Legal centre + data help

Get the right policy, answer, or data request help.

Use this page to read CharmEngine policies, ask a legal question, or send a data request. CharmEngine, CharmBot, Charm API, and CharmCanvas requests come through here. BondOS has its own legal page at bondos.uk/policies.

Data request intakeAI reviewHuman-reviewed repliesClear product boundaries
Legal request flowHuman reviewed
Online formSent to the right reviewer
Reply draftChecked by a person
Support reviewHandled with care
Email updatesSent to you
Legal and data requests do not use Charm Tokens. If AI helps draft a reply, a person checks it before anything is sent.
Policies

The important rules, kept in one place.

This page links the public policies for account use, CharmCanvas generation, Charm Token usage, Discord bot operation, API usage, data rights, and third-party suppliers. We keep the wording plain and only describe controls we actually run.

Privacy policy

What we collect, why we need it, how long we keep it, and how to ask about it.

Terms of service

General customer use terms for CharmEngine public and tenant-facing services.

Account + token rules

Simple rules for accounts, CharmCanvas, API use, Charm Tokens, cost estimates, and usage limits.

Discord bot agreement

CharmBot permissions, approval gates, Essential Mode, reply allowances, and server rules.

Supplier documents

Links and support for supplier, security, and data-processing paperwork.

AI safety and impact

Plain-English AI Act position, impact summary, high-risk gates, and human oversight.

Cookie policy

Essential, analytics, and marketing cookie choices for public website pages.
EU AI Act and AI safety

CharmEngine is built for business content, not high-risk decisions.

CharmEngine, CharmBot, Charm API, and CharmCanvas are normally used as business software for marketing content, customer workflows, brand assets, video creation, support, publishing, and proof. Most customer use is not intended to be high-risk AI.

They are not meant to decide whether someone gets a job, loan, school place, medical care, legal outcome, insurance, public service, or other high-stakes result. If a customer wants to use CharmEngine in a regulated or high-risk setting, we review that use before activation.

Normal use

The normal CharmEngine use case is customer content, marketing, Discord support, API workflows, media generation, reporting, approvals, cost estimates, and proof.

Unsuitable uses

CharmEngine is not for social scoring, hidden manipulation, unlawful biometric use, non-consensual intimate content, impersonation, copyrighted-character abuse, or regulated claims without evidence.

Extra review

Examples that need separate review include employment decisions, credit, legal advice, medical claims, biometric identification, child-safety workflows, public-service decisions, or anything that could seriously affect a person's rights.

Review records

We keep product review records for AI Act, GDPR, vendor, security, and customer-support questions. Sensitive operational details are not published on the website.

EU AI Act overviewArticle 27 summaryImpact summaryDownload impact PDFSupplier documents
Impact assessment

Public AI impact summary.

This is the plain-English public summary. We review the purpose of the AI feature, who may be affected, what data is used, where human oversight is needed, what providers are involved, what uses are not suitable, and how issues are handled.

A downloadable public summary is available for customers, procurement teams, and privacy reviewers. Detailed review records are kept separately so we can answer customer and compliance questions without exposing sensitive operational information.

Purpose

Help businesses create content, manage Discord and API workflows, generate video and media, estimate Charm Token cost, route approvals, and keep proof.

People affected

Customers, tenant users, Discord server members, API users, affiliates, support contacts, legal requesters, and people shown in customer-provided media.

Data processed

Account details, tenant workspace data, campaign inputs, uploaded assets, prompts, approvals, usage records, billing or token records, support messages, and technical logs.

Human oversight

Paid renders, public publishing, sensitive replies, legal requests, regulated claims, and risky workflows can require human review or customer approval before release.

Provider use

Approved AI, media, cloud, storage, email, payments, analytics, security and support providers may process limited data for the service.

Uses that need limits

CharmEngine is not for illegal content, rights abuse, unsafe likeness use, unsupported regulated claims, high-risk decisions without review, or misleading output that removes needed human judgement.

Issue handling

Security, privacy, supplier, AI safety, generation quality, token-billing and platform issues are reviewed and handled through the right support or legal path.

High-risk gating

High-risk, regulated, medical, legal, financial, employment, education, biometric, child-safety, or public-service use is not switched on by default and needs separate review.

Review date

Last reviewed 8 May 2026. Next scheduled review is quarterly, or sooner after a major feature, provider, law, or incident change.

GDPR and data rights

Data requests and AI safeguards stay connected.

Use the form below if you want to see, delete, export, correct, restrict, object to, or withdraw consent for your data. We check the request, send it to the right team, confirm by email, and make sure a person reviews it.

Data request handling

ICO guidance says organisations should answer subject access requests without undue delay and within one month. CharmEngine tracks that timing from the point your request is verified.

ICO SAR guidance

DPIA review

New personal-data processing is screened for risk. Higher-risk changes need a data protection impact review before launch, including purpose, data, people affected, suppliers, security, retention, and user rights.

ICO DPIA guidance
Vendors and suppliers

Third-party processing is declared and reviewed.

CharmEngine may use approved providers for AI models, media generation, cloud hosting, databases, object storage, email, payments, analytics, support, security, and content delivery. We review purpose, data access, retention, location, contracts, and operational risk.

Supplier documents

Request or review supplier, security, and data-processing paperwork.

Privacy policy

See what data is collected, why it is used, and how long it may be kept.

Ask about a supplier

Use the legal enquiry form if you need vendor details for procurement, legal or data-protection review.
Version history

Public policy versions.

Public pages keep the customer wording clear. Detailed review records are kept separately for support, security, vendor, and compliance questions.

12 May 2026 - v2026.05.12

Humanised the policy wording, removed internal process references, refreshed supplier links, and added downloadable public AI impact summaries.

8 May 2026 - v2026.05.08

Added EU AI Act position, fuller public impact assessment, high-risk review wording, GDPR/DPIA summary, vendor disclosure, version history, and clearer public links.

7 May 2026 - v2026.05.07

Updated legal forms, policy links, Charm Token rules, Discord bot agreement links, and customer-readable wording.

PrivacyGDPRSupplier documentsAccount + token rulesDiscord bot agreementData requestLegal enquiry
Data subject request

Request your data, correction, restriction, portability, or erasure.

For BondOS, use the BondOS legal page at bondos.uk/policies. If you are not sure where your issue belongs, choose “Unsure/Other” and we will send it to the right team.

Legal enquiry

Ask about policies, suppliers, AI use, Discord bot terms, or Charm Token rules.