Privacy Policy

Last updated: 05/05/2026

This Privacy Policy explains how Autodue Ltd ("we", "us", or "our") collects, uses, and protects your personal information when you use our website and services. We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Autodue Ltd is registered with the UK Information Commissioner's Office (ICO) as a data controller under registration number ZC136310.

1. Information We Collect

Account Information: Name, email address, password.
Phone Number (Optional): Mobile phone number for SMS alerts and occasional short calls about your experience using Autodue.
Vehicle Information: Registration number, make, model, year, colour, tax/MOT status, insurance details, service schedules, and related deadlines.
Mileage Records: Odometer readings recorded manually by you, or automatically captured from MOT history, service logs, walkaround checks, or expense entries. Each reading includes the mileage figure, date, and source.
Service History: Records of vehicle servicing including service date, type (full, interim, major, minor), garage name, cost, mileage at service, parts replaced, and any notes. Attached receipts or invoices (photos/PDFs) are stored alongside the record.
Service Schedules: Your configured service intervals (by time and/or mileage), target mileage, and next service date for each vehicle.
Expense Records: Vehicle-related expenses including category (fuel, service, repair, insurance, tax, MOT, parking, tolls, cleaning, tyres, parts, breakdown cover, finance, or other), amount, date, vendor name, description, and mileage at the time of expense. Attached receipts (photos/PDFs) are stored alongside the record.
Insurance Information: Motor insurance details including provider name, policy number, start and expiry dates, cover type, and premium amount. This data is entered by you or extracted from uploaded insurance documents.
Vehicle Inspection Records: Walkaround check results including pass/fail status for each inspection item, timestamps, notes, and photos of any issues identified.
Location Data: GPS coordinates captured during vehicle walkaround checks to verify where inspections are performed.
Defect Reports: Details of vehicle defects including descriptions, severity, photos, resolution notes, comments, resolution costs, and assignment information.
Activity Logs: Audit trail of actions taken on defects, including who made changes, what was changed, and when.
Uploaded Files: Photos, PDFs, and other documents uploaded during inspections, defect reporting, service logging, or expense tracking. We store the original file along with metadata (filename, file size, and file type).
Uploaded Documents (AI Scanning): Photos and PDFs of vehicle-related documents (such as service invoices, fuel receipts, insurance certificates, and warranty documents) that you choose to scan using our document extraction feature.
Usage Data: Log data, IP address, browser type, device information, and cookies.
Device Information: Device tokens for push notifications, device model, OS version.
Payment & Billing Information: Subscription status, billing history, and invoice records. We do not store your full credit card numbers or payment credentials - these are handled securely by our payment processors (see Section 4).
Communications: Any messages or support requests you send us.
Internal Notes: Notes recorded by Autodue staff about your account, support history, or feedback you share with us. These are visible only to Autodue staff and are not shared with third parties, except as set out in Section 4 (e.g. where required by law).

