Privacy Policy

Who we are

REACH LAW is a trading name of BLACKBOXAI / REACH Division. We provide governance infrastructure for SRA-regulated UK law firms at reach-law.co.uk. For UK GDPR purposes, we are the data controller for personal data collected through this website and the Exposure Diagnostic.

What data we collect

When you use the Exposure Diagnostic, we collect information about your firm's regulatory registration, AI tool usage, and governance posture used solely to generate your diagnostic output and, if you proceed, to configure your REACH LAW deployment.

When you contact us, we collect your name, email address, firm name, and message content. We do not collect data from anonymous visitors beyond standard server logs.

How we use your data

• To generate your Exposure Diagnostic output
• To respond to your direct enquiries
• To configure your REACH LAW deployment if you become a client
• To comply with our regulatory and legal obligations

We do not use your data for marketing without your explicit consent. We do not sell your data to third parties.

Legal basis for processing

Legitimate interests: Processing enquiries and diagnostic submissions where you have chosen to engage with us.

Contractual necessity: Processing data necessary to deliver the REACH LAW service to clients.

Legal obligation: Where required to process data to comply with applicable law.

Data retention

Diagnostic data is retained for 12 months from submission unless you become a client, in which case it is retained for the engagement duration and 6 years thereafter. Enquiry data is retained for 24 months unless a client relationship is established.

Your rights

Under UK GDPR you have the right to access, rectify, erase, restrict processing of, and port your personal data. You also have the right to object to processing and to lodge a complaint with the ICO. Contact us via the contact page.

Cookies

This website does not use tracking cookies or third-party analytics. We use no advertising technology.