Audit data handling — KDP Readiness Score, Ad Conversion, AI Discovery

15 May 2026 5 min read Updated 15 May 2026

This page is the technical detail of how we handle files and inputs you submit through our free audit tools. The summary version is in our Privacy Policy section 4.5. This page is what your publisher's legal team or your literary agent will want to read.

Effective date: 15 May 2026 · Last updated: 15 May 2026

1. Where your file goes

When you upload a manuscript PDF to the KDP Readiness Score:

  1. Your browser sends the file over HTTPS (TLS 1.3 minimum) to publishing.co.uk — resolved to a UK-based virtual private server in London.
  2. Our front-end web server (nginx) passes the upload to our Flask audit API on localhost:5000. The file does not leave the server during this hop.
  3. The Flask API validates the upload: file type via magic-byte inspection (%PDF- header), size (max 200MB), email format, consent checkbox.
  4. The file is scanned by an independent ClamAV daemon (running in a separate Docker container on the same server). If ClamAV flags the file as malicious, the file is deleted immediately and a 422 response is returned. No further processing happens.
  5. If the scan passes, the file is written to a dedicated Docker volume (backend-audit-uploads) under filename <UUID>-<32-char-random>.pdf with file mode 0600 (read/write by the audit worker user only — no group access, no other access).
  6. A background worker (a Python thread inside the Flask process) picks up the queued job, runs the audit engine (quality_audit_v2.py) against the file, and generates a PDF report.
  7. The PDF report is written to a separate Docker volume (backend-audit-reports) under a signed UUID, mode 0600.
  8. An email is sent via Resend (our transactional email provider) with a signed result link. The email contains the score and a link — never an excerpt of your file.

2. What touches what

DataWhere it goesWhere it does NOT go
Uploaded manuscriptOur UK VPS onlyResend, OpenAI, Anthropic, Google, Cohere, any CDN, Google Analytics, our blog/CMS
Email addressBackend SQLite (audit_uploads + subscribers tables) and Resend (for delivery only)Sold, shared with marketing partners, or synced to third-party marketing tools
Score + rule outcomesPDF report (emailed) + backend SQLite (anonymised aggregates)Not associated with file content beyond the rule outcome
IP addressBackend access log (rotated 30 days)Not retained beyond the rate-limit window
File metadata (size, type, page count)Backend SQLite

3. Auto-deletion

A cron job at /etc/cron.hourly/audit-cleanup runs every hour and deletes any file in audit-uploads or audit-reports older than 24 hours. The deletion is logged to /var/log/audit-cleanup.log with:

  • Timestamp (UTC)
  • File type (uploads or reports)
  • File size in bytes
  • File SHA-256 hash

The filename itself is not logged, and the file content is not logged. This gives us an audit trail that can prove a specific file was deleted at a specific time, without exposing any content reference after deletion.

The matching database row (in the audit_uploads table) is updated to status = 'deleted' with the deletion timestamp.

4. What the audit engine is and is not

The audit engine is a Python program (quality_audit_v2.py) running locally on our VPS. It uses standard PDF-processing libraries (pypdf, pdfplumber) to inspect the structure of your file. It does not:

  • Import or call any LLM SDK (OpenAI, Anthropic, Google, Cohere, etc.)
  • Make any outbound HTTPS request with file content
  • Read file content into any log line (only metadata + SHA-256 hash)
  • Include any excerpt of the manuscript in the report PDF or the email

A test suite (tests/test_audit_security_invariants.py) enforces these rules on every code change. The test suite fails the build if any of the above is violated.

5. The report we email you

The report PDF is generated using reportlab and contains:

  • Your overall score (e.g. "87/100")
  • The grade label (PASS / REVIEW / FAIL)
  • File stats: page count, trim size, file size (none of these expose content)
  • A list of detected issues with their severity, the rule that flagged them, and the recommended fix
  • Our footer with mailto and a link to our paid formatting service

The report does not contain any text or images extracted from your manuscript.