2. How We Use Your Information

To provide and maintain our services, including tracking vehicle deadlines and compliance.
To contact the DVLA and other official sources to retrieve vehicle information on your behalf.
To send you email reminders about upcoming deadlines (MOT, tax, service, insurance, and other scheduled reminders).
Mileage Tracking: To record and display odometer readings over time, whether entered manually by you or captured automatically from MOT test history, service records, walkaround checks, or expense entries.
Service History & Scheduling: To maintain a history of vehicle servicing, calculate when the next service is due based on your configured intervals (time and/or mileage), and send reminders when a service is approaching.
Expense Tracking: To record and categorise vehicle-related costs, provide spending summaries, and attach receipts to expense records for your reference.
Insurance Tracking: To store your motor insurance details, track policy expiry dates, and send reminders before your insurance is due for renewal.
Vehicle Inspections: To record and track walkaround check results for compliance and safety purposes.
Location Verification: To verify where vehicle inspections are performed, supporting compliance and audit requirements.
Defect Management: To track and manage vehicle defects from reporting through to resolution.
Audit & Compliance: To maintain activity logs for accountability and compliance purposes.
Document Scanning (AI-Powered): When you use our document scan feature, your uploaded document is sent securely to our AI provider (Anthropic) which extracts structured data such as dates, costs, and service details. The extracted data is presented to you for review and editing before anything is saved. We do not use your documents to train AI models.
Fraud Prevention: To detect potentially invalid inspections (e.g., checks completed unusually quickly).
SMS Alerts (Optional): If you provide your phone number, we send SMS alerts for imminent or overdue deadlines. This is optional and you can remove your phone number at any time.
Service Feedback Calls (Optional): We may occasionally call you for a short conversation about how Autodue is working for you and how we could improve. These are not sales calls, and we will not share your number with third parties for marketing. You can ask us not to call at any time and we will record the request and stop.
Push Notifications: To send you push notifications on your mobile device about deadlines and important updates.
To communicate with you about your account, deadlines, and updates.
To improve our services, website, and user experience through analytics.
To monitor and improve app stability and performance.
Customer Support & Internal Notes: To record notes about your account, support history, and feedback so we can give you better support and improve the service.
To comply with legal obligations.

3. Legal Basis for Processing

Contract: Processing is necessary to provide our services to you.
Consent: Where you have given explicit consent (e.g., for marketing communications).
Legal Obligation: To comply with applicable laws and regulations.
Legitimate Interests: For analytics, service improvement, and fraud prevention.

4. How We Share Your Information

DVLA: We share your vehicle registration number with the UK DVLA to retrieve MOT status, tax status, and MOT test history (including mileage readings recorded at each MOT test).
Google Analytics (Web): We use Google Analytics via Google Tag Manager on our website to understand how visitors use our site. Analytics cookies are only set after you give consent. We use Consent Mode v2 to ensure no tracking data is collected before consent is given. Google Privacy Policy
Google Firebase (Mobile App): We use Firebase for analytics, crash reporting, and push notifications in our mobile app. Firebase may collect device information, usage data, and crash logs. Analytics is disabled by default and only enabled after you give consent. Firebase Privacy Policy
Facebook (Meta) - Joint Controller: We use Facebook Pixel on our website and the Facebook SDK / Facebook App Events in our mobile app to measure the effectiveness of our advertising. For the data collected through these tools, Autodue and Meta Platforms Ireland Ltd act as joint controllers under Article 26 UK/EU GDPR (as established by the Court of Justice of the European Union in Wirtschaftsakademie Schleswig-Holstein (C-210/16) and Fashion ID (C-40/17)). The allocation of data-protection responsibilities between us is governed by Meta's Controller Addendum. These tools are only active after you give consent via our cookie banner (web) or the in-app analytics toggle (mobile). Meta Privacy Policy
Hosting Provider: Our hosting provider stores your data securely.
Email Service: We use an email service provider to send reminders and notifications.
SMS Provider (if applicable): If you opt-in for SMS alerts, your phone number is shared with our SMS gateway provider.
Payment Processors: Subscription payments are processed by:
- Apple (App Store): For iOS in-app purchases. Apple Privacy Policy
- Stripe: For Android and web payments. Stripe is PCI DSS Level 1 certified. Stripe Privacy Policy
We receive confirmation of successful payments and subscription status, but we do not have access to your full card details.
Anthropic (AI Processing): When you use our document scan feature, your uploaded document image or PDF is sent to Anthropic's API for data extraction. Anthropic processes the document in real time and does not retain your data after processing or use it for model training. Anthropic Privacy Policy
BookMyGarage (via Awin): When you use the "Book MOT" feature in our app, your vehicle registration number and postcode are passed to BookMyGarage to display local garage prices and availability. This redirect goes through Awin, an affiliate network, which means Autodue may earn a commission if you complete a booking. This does not affect the prices you see. BookMyGarage Privacy Policy · Awin Privacy Policy
With law enforcement or regulators if required by law.
We do not sell your personal data to third parties for marketing purposes.

