ProPolicyForge is a compliance-focused business and holds itself to the same standards it helps its customers meet. The documentation below sets out how ProPolicyForge operates as a responsible data controller, AI service provider and business-to-business supplier.
ICO Registered Data Controller
Registration number: ZC116446 · Registered: 6 April 2026 · Expires: 5 April 2027
This policy sets out how ProPolicyForge, operated as a sole trader by Andrew David Reilly and registered with the Information Commissioner's Office (ICO) under registration number ZC116446, fulfils its obligations as a data controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, as amended by the Data (Use and Access) Act 2025.
This policy applies to all personal data processed by ProPolicyForge in the course of operating the propolicyforge.com and propolicyforge.co.uk platforms and any associated business activities.
ProPolicyForge is committed to processing personal data in accordance with the six principles of UK GDPR. Personal data will be processed lawfully, fairly and transparently; collected for specified, explicit and legitimate purposes; limited to what is necessary; kept accurate and up to date; retained only as long as necessary; and processed with appropriate security.
Document content and inputs provided during generation sessions are not retained beyond the active session. Payment records are retained for seven years in accordance with HMRC requirements. Contact form correspondence is retained for two years. Annual reminder email addresses are retained until the reminder has been sent or the user requests deletion. Anonymous analytics data is retained in aggregated form indefinitely.
ProPolicyForge uses the following third party processors, each operating under their own data protection frameworks and subject to data processing agreements where applicable: Anthropic (AI model processing), Stripe (payment processing), Resend (transactional email), Vercel (hosting and analytics), Upstash (Redis data storage, London region), Google Analytics (anonymous usage analytics), and Namecheap (domain registration).
Individuals have the right to access, correct, delete, or object to the processing of their personal data. Requests should be directed to support@propolicyforge.com. ProPolicyForge will respond within 30 days. Individuals also have the right to lodge a complaint with the ICO at ico.org.uk.
In the event of a personal data breach that is likely to result in a risk to individuals' rights and freedoms, ProPolicyForge will notify the ICO within 72 hours of becoming aware of the breach, and affected individuals without undue delay where the breach is likely to result in a high risk. All suspected breaches will be assessed, documented and investigated promptly.
This policy sets out the permitted and prohibited uses of documents generated by ProPolicyForge. By generating, downloading or using any document produced by the ProPolicyForge platform, users agree to the terms of this policy.
All documents generated by ProPolicyForge are AI-generated and must be reviewed by a suitably qualified professional before implementation. Users accept responsibility for ensuring documents are appropriate for their specific organisation, sector and regulatory circumstances. ProPolicyForge does not warrant that generated documents will satisfy any specific regulatory, inspection or legal requirement.
ProPolicyForge does not store or retain generated documents after the user's session ends. Users are responsible for downloading, storing and maintaining their own copies of generated documents. ProPolicyForge cannot retrieve documents after a session has closed.
ProPolicyForge uses artificial intelligence to generate compliance documentation. We are committed to transparent, responsible and ethical use of AI technology, and we believe customers are entitled to understand how AI is used in the generation of their documents.
ProPolicyForge uses the Anthropic Claude AI model via API to generate compliance documents. Before generating each document, the system searches live regulatory sources including CQC, HSE, legislation.gov.uk and sector-specific guidance to ensure documents reflect the current regulatory position at the time of generation. The AI model then generates a complete, structured compliance document based on the sector, document type and organisation-specific details provided by the user.
ProPolicyForge uses stateless AI processing. Document content you enter, paste or upload is used only to generate your document and is never stored on our servers, never used to train AI models, and never accessible after your session ends. Each generation is completely private and isolated. This approach is particularly important for customers in healthcare, social care and legal sectors where data confidentiality is a regulatory and professional requirement.
We recognise that AI systems can reflect biases present in their training data. ProPolicyForge's document generation is designed to produce sector-specific, regulation-aligned content rather than opinion-based or subjective content, which limits the scope for harmful bias. Where sector-specific professional standards or protected characteristics are referenced in generated documents — for example, in equality and diversity policies — these are aligned to current UK legal requirements.
