Privacy Policy

Last updated: 23/02/2026

This Privacy Policy explains how Autodue ("we", "us", or "our") collects, uses, and protects your personal information when you use our website and services. We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Information We Collect

Account Information: Name, email address, password.
Phone Number (Optional): Mobile phone number for SMS alerts.
Vehicle Information: Registration number, make, model, year, colour, tax/MOT status, insurance details, service schedules, and related deadlines.
Mileage Records: Odometer readings recorded manually by you, or automatically captured from MOT history, service logs, walkaround checks, or expense entries. Each reading includes the mileage figure, date, and source.
Service History: Records of vehicle servicing including service date, type (full, interim, major, minor), garage name, cost, mileage at service, parts replaced, and any notes. Attached receipts or invoices (photos/PDFs) are stored alongside the record.
Service Schedules: Your configured service intervals (by time and/or mileage), target mileage, and next service date for each vehicle.
Expense Records: Vehicle-related expenses including category (fuel, service, repair, insurance, tax, MOT, parking, tolls, cleaning, tyres, parts, breakdown cover, finance, or other), amount, date, vendor name, description, and mileage at the time of expense. Attached receipts (photos/PDFs) are stored alongside the record.
Insurance Information: Motor insurance details including provider name, policy number, start and expiry dates, cover type, and premium amount. This data is entered by you or extracted from uploaded insurance documents.
Vehicle Inspection Records: Walkaround check results including pass/fail status for each inspection item, timestamps, notes, and photos of any issues identified.
Location Data: GPS coordinates captured during vehicle walkaround checks to verify where inspections are performed.
Defect Reports: Details of vehicle defects including descriptions, severity, photos, resolution notes, comments, resolution costs, and assignment information.
Activity Logs: Audit trail of actions taken on defects, including who made changes, what was changed, and when.
Uploaded Files: Photos, PDFs, and other documents uploaded during inspections, defect reporting, service logging, or expense tracking. We store the original file along with metadata (filename, file size, and file type).
Uploaded Documents (AI Scanning): Photos and PDFs of vehicle-related documents (such as service invoices, fuel receipts, insurance certificates, and warranty documents) that you choose to scan using our document extraction feature.
Usage Data: Log data, IP address, browser type, device information, and cookies.
Device Information: Device tokens for push notifications, device model, OS version.
Payment & Billing Information: Subscription status, billing history, and invoice records. We do not store your full credit card numbers or payment credentials - these are handled securely by our payment processors (see Section 4).
Communications: Any messages or support requests you send us.

2. How We Use Your Information

To provide and maintain our services, including tracking vehicle deadlines and compliance.
To contact the DVLA and other official sources to retrieve vehicle information on your behalf.
To send you email reminders about upcoming deadlines (MOT, tax, service, insurance, and other scheduled reminders).
Mileage Tracking: To record and display odometer readings over time, whether entered manually by you or captured automatically from MOT test history, service records, walkaround checks, or expense entries.
Service History & Scheduling: To maintain a history of vehicle servicing, calculate when the next service is due based on your configured intervals (time and/or mileage), and send reminders when a service is approaching.
Expense Tracking: To record and categorise vehicle-related costs, provide spending summaries, and attach receipts to expense records for your reference.
Insurance Tracking: To store your motor insurance details, track policy expiry dates, and send reminders before your insurance is due for renewal.
Vehicle Inspections: To record and track walkaround check results for compliance and safety purposes.
Location Verification: To verify where vehicle inspections are performed, supporting compliance and audit requirements.
Defect Management: To track and manage vehicle defects from reporting through to resolution.
Audit & Compliance: To maintain activity logs for accountability and compliance purposes.
Document Scanning (AI-Powered): When you use our document scan feature, your uploaded document is sent securely to our AI provider (Anthropic) which extracts structured data such as dates, costs, and service details. The extracted data is presented to you for review and editing before anything is saved. We do not use your documents to train AI models.
Fraud Prevention: To detect potentially invalid inspections (e.g., checks completed unusually quickly).
SMS Alerts (Optional): If you provide your phone number, we send emergency SMS alerts for imminent or overdue deadlines. This is optional and you can remove your phone number at any time.
Push Notifications: To send you push notifications on your mobile device about deadlines and important updates.
To communicate with you about your account, deadlines, and updates.
To improve our services, website, and user experience through analytics.
To monitor and improve app stability and performance.
To comply with legal obligations.

3. Legal Basis for Processing

Contract: Processing is necessary to provide our services to you.
Consent: Where you have given explicit consent (e.g., for marketing communications).
Legal Obligation: To comply with applicable laws and regulations.
Legitimate Interests: For analytics, service improvement, and fraud prevention.