4a. Third-Party Services in Detail

Google Analytics (Website)

Google Tag Manager + Google Analytics: Tracks page views, navigation patterns, and feature usage on our website.
Consent Mode v2: All tracking is denied by default. Cookies are only set after you give explicit consent via our cookie banner.
What is collected: Page views, click events, browser type, device information. No personally identifiable information.
Legal Basis: Consent (analytics cookies require your opt-in).
Data Retention: Configured according to our Google Analytics settings (default 14 months).

Google Firebase (Mobile App)

Firebase Analytics: Tracks app usage and user behaviour to help us improve the app. Disabled by default and only enabled after you give consent.
Firebase Crashlytics: Monitors app crashes and errors to ensure stability.
Firebase Cloud Messaging (FCM): Sends push notifications to your device.
Legal Basis: Consent for analytics; legitimate interest for crash reporting and push notifications.
Data Retention: Firebase retains data according to their privacy policy (typically 60-90 days for crash logs).

Facebook (Meta) - Joint Controller

Facebook Pixel (Website): Measures the effectiveness of our advertising campaigns by tracking conversions from Facebook ads.
Facebook SDK / App Events (Mobile App): The Facebook SDK in our iOS and Android apps records in-app events (e.g. registration, subscription) for advertising measurement. Disabled by default and only enabled after you give consent via the in-app analytics toggle.
Joint controllership: For the personal data collected through the Facebook Pixel and the in-app Facebook SDK, Autodue and Meta Platforms Ireland Ltd are joint controllers within the meaning of Article 26 UK/EU GDPR. This follows the rulings of the Court of Justice of the European Union in Wirtschaftsakademie Schleswig-Holstein (Case C-210/16) and Fashion ID (Case C-40/17), which established that an operator that integrates Meta's tracking technologies determines, jointly with Meta, the means and purposes of the data collection and transmission. The respective responsibilities of Autodue and Meta are set out in Meta's Controller Addendum, which forms part of the Meta Business Tools Terms.
What is collected: Hashed identifiers (such as email and phone number), event names and parameters, IP address, device and browser information, and Meta-specific identifiers (e.g. _fbp, _fbc on web; mobile advertising IDs where authorised on mobile). No passwords or sensitive personal data.
Legal basis: Your explicit consent under Article 6(1)(a) UK/EU GDPR. Consent is obtained via our cookie banner on the website and the in-app analytics toggle in the mobile app, and you can withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
Apple App Tracking Transparency (ATT) is not GDPR consent. The ATT prompt shown on iOS is an Apple operating-system permission that controls Meta's access to the device-level advertising identifier (IDFA). It is not a lawful basis for processing under UK/EU GDPR. We therefore ask separately for your in-app analytics consent, which controls whether the Facebook SDK is initialised and whether any events are sent to Meta. Declining ATT, declining our in-app consent, or both are all valid choices and we honour each independently.
International transfers: Meta is established in Ireland but transfers personal data to Meta Platforms, Inc. in the United States. See Section 5 below for the safeguards that apply to those transfers.
Withdrawing consent: You can withdraw consent on the web by re-opening the cookie banner and selecting "Reject", and in the mobile app via Settings → Privacy → Usage Analytics. Withdrawing consent stops further data being sent to Meta; data already transmitted is governed by Meta's Controller Addendum and Meta's Privacy Policy.

Anthropic (AI Document Processing)

Anthropic Claude API: Processes uploaded documents to extract structured data (dates, costs, descriptions, etc.).
What is sent: Only the document image or PDF you choose to scan. No other personal data is included in the request.
Data retention by Anthropic: Anthropic does not retain your inputs or outputs after processing when using their API. Your documents are not used to train their models.
Legal Basis: Contract performance (providing the document scan feature you have chosen to use).

