ScriptoriumGM
LoginSign Up
Parchment texture background

Privacy Policy

How we collect, use, and protect your personal information

Last updated: March 2026

Introduction

ScriptoriumGM is a product of AI Leadership Lab, operated by Ribble Ridge Associates Limited. We are committed to protecting your privacy and ensuring transparency about how we collect, use, and safeguard your personal information. This Privacy Policy explains our practices regarding personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who We Are

Data Controller: Ribble Ridge Associates Limited (Trading as AI Leadership Lab)

Company Number: 15047002

Contact Email: ross@scriptoriumgm.com

Product: ScriptoriumGM

Information We Collect

Account Information

  • Email address (required for account creation and communication)
  • Username (chosen by you for identification within the service)
  • Password (encrypted and stored securely)
  • Profile information if you choose to add it

Google Sign-In Data

If you choose to sign up using Google, we may receive:

  • Your Google account email address
  • Your Google profile name
  • Your Google profile picture (if you've set one)

Campaign and Usage Data

  • Campaign content you create (characters, locations, notes, etc.)
  • Files you upload to your campaigns
  • Conversation history with our AI assistant
  • Usage patterns and feature interactions (to improve our service)

Technical Information

  • IP address and location data (for security and service delivery)
  • Browser type and version
  • Device information (for compatibility and support)
  • Essential cookies for authentication and service functionality

How We Use Your Information

Service Provision (Legitimate Interest)

  • Provide access to ScriptoriumGM's campaign management features
  • Process AI assistant requests and generate content
  • Store and organize your campaign data
  • Ensure service security and prevent fraud
  • Provide technical support when needed

Service Improvement (Legitimate Interest)

  • Analyze usage patterns to improve features and performance
  • Develop new features based on user needs
  • Troubleshoot technical issues
  • Ensure platform stability and performance

Communication (Consent/Legitimate Interest)

  • Send essential service communications (with legitimate interest)
  • Send marketing emails about ScriptoriumGM (with your consent)
  • Respond to your support requests and inquiries
  • Notify you of important updates or security issues

Processing of Document Content

When you upload documents to the Service, the content of those documents is processed for the following purposes only:

  • Converting document content into vector representations (embeddings) stored in our vector database, used to retrieve relevant passages in response to your queries
  • Transmitting relevant retrieved passages to AI model providers (currently Anthropic, acting as our data processor) to generate responses to your questions

The content of your uploaded documents is not used to train, fine-tune, or otherwise improve any AI model. The legal basis for this processing is the performance of our contract with you (UK GDPR Article 6(1)(b)).

Third-Party Service Providers & Data Transfers

To provide ScriptoriumGM's services, we work with carefully selected third-party service providers. Some of these providers are based in the United States and other countries outside the UK. We ensure appropriate safeguards are in place for all international data transfers in accordance with UK GDPR requirements.

Authentication and Database Providers

We use third-party authentication services and cloud database providers to securely manage user accounts and store your campaign data.

Cloud Hosting and Infrastructure Services

Our application and database infrastructure are hosted by third-party cloud service providers to ensure reliable service delivery and data backup.

AI and Machine Learning Services

We integrate with artificial intelligence and machine learning service providers to power our AI assistant features for content generation and campaign assistance. Your uploaded documents are processed solely to provide retrieval and AI assistance features to you — they are not used to train, fine-tune, or otherwise improve any AI model.

Payment and Subscription Services

Third-party payment processors and subscription management platforms handle billing and subscription services when you choose to upgrade your account.

Communication and Community Platforms

We may integrate with external communication platforms and community services to facilitate user interaction and support.

Data Processing Agreements

All third-party providers are bound by data processing agreements that ensure they:

  • Process data only according to our instructions
  • Implement appropriate security measures
  • Comply with UK GDPR and data protection requirements
  • Notify us of any data breaches promptly
  • Delete or return data when services are terminated

Data Retention

Active Accounts

We retain your account data and campaign content while your account remains active.

Deleted Accounts

After account deletion, we retain personal data for up to 3 years for legal and backup purposes, after which it is permanently deleted from all systems.

Essential Communications

Records of essential service communications may be retained for up to 7 years for legal compliance.

Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right of Access

Request a copy of your personal data

Right to Rectification

Correct inaccurate personal data

Right to Erasure

Request deletion of your data

Right to Restrict Processing

Limit how we use your data

Right to Data Portability

Receive your data in a portable format

Right to Object

Object to certain types of processing

Right to Withdraw Consent

Withdraw consent for marketing communications

Right to Complain

Lodge a complaint with the ICO

Cookies and Tracking

Essential Cookies

We use essential cookies to maintain your login session and ensure the service functions correctly. These are necessary for the operation of ScriptoriumGM and do not require consent.

Marketing & Advertising Cookies

With your consent, we use Meta Pixel, operated by Meta Platforms Inc.(1 Hacker Way, Menlo Park, CA 94025, USA), to measure the effectiveness of our advertising on Instagram and Facebook. This technology sets cookies on your device and may send information (such as anonymised page views and conversion events) to Meta's servers in the United States. This processing is based on your consent (Art. 6(1)(a) UK GDPR), which you can withdraw at any time using the "Cookie Settings" link in the footer of any page. For information about how Meta uses data, please see Meta's Privacy Policy.

In addition to the browser-based Meta Pixel, our server sends matching conversion events to Meta's Conversions API for measurement accuracy. The same consent controls apply — no personal data is sent server-side without your marketing consent. Without consent, only anonymised technical data (IP address, browser type) may be included.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, or unauthorised disclosure or access, in accordance with Article 32 of the UK General Data Protection Regulation:

  • All data transmission is encrypted using industry-standard TLS
  • Passwords are securely hashed and never stored in plain text
  • We use reputable cloud providers with strong security credentials
  • Regular security assessments and updates
  • Limited access controls for our systems

Data Isolation and Separation

Your uploaded documents, vector embeddings, and conversation history are stored in isolated, per-user data partitions. We implement technical controls to prevent your content from being accessed by or disclosed to other users of the Service. Our vector database stores your document embeddings in namespaced partitions indexed to your user account. Only your account can query your namespace.

Age Restrictions

ScriptoriumGM is intended for users aged 16 and above. If you are under 16, please do not use our service or provide any personal information. If we become aware that we have collected personal data from someone under 16, we will take steps to delete such information promptly.

Contact Us & Making Complaints

Contact Us

To exercise your rights or if you have questions about this Privacy Policy, contact us at:

support@scriptoriumgm.com

We will respond to your request within 30 days.

Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: www.ico.org.uk

Phone: 0303 123 1113

Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by email or through our service. The "Last updated" date at the top of this policy indicates when the most recent changes were made.

Legal Basis Summary

Data Processing ActivityLegal Basis
Providing ScriptoriumGM serviceLegitimate Interest
Account security and fraud preventionLegitimate Interest
Service improvement and analyticsLegitimate Interest
Essential service communicationsLegitimate Interest
Document processing for AI retrievalContract Performance
Marketing communicationsConsent
Marketing cookies (Meta Pixel)Consent