4. How We Share Your Information

DVLA: We share your vehicle registration number with the UK DVLA to retrieve MOT status, tax status, and MOT test history (including mileage readings recorded at each MOT test).
Google Firebase: We use Firebase for analytics, crash reporting, and push notifications. Firebase may collect device information, usage data, and crash logs. Firebase is GDPR-compliant. Firebase Privacy Policy
Hosting Provider: Our hosting provider stores your data securely.
Email Service: We use an email service provider to send reminders and notifications.
SMS Provider (if applicable): If you opt-in for SMS alerts, your phone number is shared with our SMS gateway provider.
Payment Processors: Subscription payments are processed by:
- Apple (App Store): For iOS in-app purchases. Apple Privacy Policy
- Stripe: For Android and web payments. Stripe is PCI DSS Level 1 certified. Stripe Privacy Policy
We receive confirmation of successful payments and subscription status, but we do not have access to your full card details.
Anthropic (AI Processing): When you use our document scan feature, your uploaded document image or PDF is sent to Anthropic's API for data extraction. Anthropic processes the document in real time and does not retain your data after processing or use it for model training. Anthropic Privacy Policy
BookMyGarage (via Awin): When you use the "Book MOT" feature in our app, your vehicle registration number and postcode are passed to BookMyGarage to display local garage prices and availability. This redirect goes through Awin, an affiliate network, which means Autodue may earn a commission if you complete a booking. This does not affect the prices you see. BookMyGarage Privacy Policy · Awin Privacy Policy
With law enforcement or regulators if required by law.
We do not sell your personal data to third parties for marketing purposes.

4a. Third-Party Services in Detail

Google Firebase

Firebase Analytics: Tracks app usage and user behavior to help us improve the app.
Firebase Crashlytics: Monitors app crashes and errors to ensure stability.
Firebase Cloud Messaging (FCM): Sends push notifications to your device.
Legal Basis: Legitimate interest (app improvement and functionality).
Data Retention: Firebase retains data according to their privacy policy (typically 60-90 days for crash logs).

Anthropic (AI Document Processing)

Anthropic Claude API: Processes uploaded documents to extract structured data (dates, costs, descriptions, etc.).
What is sent: Only the document image or PDF you choose to scan. No other personal data is included in the request.
Data retention by Anthropic: Anthropic does not retain your inputs or outputs after processing when using their API. Your documents are not used to train their models.
Legal Basis: Contract performance (providing the document scan feature you have chosen to use).

BookMyGarage (MOT Booking via Awin)

Purpose: When you tap "Book MOT", we redirect you to BookMyGarage to compare local garage prices for your MOT test.
What is shared: Your vehicle registration number and the postcode you enter. No other personal data is sent.
Affiliate relationship: The link passes through Awin, an affiliate tracking network. Autodue may receive a commission if you complete a booking. This does not affect the price you pay.
Local storage: Your last-used postcode is saved on your device only (not sent to our servers) so it can be pre-filled next time for convenience.
Legal Basis: Contract performance (providing the MOT booking feature you have chosen to use).

5. International Data Transfers

If we transfer your data outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

6. Data Retention

We retain your data for the following periods:

Account Information: Until you delete your account, plus 90 days (soft delete period).
Vehicle Data: Until you remove the vehicle or delete your account.
Mileage Records: Retained for the lifetime of the vehicle record. Deleted when the vehicle is removed or account is deleted.
Service History & Schedules: Service logs and configured service schedules are retained for the lifetime of the vehicle record. Deleted when the vehicle is removed or account is deleted.
Expense Records: Retained for the lifetime of the vehicle record. Deleted when the vehicle is removed or account is deleted.
Insurance Information: Retained for the lifetime of the vehicle record. Deleted when the vehicle is removed or account is deleted.
Vehicle Inspections & Defects: Retained for the lifetime of the vehicle record for compliance and audit purposes. Deleted when the vehicle is removed or account is deleted.
Uploaded Photos & Documents: Retained alongside the record they are attached to (inspection, service log, expense, etc.). Deleted when the associated vehicle or account is deleted.
Location Data: Stored as part of inspection records and retained for the same period.
Activity Logs: Retained alongside defect records for compliance and audit purposes.
Email Notifications: Logs retained for 90 days.
SMS Logs: Retained for 90 days.
Billing & Invoice Records: Retained for 7 years after the transaction date, as required by UK tax and accounting regulations (HMRC).
Scanned Documents: The original uploaded document is retained as an attachment to the created record (service log, expense, etc.) for the lifetime of that record. Extracted data from AI processing is retained only until you confirm or discard the extraction (typically minutes). Anthropic does not retain your documents after processing.
Analytics & Crash Data: Automatically deleted after 60-90 days (controlled by Firebase).
Backups: Deleted after 30 days.
After Account Deletion: Your data is soft-deleted immediately and permanently purged after 90 days. You may request account recovery within the first 30 days by contacting support.

If you need your data deleted sooner, please contact us at [email protected].

7. Your Rights

Access your data
Rectify inaccurate data
Erase your data ("right to be forgotten")
Restrict or object to processing
Data portability
Withdraw consent at any time (where applicable)

To exercise your rights, contact us at [email protected].

8. Cookies

We use cookies and similar technologies for the following purposes:

Essential Cookies: Session management, authentication, CSRF protection (cannot be disabled).
Analytics Cookies: Usage statistics via Firebase Analytics (requires your consent via cookie banner).
Preference Cookies: Dark mode, language settings (stored locally in your browser).

You can manage your cookie preferences using the cookie consent banner on our website. For more details, see our Cookie Policy.

9. Security

We implement appropriate technical and organisational measures to protect your data. However, no system is completely secure, and we cannot guarantee absolute security.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through our website.

11. Contact Us

If you have any questions or concerns about this Privacy Policy or your data, please contact us at [email protected].

12. Complaints

If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner's Office (ICO): https://ico.org.uk/make-a-complaint/