Back to Court

Privacy Notice

Privacy Policy

Effective from: 20 May 2026

Last updated: 21 May 2026

Overview

This notice explains how Mister Gere Ltd ("Wardict", "we", "us", "our") collects, uses and protects your personal data when you use the Wardict service at wardict.com.

We are the controller of your personal data under the UK GDPR and the Data Protection Act 2018. Wardict is intended for users in the United Kingdom only.

1. Who we are

  • Legal name: Mister Gere Ltd
  • Trading as: Wardict
  • Company number: 17229722 (registered in England & Wales)
  • Registered office:Wellingborough, England
  • Contact for privacy matters: privacy@wardict.com

2. What this notice covers

This notice covers personal data we collect through the Wardict website, account creation, the AI-generated verdict service, paid products (Pilot Report and Pro Annual), the Evidence Locker, the referral programme and any related communications.

Wardict is offered to users located in the United Kingdom only. If you access the service from outside the UK, please do not submit personal data — we may decline to provide the service.

3. Age restriction

Wardict is for users aged 16 or over. We do not knowingly collect personal data from anyone under 16. If you believe a child under 16 has provided us with personal data, please email privacy@wardict.com and we will delete it.

4. Personal data we collect

We only collect the personal data we need to run the service. The categories are:

Account data
Email address, display name, profile picture (from your sign-in provider), hashed password (for email sign-in), a device fingerprint used for abuse prevention.
Submitted content
The business idea text you submit for analysis, plus any optional clarifying answers you provide.
Service output
The AI-generated verdict, score, and any associated analysis we produce for you. Saved verdicts are stored in your Evidence Locker.
Payment data
Billing email, Stripe customer ID, transaction records (amount, currency, status, timestamps). We do not see or store your full card number or CVC — Stripe handles those directly.
Usage / analytics data
De-identified behavioural events (e.g. "verdict_submitted", "checkout_initiated"), with high-level attributes such as input length and verdict score. Sent to PostHog (EU data centre). No name, email or idea text is sent.
Local browser storage
A referral code if you arrived via an invite link, cached verdict results, a session identifier, and Pilot Report access flags.
Referral data
Your personal referral code, the relationship between referrer and referred user, and bonus-verdict counts.
Marketing preferences
Whether you have opted in to receive Warden Briefings, the version of the consent wording you saw, and a log of every opt-in or opt-out so we can evidence your choice. Only collected if you tick the marketing checkbox at signup or change your preference later.
Communications
Records of emails you send us, including any data-subject requests.

5. Why we use it and our lawful basis

Under Article 6 of the UK GDPR, we rely on the following lawful bases:

Performance of a contract (Art. 6(1)(b))
Creating and operating your account, generating verdicts, delivering paid features (Pilot Report, Pro Annual), running the Evidence Locker, processing payments via Stripe.
Legitimate interests (Art. 6(1)(f))
Operating a cross-user verdict cache (normalised hashes and embeddings) so we can serve faster, cheaper results; preventing abuse and fraud (rate-limiting, device fingerprint); keeping the service secure and free of bots.
Consent (Art. 6(1)(a))
Non-essential analytics cookies (PostHog), and sending you Warden Briefings — our marketing emails containing startup verdicts, validation tips, product updates, and occasional offers. You only receive Warden Briefings if you ticked the marketing checkbox at signup or opted in later from your account settings. You can withdraw consent at any time using the unsubscribe link in any Warden Briefing, from your account settings, or by emailing us at privacy@wardict.com. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
Legal obligation (Art. 6(1)(c))
Retaining payment records for accounting and tax purposes under UK law.

Our legitimate-interests assessment for the verdict cache concluded that the privacy impact is low (we cache derivative outputs and embeddings keyed by normalised hashes, not by user identity), and that the benefit to all users (faster, lower-cost service) outweighs that impact. You can request more detail at any time.

6. Who we share your data with

We do not sell your personal data. We share it only with the service providers (data processors) we need to run Wardict. Each operates under a written data-processing agreement.

Supabase Inc.
Database, authentication, edge functions and storage. Hosting region: EU / UK where available.
Google LLC (Gemini API)
AI processing of submitted ideas to produce the verdict. We route requests through a server-side proxy so your idea reaches Google only with the data needed to generate the verdict.
Google LLC (OAuth)
Optional "Sign in with Google" authentication, if you choose it.
Stripe Payments Europe Ltd
Payment processing for the Pilot Report and Pro Annual products.
PostHog Inc.
Product analytics. We use the EU instance at eu.i.posthog.com and do not pass your name, email or idea text.

