Data and privacy

Free Movement member research tools.

This notice explains what happens to your information when you use Free Movement's member-only research tools. It is written for the legal practitioners who use them. Last updated 29 June 2026.

It sits alongside, and does not replace, the main Free Movement website privacy policy, which covers your membership account, billing, the website and the forum. Where the two overlap (for example your membership identity) the main policy governs your account itself; this notice covers what the research tools do with your information.

Your membership identity is read at sign-in from Free Movement's WordPress / MemberPress membership system, which is the source of truth for who you are and what you are entitled to. That system is covered by the main website privacy policy; this notice covers only what the research tools do with the identity once it has been read.

The tools this notice covers

This notice applies to the four member research tools:

• Case Law Explorer (caselaw.freemovement.org.uk), an AI-assisted case law research aide;
• Knowledge Engine (knowledge.freemovement.org.uk), an AI-assisted question-and-answer tool over Home Office guidance, the Immigration Rules and legislation;
• Immigration Rules versions (rules.freemovement.org.uk), a browser for historical versions of the Rules;
• Policy change tracker (policies.freemovement.org.uk), a dashboard tracking changes to Home Office guidance.

The first two are the "AI tools": they send your typed question to an AI service to generate an answer. The other two do not. They show you stored documents and do not process free-text questions.

These tools are experimental research aides. They can be wrong or incomplete, and the AI tools can produce inaccurate or fabricated material. Always verify against the primary source before relying on anything they tell you.

Who is responsible for your data (the controller)

The data controller for these tools is Free Movement Publishing Ltd ("Free Movement", "we", "us"). We are registered with the Information Commissioner's Office (ICO), registration number ZB265912. If you have any question about this notice or your data, contact editor@freemovement.org.uk.

The short version

There are two different kinds of information, and we keep them deliberately apart:

• Usage data, tied to you. Who you are (from your membership), and how much you use the tools (how many questions, when, and what they cost us to run). We use this to operate the service and understand whether it is useful. We do not keep your questions or the answers in this record.
• Content data, kept apart from you. Your actual questions and the answers generated. These are stored separately, with no key, link or identifier that joins a stored question back to you, and the record carries only the date (not the time), so it cannot be matched back to your usage record either. We keep this only to check and improve the quality of the answers.

This split is the central privacy protection in these tools. It means that the moment your question is stored for quality purposes, it is no longer connected to your name, email or membership.

The one thing the split cannot do is anonymise the contents of what you type. If you paste a client's name, date of birth, Home Office or appeal reference, or a distinctive set of facts into a question, those particulars can identify your client by themselves, regardless of the fact that the record is not linked to you. Please read the practitioner note near the end.

These tools do not make any automated decision about you that has a legal or similarly significant effect. They only return research material for you to read and evaluate; any decision is yours.

What we collect, why, the lawful basis, and how long we keep it

A. Usage data, linked to your membership identity

What this is. When you sign in, the tool records a membership identity drawn from your Free Movement / MemberPress account: your WordPress user ID, name, email, the membership level(s) that grant you access, and the date your access was last checked. Each time you use a tool we record a usage entry: your user ID, the date and time, how many questions or refinements you ran, the result counts, how long the request took, and the AI token cost of the request. We also record per-request access logs (your IP address, the page, and the response status) and a stream of action events for security and rate-limiting.

Why we process it. To run the service and let you in (authenticate your session and check your membership entitlement); to understand and fund the service (how much the tools are used and what each query costs to operate); and to keep the service secure (detect abuse, rate-limit, and investigate incidents such as account takeover).

Lawful basis. Performance of our contract with you (UK GDPR Article 6(1)(b)) for signing you in and delivering the answer you asked for. Our legitimate interests (Article 6(1)(f)) for usage analytics and for security and abuse-prevention; our interest is in operating, funding and protecting a member service, and the usage record holds counts and cost, not your questions, so the impact on you is low. You can object to processing based on legitimate interests (see Your rights).

How long we keep it.

• Usage entries (user ID, date/time, counts, cost): up to 24 months, then deleted or reduced to anonymous aggregate totals.
• Membership identity in the sign-in record (name, email, user ID, entitlements): kept while you are a member; inactive sign-in records are reviewed and cleared after about 180 days of inactivity.
• Access and security logs (IP address, page, status, action events): deleted within about 30 to 90 days, kept long enough to investigate security incidents and no longer.

B. Content data, your questions and answers, stored apart from you

What this is. On the two AI tools, your typed question and the generated answer (and the supporting narration the tool produces) are stored in a separate content store. That store contains no identifier that links to you, and its records carry the date only, not the time, specifically so they cannot be re-matched to your usage record. Alongside the question and answer we store which source passages were retrieved and any quality rating (for example a thumbs-up or thumbs-down).

On the Knowledge Engine, if you build a policy basket of saved guidance extracts, that basket stores the verbatim extracts and any labels you give them. Baskets are a working area, are tied to you while in use, and are hard-deleted 7 days after you last touch them; you can also ask us to erase a basket immediately.

Why we process it. To evaluate and improve answer quality: checking that answers are grounded in the source material, spotting hallucinations, and acting on quality ratings.

Lawful basis. We design the content store to be anonymous by removing any link to you. For records that genuinely achieve anonymity, UK GDPR does not apply, because there is no personal data of yours left to have a basis for. For any record whose contents could still identify a person, we rely on our legitimate interests (Article 6(1)(f)) in maintaining a reliable tool. This fallback covers only ordinary personal data: we have no Article 9 condition and no Article 10 (criminal-offence) basis to hold special-category or criminal-offence data about a client, which is precisely why the design removes the link to you, and why we ask you (see the practitioner note) not to enter such detail. If special-category or criminal-offence detail is entered anyway, our position is that it must not be retained in identifiable form, and we delete it or further anonymise it on discovery.

