GDPR Compliance Statement

---

Effective: 13/4/2025

At AICosts, we take data protection seriously. Our desktop app is built from the ground up with GDPR compliance in mind. Below is a transparent summary of how your data is handled during use.

• All files are processed locally on your machine.
   
• A working copy of your spreadsheet is created and stored only on your device.
   
• The app sends one cell at a time to secure AI endpoints via AWS Bedrock, for rewriting.
   
• No files are uploaded in full, and no data is stored or retained by AICosts or AWS.
   
• You retain full control and visibility over your data at all times.
   

• AICosts acts as a Data Processor only for the temporary transmission of content for rewriting.
   
• We are not a Data Controller, as we do not collect, store, or access any personally identifiable information (PII) or case files.
   

• All transmissions are sent via encrypted HTTPS.
   
• We use AWS Bedrock, a secure and GDPR-aligned infrastructure hosted in the EU-West-2 (London) region.
   
• No data is stored on our servers or third-party services.
   
• Working files are only stored on your local machine. We do not access your drive or any external locations.
   

• You retain full control over the content processed by the app.
   
• It is your responsibility to ensure any documents do not contain personal data that should not be processed, or that appropriate redactions are made before use.
   

• AICosts does not store or cache any user data.
   
• Once a rewriting request is completed, no record of it is held by AICosts or AWS.
   

For any GDPR concerns, audit needs, or data protection queries, you can contact:

admin@aicosts.co.uk