Privacy Notice
Last updated: 1 May 2026
1. Who we are
Comedy Lab is operated by Ian Mullen ("we", "us"). For the purposes of UK GDPR and the Data Protection Act 2018, we are the data controller for the personal data we collect about you when you use the Service.
2. What we collect and why
| Data | Purpose | Legal basis |
|---|---|---|
| Email, password (hashed) | Account creation, sign-in, security | Contract |
| Notebook entries, prompts, AI sessions | Provide the Service to you | Contract |
| Subscription & billing status | Manage entitlements | Contract |
| IP address, device info, basic usage logs | Security, fraud prevention, debugging | Legitimate interests |
| Support messages | Respond to enquiries | Legitimate interests |
Payment card data is collected and processed by Paddle, not by us — see "Sharing" below.
3. AI processing
When you use AI features, your prompts and the relevant context are sent to our AI provider to generate a response. We do not knowingly use your private content to train third-party models. You are responsible for not entering personal data of others or confidential information you don't have rights to share.
4. Sharing
We share personal data with:
- Hosting and infrastructure providers who run the Service on our behalf;
- AI model providers who process your prompts to return AI outputs;
- Paddle.com Market Limited, our Merchant of Record, who handles checkout, billing, subscription management, payments, tax compliance, and invoicing;
- Professional advisers (legal, accounting) where reasonably necessary;
- Authorities where required by law.
5. International transfers
Some recipients are located outside the UK/EEA. Where data is transferred internationally, we rely on adequacy decisions or Standard Contractual Clauses (SCCs) with appropriate safeguards.
6. Retention
We keep account and content data for as long as your account is active. After deletion or prolonged inactivity, data is deleted or anonymised within a reasonable period, except where retention is required for legal, tax, or fraud-prevention purposes.
7. Security
We use appropriate technical and organisational measures — including encryption in transit, access controls, and audit logging — to protect personal data. No system is perfectly secure; we will notify you of any breach as required by law.
8. Your rights
Under UK/EU GDPR you have the right to:
- access the personal data we hold about you;
- request rectification of inaccurate data;
- request erasure ("right to be forgotten") in certain circumstances;
- request restriction of processing;
- request portability of data you provided;
- object to processing based on legitimate interests;
- withdraw consent at any time where processing is based on consent;
- complain to a supervisory authority (in the UK, the ICO at ico.org.uk).
We aim to respond to requests within one month.
9. Cookies
We use essential cookies needed to keep you signed in and operate the Service. We do not currently use advertising cookies. If we add analytics cookies in future, we will update this notice and offer a way to manage preferences.
10. Contact
To exercise your rights or ask questions about this notice, contact Ian Mullen via the support email shown in your account.