Back to Legal

PRIVACY POLICY

HireABarrister.com

Effective date: 18 February 2026 | Last updated: 18 February 2026

1. Introduction

HireABarrister Ltd (company number 16783218) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use HireABarrister.com (the Platform).

We are the data controller for personal data processed through the Platform. Our Data Protection Officer is Joe Lafferty. Contact: info@hireabarrister.com.

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Information You Provide

All Users:

  • Full name
  • Email address
  • Phone number
  • Password (encrypted)
  • Account type

Additionally for Clients:

  • Case descriptions and background information
  • Documents and evidence uploaded to the Platform
  • Billing address
  • Payment card details (processed by Stripe, not stored by us)

Additionally for Barristers:

  • BSB registration number and practising certificate details
  • Date of call to the Bar and years of experience
  • Areas of practice and expertise
  • Professional biography
  • Court locations covered
  • Professional indemnity insurance details
  • Bank account details (for payment via Stripe)
  • Qualifications and education
  • Professional photograph

2.2 Information Collected Automatically

  • IP address and approximate location
  • Browser type, device type, and operating system
  • Pages visited, time spent, and navigation patterns
  • Referral source (how you found us)
  • Session recordings and heatmaps (via Microsoft Clarity)

2.3 Sensitive Personal Data

Case information may include special category data such as health information, criminal convictions, information about children, or other sensitive matters. We process this data only where necessary for the legal services being sought, under Article 9(2)(f) UK GDPR (establishment, exercise, or defence of legal claims) or with your explicit consent.

3. How We Use Your Data

We use your personal data for the following purposes:

Contractual Performance (Article 6(1)(b)):

  • Creating and managing your account
  • Facilitating introductions between Clients and Barristers
  • Processing payments through Stripe
  • Generating Client Care Letter drafts
  • Providing case management, messaging, and scheduling tools
  • Sending transactional communications (confirmations, reminders)

Legitimate Interests (Article 6(1)(f)):

  • Improving Platform functionality and user experience
  • Analytics and performance monitoring
  • Fraud prevention and security
  • Enforcing our Terms of Service
  • Marketing communications (where permitted)

Legal Obligation (Article 6(1)(c)):

  • Tax and financial record keeping
  • Responding to lawful requests from authorities
  • Compliance with anti-money laundering regulations

Consent (Article 6(1)(a)):

  • Marketing emails (you may withdraw consent at any time)
  • Non-essential cookies
  • Processing of special category data where consent is the basis

4. Who We Share Your Data With

We share personal data with the following categories of recipients, all of whom are bound by data processing agreements:

Payment Processing:

Stripe Payments Europe Ltd. Stripe processes payment card details and Barrister payout information. Stripe's privacy policy applies to payment data. We do not store full card numbers.

Hosting and Infrastructure:

  • Supabase (database hosting and authentication)
  • Vercel (web application hosting)
  • GitHub (code repository, no personal data stored)

AI Processing:

Anthropic (Claude API) processes case information for AI-assisted intake, fact extraction, and Client Care Letter generation. Anthropic processes data as a sub-processor under our data processing agreement. Data sent to Anthropic is used solely to provide Platform services and is not used to train AI models.

Analytics and Performance:

  • Google Analytics (anonymised usage data and traffic analysis)
  • Microsoft Clarity (session recordings and heatmaps for UX improvement)
  • Meta Pixel (advertising performance measurement)

Business Operations:

Google Workspace (internal business email and document management).

Other Disclosures:

We may disclose personal data where required by law, court order, or regulatory request, or where necessary to protect our rights, property, or safety.

5. International Data Transfers

Your data is primarily stored and processed in the United Kingdom and European Economic Area. Some of our processors (including Anthropic, Vercel, and Google) may process data outside the UK/EEA.

Where data is transferred internationally, we ensure adequate protection through:

  • UK adequacy regulations (transfers to countries with adequate data protection)
  • Standard Contractual Clauses approved by the UK Information Commissioner
  • Other approved transfer mechanisms under UK GDPR

6. Data Retention

We retain personal data for as long as necessary for the purposes set out in this Policy:

  • Account data: retained while your account is active and for 2 years after closure
  • Case data: retained for 6 years after the Engagement concludes (limitation period for legal claims)
  • Financial records: retained for 7 years (HMRC requirements)
  • Analytics data: retained for 26 months (Google Analytics default)
  • Communications: retained for 6 years after the relevant Engagement concludes
  • Marketing consent records: retained for as long as consent is valid plus 1 year

After the retention period, data is securely deleted or anonymised.

7. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption of data in transit (SSL/TLS)
  • Encryption of sensitive data at rest
  • Secure authentication with password hashing
  • Regular security testing and updates
  • Access controls limiting who can view personal data
  • Staff training on data protection

No system is completely secure. We cannot guarantee absolute security but we take reasonable steps to protect your data. You are responsible for maintaining the security of your login credentials.

In the event of a personal data breach, we will notify you and the Information Commissioner's Office as required by law.

8. Your Rights

Under UK GDPR, you have the following rights:

  • Right of access: request a copy of your personal data
  • Right to rectification: request correction of inaccurate data
  • Right to erasure: request deletion of your data (subject to legal retention requirements)
  • Right to restrict processing: request that we limit how we use your data
  • Right to data portability: request your data in a structured, machine-readable format
  • Right to object: object to processing based on legitimate interests or direct marketing
  • Right to withdraw consent: where processing is based on consent, withdraw at any time
  • Right not to be subject to automated decision-making: you have the right not to be subject to decisions based solely on automated processing that produce legal effects

To exercise any of these rights, contact our Data Protection Officer at info@hireabarrister.com. We will respond within one month.

If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

9. Legal Professional Privilege

Communications between Clients and Barristers may be subject to legal professional privilege. We do not waive or override privilege. However, communications through the Platform may not always attract privilege. You should discuss confidentiality expectations with your Barrister.

We may access communications for legitimate business purposes (dispute resolution, compliance monitoring, fraud prevention) but will not do so unnecessarily and will respect the privileged nature of legal communications where applicable.

10. Children's Data

The Platform is not intended for use by anyone under 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

Case information may relate to children (for example, in family law matters). This data is processed as part of the legal services being sought and is handled with appropriate care and security.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are material, we will notify registered users by email. The latest version is always available on the Platform.

12. Contact

Data Protection Officer: Joe Lafferty

Email: info@hireabarrister.com

HireABarrister Ltd, Maddox And Co, 34-35 Butcher Row, Shrewsbury, SY1 1UW

Company Number: 16783218