BookMyGarage (MOT Booking via Awin)

Purpose: When you tap "Book MOT", we redirect you to BookMyGarage to compare local garage prices for your MOT test.
What is shared: Your vehicle registration number and the postcode you enter. No other personal data is sent.
Affiliate relationship: The link passes through Awin, an affiliate tracking network. Autodue may receive a commission if you complete a booking. This does not affect the price you pay.
Local storage: Your last-used postcode is saved on your device only (not sent to our servers) so it can be pre-filled next time for convenience.
Legal Basis: Contract performance (providing the MOT booking feature you have chosen to use).

5. International Data Transfers

If we transfer your data outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

For transfers of personal data to Meta Platforms, Inc. in the United States in connection with the Facebook Pixel and the Facebook SDK / App Events, we rely on the UK Extension to the EU-US Data Privacy Framework (in force in the UK from 12 October 2023 under SI 2023/1028) where Meta is self-certified, and on the UK International Data Transfer Addendum to the European Commission's Standard Contractual Clauses as a fallback. Meta's current DPF self-certification status can be verified at facebook.com/privacy/policies/data_privacy_framework.

6. Data Retention

We retain your data for the following periods:

Account Information: Until you delete your account, plus 90 days (soft delete period).
Vehicle Data: Until you remove the vehicle or delete your account.
Mileage Records: Retained for the lifetime of the vehicle record. Deleted when the vehicle is removed or account is deleted.
Service History & Schedules: Service logs and configured service schedules are retained for the lifetime of the vehicle record. Deleted when the vehicle is removed or account is deleted.
Expense Records: Retained for the lifetime of the vehicle record. Deleted when the vehicle is removed or account is deleted.
Insurance Information: Retained for the lifetime of the vehicle record. Deleted when the vehicle is removed or account is deleted.
Vehicle Inspections & Defects: Retained for the lifetime of the vehicle record for compliance and audit purposes. Deleted when the vehicle is removed or account is deleted.
Uploaded Photos & Documents: Retained alongside the record they are attached to (inspection, service log, expense, etc.). Deleted when the associated vehicle or account is deleted.
Location Data: Stored as part of inspection records and retained for the same period.
Activity Logs: Retained alongside defect records for compliance and audit purposes.
Email Notifications: Logs retained for 90 days.
SMS Logs: Retained for 90 days.
Billing & Invoice Records: Retained for 7 years after the transaction date, as required by UK tax and accounting regulations (HMRC).
Scanned Documents: The original uploaded document is retained as an attachment to the created record (service log, expense, etc.) for the lifetime of that record. Extracted data from AI processing is retained only until you confirm or discard the extraction (typically minutes). Anthropic does not retain your documents after processing.
Analytics & Crash Data: Automatically deleted after 60-90 days (controlled by Firebase).
Backups: Deleted after 30 days.
After Account Deletion: Your data is soft-deleted immediately and permanently purged after 90 days. You may request account recovery within the first 30 days by contacting support.

If you need your data deleted sooner, please contact us at [email protected].

7. Your Rights

Access your data
Rectify inaccurate data
Erase your data ("right to be forgotten")
Restrict or object to processing
Data portability
Withdraw consent at any time (where applicable)

To exercise your rights, contact us at [email protected].

8. Cookies

We use cookies and similar technologies for the following purposes:

Essential Cookies: Session management, authentication, CSRF protection (cannot be disabled).
Analytics Cookies: Usage statistics via Google Analytics (requires your consent via cookie banner).
Advertising Cookies: Facebook Pixel for advertising measurement (requires your consent via cookie banner). Autodue and Meta act as joint controllers for this processing - see Section 4a.
Preference Cookies: Appearance mode and similar settings (stored locally in your browser).

You can manage your cookie preferences using the cookie consent banner on our website. For more details, see our Cookie Policy.

9. Security

We implement appropriate technical and organisational measures to protect your data. However, no system is completely secure, and we cannot guarantee absolute security.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through our website.

11. Contact Us

If you have any questions or concerns about this Privacy Policy or your data, please contact us at [email protected].

12. Complaints

If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner's Office (ICO): https://ico.org.uk/make-a-complaint/