We may also share personal data with our professional advisers (lawyers, accountants), or with law enforcement and regulators where we are required to do so by law.

7. International transfers

Some of our processors (notably Google, Stripe and PostHog) are based outside the UK or may transfer data to other countries. Where personal data is transferred outside the UK, we rely on the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or an adequacy decision recognised by the UK government, as appropriate.

You can request a copy of the safeguards we use by emailing privacy@wardict.com.

8. Cookies and similar technologies

We use a small number of cookies and browser-storage items. We classify them as either essential (needed for the service to work) or non-essential (only loaded with your consent).

Essential

Supabase auth session
Keeps you signed in. Expires when you sign out or after your session ends.
wardict_referral_code
Stores a referral code you arrived with, until you sign up.
wardict_referral_registered
Flag noting that a referral has been registered against your account.
wardict_pilot_<hash>
Records that you have access to a Pilot Report PDF for a specific verdict.
Cached verdicts
Stores recent verdict results so the page survives a refresh.
wardict_session_id
Anonymous session identifier used to de-duplicate events within a browsing session.

Non-essential (analytics)

PostHog analytics cookies
De-identified product analytics, set only after you accept analytics in the cookie banner. EU data centre.

You can withdraw consent at any time by clearing cookies for our site or by emailing us. Withdrawal will not affect the lawfulness of processing carried out before withdrawal.

9. How long we keep your data

Account, profile, verdict history, referrals
For as long as your account is active, then deleted within 30 days of account closure.
Payment records (Stripe, invoices)
7 years from the end of the relevant accounting period, as required by UK tax law.
Analytics events (PostHog)
12 months from collection, then automatically purged.
Verdict cache (normalised hashes & embeddings)
Retained while it serves requests. Contains no direct identifier linking entries back to you.
Communications (emails)
3 years from the last contact, unless we need to keep them longer for a legal claim.
Marketing-consent records (opt-ins, opt-outs, wording version)
For the lifetime of your account plus 7 years after closure, so we can evidence your past choices if challenged. Kept separately from the rest of your profile so a deletion request can be honoured without erasing the audit trail required to defend prior sends.

10. Your rights

Under the UK GDPR you have the right to:

  • access the personal data we hold about you
  • have inaccurate data corrected
  • have your data erased (the "right to be forgotten")
  • restrict how we process your data
  • receive a copy of your data in a portable format
  • object to processing based on legitimate interests
  • withdraw consent at any time (where consent is the lawful basis)
  • complain to the Information Commissioner's Office

To exercise any of these rights, email privacy@wardict.com. We will respond within 30 days. We may ask you to verify your identity first. There is no charge for a reasonable request.

If you are not satisfied with our response, you can complain to the ICO: ico.org.uk, helpline 0303 123 1113.

11. Automated decision-making and profiling

The verdict is generated by an AI model (Google Gemini) at your request. It is not used to make any decision producing legal effects on you or similarly significantly affecting you (Article 22 UK GDPR). You initiate each verdict, you can ignore the result, and we do not use the verdict to evaluate you for credit, employment, insurance, housing or anything similar.

The verdict is an AI-generated opinion. It may be inaccurate, incomplete or biased. You should not rely on it as professional advice. See our Terms of Service for the full disclaimer.

12. Security

We protect your data with measures including:

  • TLS encryption in transit between your browser and our servers
  • Database row-level security so users can only access their own data
  • PCI-DSS-compliant card handling through Stripe (we never see your card number)
  • Server-side proxying of the Gemini API key so it is never shipped to the browser
  • Restricted CORS allow-lists on our edge functions
  • Rate limiting and abuse prevention on verdict submissions

No system is perfectly secure. If we become aware of a personal data breach that is likely to result in a risk to you, we will notify you and the ICO as required by law (within 72 hours where applicable).

13. Changes to this notice

We may update this notice from time to time. If we make a material change, we will let you know by email and through an in-app notice before the change takes effect. Non-material changes will be reflected in the "Last updated" date at the top of this page. We encourage you to review this notice periodically.

14. Contact us

Questions, complaints, or to exercise your rights — email privacy@wardict.com.

Postal: Mister Gere Ltd, 14 Fields View, Wellingborough, England, NN8 1LZ, United Kingdom.

© 2026 Mister Gere Ltd • Company no. 17229722

TermsPricingHome