your personal data, subject to legal obligations we may have to retain certain information (such as financial records)
• Right to restrict processing (Article 18) — You may request that we limit the processing of your data in certain circumstances, such as when you contest its accuracy
• Right to data portability (Article 20) — You may request your personal data in a structured, commonly used, machine-readable format (such as JSON or CSV), and have it transmitted to another controller where technically feasible
• Right to object (Article 21) — You may object to the processing of your data where we rely on legitimate interests as our legal basis. We will cease processing unless we demonstrate compelling legitimate grounds
• Right to withdraw consent — Where processing is based on consent, you may withdraw that consent at any time. This does not affect the lawfulness of processing carried out before withdrawal
• Rights related to automated decision-making (Article 22) — You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. Our AI features are used for educational training purposes and do not make decisions with legal effect

To exercise any of these rights, please contact us at privacy@ratiothedigitalcourtsociety.com. We will respond to your request within one calendar month, as required by law. This period may be extended by a further two months for complex requests, in which case we will inform you of the extension within the first month.

If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

10. Cookies and Similar Technologies

Ratio. uses cookies and similar technologies to provide, secure, and improve the platform. Cookies fall into the following categories:

• Strictly necessary cookies — Required for authentication, session management, and security. The platform cannot function without these. This includes the Clerk authentication cookie, the __cf_bm cookie set by Cloudflare for bot detection (expires within 30 minutes), and your cookie consent preference
• Functional cookies — Remember your preferences, such as theme settings (light/dark mode), sidebar state, and notification choices
• Analytics cookies — Help us understand how Advocates use the platform so we can improve it. These include Google Analytics 4 and PostHog cookies, which collect anonymised usage data. Analytics cookies are only set after you provide consent via the cookie banner

We implement Google Analytics 4 Consent Mode v2, which means no analytics data is collected until you explicitly accept cookies. You may manage your cookie preferences through the cookie consent banner displayed on your first visit, or through your browser settings. Disabling certain cookies may affect platform functionality.

For more detailed information about the cookies we use, please see our Cookie Policy.

11. Children's Privacy

Ratio. is designed for university law students and legal professionals and is intended for use by individuals aged 18 and over. The platform is not directed at children or minors. We do not knowingly collect personal data from individuals under the age of 18.

If we become aware that we have collected personal data from a person under 18 without appropriate verification, we will take steps to delete that information promptly. If you believe that a person under 18 has provided us with personal data, please contact us at privacy@ratiothedigitalcourtsociety.com.

12. Data Protection Officer

We have designated a Data Protection Officer (DPO) who is responsible for overseeing our compliance with data protection legislation and serving as your point of contact for all privacy matters.

You may contact the DPO for any enquiries related to the processing of your personal data, to exercise your data protection rights, or to raise concerns about our data practices.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or regulatory guidance. When we make material changes, we will:

• Post a prominent notice on the platform
• Update the "Last updated" date at the top of this page
• Where appropriate, send a notification to the email address associated with your account

Continued use of the platform after changes are posted constitutes acceptance of the revised policy. We encourage you to review this page periodically.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

We aim to respond to all enquiries within 5 working days. For data protection requests made under the UK GDPR, we will respond within the statutory period of one calendar month.