Privacy policy

Dotrew Limited is the data controller for Penmora.

Our details are:

• Company: Dotrew Limited
• Trading name: Penmora
• Company number: [TBC]
• ICO registration number: [TBC]
• Registered office: The Old Workshop, Longfrey Cottage Dorking Road, Chilworth, Guildford, Surrey, GU4 8RH
• Email for data protection enquiries: hello@penmora.com

We do not currently have a formal Data Protection Officer. Data protection enquiries should be sent to the email address above.

We collect different kinds of data depending on how you use Penmora.

If you join the waiting list, we collect:

• your email address
• any optional information you choose to give us about what is prompting you to record
• the date and time of your submission

When Penmora accounts are available, we may collect:

• your name
• your email address
• your password hash
• your account settings and preferences
• details of people you choose to invite or designate for access

We do not store your plain-text password.

When the Penmora app is available, we may collect:

• audio recordings you make
• transcripts created from those recordings
• written input you choose to type instead of speaking
• corrections you make to a transcript
• AI-generated summaries, groupings and suggested connections based on your recordings
• metadata about recordings, such as dates, times, duration and device information

The original recording and transcript remain the source of truth.

When you use the website or app, we may collect:

• IP address
• browser and device information
• request time
• pages visited
• app or website error reports
• security and access logs

If you email us, we collect the information contained in your message and any reply we send.

We collect personal data only for clear purposes.

Waiting-list data is used to send the message you asked to receive when Penmora is ready to open more widely.

Account data is used to create and manage your account.

Recording and story data is used to provide the Penmora service: recording, transcription, review, retrieval, organisation, export and any approved outputs.

Technical data is used to operate the website and app, keep them secure, diagnose faults and understand basic usage.

Communications data is used to reply to you and keep a record of the conversation.

We do not use legitimate interest as a basis for behavioural advertising, profiling, unsolicited marketing or sharing your data with third parties beyond the processors listed in this policy.

Under UK data protection law, we need a lawful basis for each use of personal data.

We rely on:

Consent where you choose to join the waiting list, give optional context, make a recording, or use features that require clear permission.

Contract performance where we process account, recording and story data to provide the Penmora service.

Legitimate interests where we need to run the website and app securely, respond to enquiries, prevent abuse, maintain records and understand whether the service is working properly.

Legal obligation where we need to keep certain records for tax, accounting, regulatory or legal reasons.

Where life-story recordings include special category data, we rely on explicit consent. More detail is set out in section 10.

Penmora uses personal data to provide the service you ask for.

We use recordings and transcripts to:

• create a private archive
• transcribe what was said
• help you review and correct uncertain words
• organise recordings by topic
• help you find what has already been recorded
• prepare approved outputs from the material you have recorded
• export your archive when you ask us to

Penmora does not use your recordings, transcripts or written input to train AI models. We do not allow our third-party processors to train their models on your recordings, transcripts or written input.

Penmora does not sell your data.

Penmora does not run behavioural advertising.

Penmora does not use ad-network tracking.

The AI in Penmora is there to help record, transcribe, organise and retrieve your own material. It does not invent answers about your life. If something was not recorded, Penmora will not pretend that it was.

You can read more about this on How we handle your story.

We share data only where needed to provide Penmora, operate the business, meet legal duties, or protect the service.

We may share data with:

Used to run the website, app, database and private storage. Penmora is designed around UK data residency. The final provider list will be verified before publication.

Used to transcribe recordings and help organise or retrieve material within your archive. They are not permitted to train models on Penmora user content.

Used to receive messages sent to hello@penmora.com and to send service emails.

We use Simple Analytics for privacy-friendly website analytics. Simple Analytics is cookieless and does not track people across the web.

Used for invoice, accounting and tax records where payment data exists.

Some trusted contractors may need limited access to operational systems. Access is restricted to what they need for their work and is not a general right to browse user content.

Only where required by law or where disclosure is necessary to establish, exercise or defend legal rights.

We do not share personal data with anyone else unless you have specifically agreed to it or the law requires it.

We keep personal data only for as long as we need it.

Waiting-list data is kept until launch plus 6 months, or until you ask us to delete it, whichever is sooner.

Account data is kept while your account remains open.

Recordings and transcripts are kept while your account remains open, unless you delete them earlier.

When you delete recordings or close an account, content enters a 90-day recovery window. This protects against mistakes, such as deleting the wrong recording or deleting more than intended. During that window, the content can be recovered at your request. After the window closes, deletion is final, except where we are legally required to keep limited records.

Communications are usually kept for 2 years from last contact, unless a longer period is needed for legal, regulatory or operational reasons.

Technical logs are usually kept for 30 to 90 days, unless a longer period is needed to investigate security, abuse or service issues.

Accounting records are kept for 6 years where required by HMRC rules.

Penmora is UK-first. User data is stored in UK data centres wherever Penmora controls the storage location.

We use encryption in transit and at rest. We restrict access to user content. We keep access to private recordings and transcripts as limited as possible.

Penmora is built to Cyber Essentials Plus standards and is working toward ISO 27001 certification. We do not claim certification until it has been achieved.

The exact technical controls and processor list will be verified before this policy is published.

You can read more about Penmora's principles on Principles.

Under UK data protection law, you have rights over your personal data.

You can ask us to:

• confirm whether we hold personal data about you
• give you a copy of your personal data
• correct inaccurate data
• delete your data
• restrict how we use your data
• object to certain uses of your data
• transfer your data to you or another provider, where the right applies

Penmora does not currently make solely automated decisions that have legal or similarly significant effects on you.

To exercise your rights, contact hello@penmora.com.

We will usually respond within one month. If a request is complex, UK data protection law allows us to extend that period by up to two further months. If that happens, we will explain why.

Life-story recordings can include sensitive information.

A recording may include details about health, family relationships, beliefs, ethnicity, sexuality, grief, regrets, finances, or other private matters. Some of this may count as special category data under UK data protection law.

Penmora processes this information only to provide the service you have chosen to use.

When app accounts and recordings are available, we will ask for explicit consent before processing life-story recordings. You will remain in control of what you record, correct, export, share and delete.

Recordings may also mention other people. You should think carefully before recording or sharing private information about someone else. Where a recording includes information about third parties, you are responsible for making sure you have a proper basis for including and sharing it.

Penmora is also designing post-death access controls. The intention is that a storyteller can decide in advance who should be able to access their archive after death. Without a clear designation, access will not be granted automatically. We will publish more detail when this operational policy is settled.

We use cookies and similar technologies only where they are needed to run the website or app.

The Penmora website uses Simple Analytics, which is cookieless. We do not use advertising cookies.

You can read the full Cookie policy at /cookies.

Penmora is not directed at children.

When app accounts are available, you must be 18 or over to create an account.

We do not knowingly collect personal data from children. If you believe a child has provided personal data to Penmora, contact hello@penmora.com and we will review it.

We may update this policy from time to time.

If we make a material change to how we handle personal data, we will take reasonable steps to tell affected users. This may include email notification, a notice on the website, or a notice inside the app.

We will not make significant changes quietly.

The date at the top of this page shows when the policy was last updated.

For privacy questions, rights requests or complaints, contact:

hello@penmora.com

You can also write to us at:

Dotrew Limited
The Old Workshop
Longfrey Cottage Dorking Road
Chilworth
Guildford
Surrey
GU4 8RH

You also have the right to complain to the Information Commissioner's Office.

We would prefer the chance to respond to your concern first, but you do not have to contact us before contacting the ICO.