How long we keep it.

• Question, answer, retrieval references and quality rating (AI tools): the question and answer text is cleared after about 30 days; only anonymous counts and ratings may be kept longer. Because it is not linked to you, it has no identity-based retention clock.
• Policy baskets (saved extracts and labels): 7 days after last use, then hard-deleted; immediate erasure on request.

Where your question is processed

To write an answer, the two AI tools send the text of your question, together with the relevant extracts from the guidance or case-law corpus, to the Claude AI model, which is run on Amazon Web Services in the European Union (Frankfurt, Germany). We do not send your name, email or membership identity, only the question text and the source passages. The questions and answers are not stored by the service after the answer is produced, and they are not used to train any AI model. Anthropic, the maker of the Claude model, runs the model on Amazon's EU infrastructure and does not itself receive or store your questions.

To find the relevant source passages, the two AI tools also send your question text to Voyage AI (United States, a MongoDB company) to match it against the corpus. As with the answer model, we send only your question text, not your identity. This step is governed by a data-processing agreement with the provider (see International transfers).

Other organisations we share data with

We use a small number of service providers ("processors") who act on our instructions under data-processing contracts:

• Amazon Web Services (European Union, Frankfurt): runs the Claude AI model that generates the answers. Your question stays in the EU and is not stored after the request.
• Anthropic: maker of the Claude model. Because the model runs on Amazon's EU infrastructure, Anthropic does not receive or store your questions.
• Voyage AI (United States, a MongoDB company): matches your question to the relevant source passages on the AI tools. Receives only your question text, not your identity.
• Hetzner (Germany, EU): hosts the server on which the tools and their databases run. All the data described above lives on a server in Germany.
• Cloudflare (United States): sits in front of the tool sites and handles incoming web traffic, processing visitors' IP addresses.
• MailerLite (EU): only if you subscribe to email alerts; holds your email address and name to send you the alert emails.
• Google (Gmail, United States): used only to send internal operational emails to Free Movement staff; this involves staff addresses, not member content.

Your membership identity is read at sign-in from Free Movement's WordPress / MemberPress membership system, which is covered by the main website privacy policy. We also keep short-lived backups of the tools' databases on the server.

International transfers

The server is in Germany (EU). Transfers from the UK to the EU/EEA are covered by the UK's adequacy rules, so the hosting itself involves no special transfer safeguard (adequacy position current as at 29 June 2026).

The AI answer is now generated in the EU (on Amazon's Frankfurt infrastructure), so producing the answer is no longer a transfer to the United States. The one remaining US transfer in the AI tools is the Voyage passage-matching step: for that, and for the Cloudflare and Google processing, we rely on the Standard Contractual Clauses as adapted by the UK International Data Transfer Addendum, supported by a transfer risk assessment, under each provider's data-processing agreement.

A note for practitioners: please don't enter client-identifying or sensitive detail unnecessarily

These tools answer general legal and policy questions well. They do not need your client's identity to do so.

Please avoid entering, unless genuinely necessary: a client's name, date of birth, address, Home Office, appeal or A-number or other reference, and any distinctive combination of facts that would identify a particular person, including a child. Immigration status is not, by itself, "special category" data; but the facts behind an asylum, protection, medical, religious-persecution or LGBT+ claim routinely reveal special category data (race or ethnicity, religion or belief, political opinion, health, sex life or sexual orientation) and may touch on criminal-offence matters, and the people involved are frequently vulnerable, and sometimes children.

We have no lawful condition to hold such detail about your client as identifiable special-category data, and no Article 10 basis for criminal-offence data; your authority to process your client's data does not pass to us. Our protection is therefore designed in: we don't keep your questions linked to you, and we ask you not to put identifying detail in them in the first place. The same applies to the feedback box: please don't paste case detail into feedback either. The less identifying detail you enter, the more completely the anonymisation protects everyone.

Cookies

These tools set one cookie: a strictly-necessary session cookie that holds only a random session identifier so the tool can keep you signed in. It is not used for analytics or marketing, and it does not require consent. We use no advertising or third-party tracking cookies in the tools. Where a site sits behind Cloudflare, Cloudflare may set its own strictly-necessary security cookies at the edge.

Your rights

Under UK data protection law you have the right to: access the personal data we hold about you; ask us to correct inaccurate data; ask us to delete your data, in the circumstances where that right applies; ask us to restrict our processing; object to processing based on our legitimate interests; and request portability of data you provided to us, where that right applies. To exercise any of these, contact editor@freemovement.org.uk; we will respond within one month.

Consent. None of the processing described in this notice relies on your consent. The one thing you opt into is email alerts: those are sent only if you subscribe, and you can unsubscribe at any time using the link in every alert email or by contacting us.

One honest point about the content store. Because we deliberately store your questions and answers with no link back to you, we cannot find "your" questions in that store to show you or delete them; there is no longer any identifier to search on. This is the intended trade-off: where the data is genuinely anonymous it is out of reach of these rights precisely because it is no longer your personal data. Your usage record and your membership identity, which are linked to you, remain fully subject to all the rights above.

Complaints

If you are unhappy with how we have handled your data, please tell us first at editor@freemovement.org.uk so we can try to put it right. We will acknowledge your complaint within 30 calendar days of receipt and respond without undue delay. You also have the right to complain to the Information Commissioner's Office (ICO), the UK regulator, at ico.org.uk or by calling 0303 123 1113. We would, though, appreciate the chance to address your concern first.

Changes to this notice

We keep this notice under review and update it as the tools and our arrangements change. If we make a material change (for example a new AI provider, a new category of data, or a change to retention) we will notify members (by email and/or an in-tool notice) rather than relying on a silent update here.

← Back to About