Legal Compliance Checklist

Last updated: 4 June 2026

Website: https://staging.mylawtools.co.uk/stg/

Operator: myLawTools part of QMConsultancy.uk trading as My Law Tools

1. Purpose

This page is an internal/public-facing checklist of the key legal, privacy and compliance items that should be completed before launch and reviewed regularly.

You may keep this page private in WordPress if you do not want the public to see your internal checklist.

2. Website legal pages

Terms and Conditions page created and linked in footer.
Privacy Policy / UK GDPR Notice page created and linked in footer.
Cookie Policy page created and linked in footer.
Data Processing Agreement page created and linked where business users or firms may upload personal data.
Acceptable Use Policy page created and linked in account sign-up and footer.
Refund, Cancellation and Subscription Policy page created and linked at checkout.
AI, OCR, Redaction and Document Processing Disclaimer created and linked inside relevant tools.
Legal Notice and Contact Information page created and linked in footer.
Subprocessor List page created and kept updated.
Website Disclaimers and User Confirmations page created or converted into tool-level warnings.

3. Business details to complete

Legal business name inserted.
Trading name inserted.
Website URL inserted.
Contact email inserted.
Registered or trading address inserted.
Company number inserted, if applicable.
VAT number inserted, if applicable.
Last updated date inserted on every page.

4. Cookie compliance

Cookie consent banner installed.
Users can reject optional cookies as easily as accepting them.
Cookie settings page or panel created.
Cookie scan completed.
Cookie table updated with actual cookies.
Analytics and marketing cookies blocked until consent where required.

5. Account sign-up compliance

Terms acceptance checkbox added.
Privacy Policy acceptance or notice added.
No legal advice acknowledgement added.
Marketing consent separated from mandatory account emails.
Professional responsibility warning added for legal users.

6. Checkout compliance

Subscription renewal wording added.
Refund and cancellation policy linked.
Immediate digital access wording added for consumers where appropriate.
Payment failure and downgrade wording added.
VAT position clearly displayed.

7. Tool-level warnings

Upload screen warning added.
Final bundle generation confirmation added.
Redaction export confirmation added.
AI/OCR warning added.
Deadline calculator warning added.
Export screen disclaimer added.
Support disclaimer added.

8. Data protection controls

Confirmed whether files are local-only, server-processed or mixed.
Confirmed whether uploaded files are stored and for how long.
Confirmed whether generated bundles are stored and for how long.
Confirmed whether AI/OCR uses third-party processors.
Confirmed whether support staff can access uploaded files.
Created subprocessor list.
Created deletion/export process for account users.
Created personal data breach response process.

9. Security controls

SSL enabled.
WordPress, themes and plugins updated.
Admin accounts protected with strong passwords and MFA where possible.
Backups configured.
Security plugin or firewall configured.
Access permissions reviewed.
Error logging reviewed so sensitive document data is not unnecessarily exposed.

10. Professional-use controls

No legal advice disclaimer visible.
Court compliance disclaimer visible.
Deadline verification warning visible.
Redaction verification warning visible.
Human review requirement visible for AI/OCR outputs.
Users required to accept responsibility before high-risk exports.

11. Review cycle

Review these pages whenever you change subscriptions, payment providers, hosting, analytics, AI/OCR providers, document storage, file upload behaviour, user roles, team accounts, security systems or major product features.

You should also have these pages reviewed by a qualified solicitor before public launch and after any major business or technical change.