ProPolicyForge is built and operated by a human with domain expertise in regulated healthcare. The AI model is a tool used under human direction — the framing of prompts, the choice of regulatory sources searched, and the structure of generated documents are all the product of deliberate design decisions. ProPolicyForge is actively pursuing sector-specific expert review and endorsement to add an independent validation layer to the platform's outputs.
ProPolicyForge monitors the quality of generated documents and updates prompts, regulatory source searches and document structures as legislation, inspection frameworks and best practice evolve. Users are encouraged to report any inaccuracies or quality concerns to support@propolicyforge.com.
This policy sets out ProPolicyForge's approach to maintaining service availability and recovering from disruption. As a digital service, ProPolicyForge's primary risks are technical — infrastructure failure, third party service outages, or security incidents — rather than physical.
ProPolicyForge depends on the following third party services for core functionality: Vercel (hosting and deployment), Anthropic API (AI document generation), Stripe (payment processing), Upstash Redis (data storage), and Resend (transactional email). The availability of ProPolicyForge is therefore partially dependent on the availability of these services.
ProPolicyForge aims to maintain service availability of 99% or above on a monthly basis, subject to planned maintenance windows and the availability of third party infrastructure. ProPolicyForge does not guarantee uninterrupted service and is not liable for loss caused by service interruptions beyond its reasonable control.
ProPolicyForge does not retain generated documents — users are responsible for their own copies. Upstash Redis data (annual reminder email addresses) is stored in the London region with Upstash's built-in redundancy. Payment records are maintained by Stripe with its enterprise-grade data resilience.
ProPolicyForge is currently operated as a sole trader. In the event of a period of incapacity or unavailability of the operator, ProPolicyForge will endeavour to communicate disruption to users and, where applicable, provide refunds for unused subscription periods. This policy will be updated as the business structure evolves.
ProPolicyForge is committed to providing a high-quality service and takes all complaints seriously. We regard complaints as an opportunity to improve. If you are dissatisfied with any aspect of our service, we want to hear from you.
Complaints should be submitted in writing to support@propolicyforge.com. Please include your name, contact email address, a description of your complaint, the date(s) on which the issue occurred, and any relevant reference numbers such as a payment reference or document type generated.
If you are not satisfied with our response to your complaint, you may escalate to the following bodies depending on the nature of your complaint. For data protection concerns: the Information Commissioner's Office (ico.org.uk, 0303 123 1113). For consumer disputes: the Citizens Advice consumer helpline (0808 223 1133). For payment disputes: your card provider or Stripe's dispute resolution process.
All complaints are reviewed to identify whether they indicate a systemic issue with the service. Where complaints identify a pattern of quality concern — for example, in relation to a specific document type or sector — ProPolicyForge will review and update its document generation processes accordingly.
ProPolicyForge is committed to equality, diversity and inclusion in all aspects of its business operations. This policy applies to ProPolicyForge's interactions with customers, suppliers and any individuals who engage with the platform or its operator.
This policy is informed by the Equality Act 2010. ProPolicyForge will not discriminate, directly or indirectly, on the grounds of any protected characteristic — age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, sex, or sexual orientation — in its service provision, communications or business practices.
Documents generated by ProPolicyForge are designed to align to current UK equality legislation and best practice, including the Equality Act 2010 and relevant sector-specific guidance. Generated equality and diversity policies, anti-harassment policies and associated documents reflect the protected characteristics defined in UK law and current regulatory expectations from bodies including the Equality and Human Rights Commission.
Any individual who believes they have been treated unequally or discriminatorily in their interactions with ProPolicyForge, or who has concerns about the equality implications of generated content, is encouraged to raise this via our complaints procedure at support@propolicyforge.com or directly with the Equality and Human Rights Commission at equalityhumanrights.com.
This policy will be reviewed annually and updated to reflect changes in legislation, regulatory guidance and best practice. The current version was last reviewed in April 2026.
These documents were generated using ProPolicyForge and reviewed by the operator prior to publication. They reflect ProPolicyForge's current operating practices as of April 2026. For queries about any of these policies, contact support@propolicyforge.com. All policies are reviewed annually or following significant changes to legislation, regulatory guidance or business operations.