The link we email you (e.g. https://publishing.co.uk/audit/result/<token>) uses a signed token generated by Python's itsdangerous library, with HMAC-SHA-256 signing keyed by a server-side secret. The token includes the audit ID and an expiry timestamp (30 days by default). Anyone with the link can view the report; the link is not guessable without the server secret. Tokens cannot be forged.

If you forward the link, the recipient sees the same report. If you want a tighter access model, contact us and we'll switch the audit to a one-time download link.

7. NDA path for high-profile or contractually-restricted manuscripts

If you have a manuscript that requires a Non-Disclosure Agreement before processing — for example, a contractually-restricted ghostwritten book, an anonymous publication, or a high-profile pre-launch — email hello@publishing.co.uk with subject "NDA request — KDP Readiness Score". We will counter-sign a standard mutual NDA (UK law, 5-year term) before you upload anything. There is no fee for this; we want your business and we know what trust costs.

8. Your rights under UK GDPR (specific to audit files)

In addition to the general rights in our Privacy Policy section 6:

  • Right to deletion-log access: Email hello@publishing.co.uk with the email address you used. Within 30 days we return the deletion-log entries (timestamp, size, SHA-256) for every audit you have submitted, which proves the file was deleted.
  • Right to right-now deletion: Email us with your email address and a request to delete your audit within the 24h window. We will action this manually within 24h.
  • Right to export: Email us and we will return your audit history (scores, rule outcomes, file metadata) as JSON. No content of the manuscript is retained for this export.

9. Sub-processors involved in the audit flow

See our sub-processor list for the current set. As of 15 May 2026:

  • Resend (email delivery): The result email passes through Resend. The email body contains your score + grade + a link — never an excerpt of your file.
  • Hostinger (VPS hosting): Our VPS is provided by Hostinger. Files are stored on a London-based datacentre disk.
  • ClamAV (open source, runs on our VPS): Independent malware scan. Not a sub-processor in the GDPR sense — it runs locally.

We do not use any third-party AI service for the audit pipeline.

10. Breach response

If we suspect a security breach involving uploaded files, we will:

  1. Escalate to Robert Prime (CEO, data controller) within 2 hours of detection.
  2. If confirmed and likely to result in risk to rights and freedoms, notify the UK Information Commissioner's Office (ICO) within 72 hours via report.ico.org.uk.
  3. Notify all affected users (by email, using the addresses they submitted) within 7 days.
  4. Publish a post-incident summary on this page within 30 days.

11. ICO registration

publishing.co.uk is registered with the UK Information Commissioner's Office as a data controller. Registration number available on request from hello@publishing.co.uk.

12. Contact

For any of the above:

  • Email: hello@publishing.co.uk — fastest response, usually within 24 hours
  • NDA-required uploads: email with subject "NDA request — KDP Readiness Score"
  • Complaints: ICO — 0303 123 1113
Free · 60 seconds · No payment

Don't risk a KDP rejection — score your file first.

Drop your DOCX, PDF or EPUB and we run the same 30+ checks Amazon does — margins, gutter, image DPI, font embedding, ToC, blank pages, ISBN match, bleed — and score it /100 with the exact rejection risks flagged.

Score my file →
Robert Prime

Robert Prime

Robert Prime is a best-selling self-published author, veteran eCommerce strategist, and the founder of publishing.co.uk.

Robert Prime — Founder of publishing.co.uk

About the Author

Robert Prime

Robert Prime is a best-selling self-published author, veteran eCommerce strategist, and the founder of publishing.co.uk. With over 25 years of experience in digital business he brings a battle-tested perspective to the publishing industry. After experiencing firsthand the archaic, headache-inducing process of formatting a KDP-compliant book for his own best-seller, Google. Panic. Repeat., Robert built publishing.co.uk to solve the problem for other authors. He is also a co-owner of the LoveReading.co.uk network (the UK's leading book discovery platforms), founder of the Amazon growth agency MrPrime.com, and a member of the Forbes Business Council.

Reading about KDP? Score your file free in 60 seconds. Score my file →