Privacy Policy

Last updated: 28/12/2025

This Privacy Policy explains how Autodue ("we", "us", or "our") collects, uses, and protects your personal information when you use our website and services. We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Information We Collect

Account Information: Name, email address, password.
Phone Number (Optional): Mobile phone number for SMS alerts.
Vehicle Information: Registration number, make, model, year, colour, tax/MOT status, and related deadlines.
Vehicle Inspection Records: Walkaround check results including pass/fail status for each inspection item, timestamps, notes, and photos of any issues identified.
Location Data: GPS coordinates captured during vehicle walkaround checks to verify where inspections are performed.
Defect Reports: Details of vehicle defects including descriptions, severity, photos, resolution notes, comments, resolution costs, and assignment information.
Activity Logs: Audit trail of actions taken on defects, including who made changes, what was changed, and when.
Uploaded File Metadata: Original filename, file size, and file type for photos uploaded during inspections or defect reporting.
Usage Data: Log data, IP address, browser type, device information, and cookies.
Device Information: Device tokens for push notifications, device model, OS version.
Payment & Billing Information: Subscription status, billing history, and invoice records. We do not store your full credit card numbers or payment credentials - these are handled securely by our payment processors (see Section 4).
Communications: Any messages or support requests you send us.

2. How We Use Your Information

To provide and maintain our services, including tracking vehicle deadlines and compliance.
To contact the DVLA and other official sources to retrieve vehicle information on your behalf.
To send you email reminders about upcoming deadlines.
Vehicle Inspections: To record and track walkaround check results for compliance and safety purposes.
Location Verification: To verify where vehicle inspections are performed, supporting compliance and audit requirements.
Defect Management: To track and manage vehicle defects from reporting through to resolution.
Audit & Compliance: To maintain activity logs for accountability and compliance purposes.
Fraud Prevention: To detect potentially invalid inspections (e.g., checks completed unusually quickly).
SMS Alerts (Optional): If you provide your phone number, we send emergency SMS alerts for imminent or overdue deadlines. This is optional and you can remove your phone number at any time.
Push Notifications: To send you push notifications on your mobile device about deadlines and important updates.
To communicate with you about your account, deadlines, and updates.
To improve our services, website, and user experience through analytics.
To monitor and improve app stability and performance.
To comply with legal obligations.

3. Legal Basis for Processing

Contract: Processing is necessary to provide our services to you.
Consent: Where you have given explicit consent (e.g., for marketing communications).
Legal Obligation: To comply with applicable laws and regulations.
Legitimate Interests: For analytics, service improvement, and fraud prevention.

4. How We Share Your Information

DVLA: We share your vehicle registration number with the UK DVLA to retrieve MOT and tax information.
Google Firebase: We use Firebase for analytics, crash reporting, and push notifications. Firebase may collect device information, usage data, and crash logs. Firebase is GDPR-compliant. Firebase Privacy Policy
Hosting Provider: Our hosting provider stores your data securely.
Email Service: We use an email service provider to send reminders and notifications.
SMS Provider (if applicable): If you opt-in for SMS alerts, your phone number is shared with our SMS gateway provider.
Payment Processors: Subscription payments are processed by:
- Apple (App Store): For iOS in-app purchases. Apple Privacy Policy
- Stripe: For Android and web payments. Stripe is PCI DSS Level 1 certified. Stripe Privacy Policy
We receive confirmation of successful payments and subscription status, but we do not have access to your full card details.
With law enforcement or regulators if required by law.
We do not sell your personal data to third parties for marketing purposes.

4a. Third-Party Services in Detail

Google Firebase

Firebase Analytics: Tracks app usage and user behavior to help us improve the app.
Firebase Crashlytics: Monitors app crashes and errors to ensure stability.
Firebase Cloud Messaging (FCM): Sends push notifications to your device.
Legal Basis: Legitimate interest (app improvement and functionality).
Data Retention: Firebase retains data according to their privacy policy (typically 60-90 days for crash logs).

5. International Data Transfers

If we transfer your data outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

6. Data Retention

We retain your data for the following periods:

Account Information: Until you delete your account, plus 90 days (soft delete period).
Vehicle Data: Until you remove the vehicle or delete your account.
Vehicle Inspections & Defects: Retained for the lifetime of the vehicle record for compliance and audit purposes. Deleted when the vehicle is removed or account is deleted.
Inspection Photos: Retained alongside inspection records. Deleted when the associated vehicle or account is deleted.
Location Data: Stored as part of inspection records and retained for the same period.
Activity Logs: Retained alongside defect records for compliance and audit purposes.
Email Notifications: Logs retained for 90 days.
SMS Logs: Retained for 90 days.
Billing & Invoice Records: Retained for 7 years after the transaction date, as required by UK tax and accounting regulations (HMRC).
Analytics & Crash Data: Automatically deleted after 60-90 days (controlled by Firebase).
Backups: Deleted after 30 days.
After Account Deletion: Your data is soft-deleted immediately and permanently purged after 90 days. You may request account recovery within the first 30 days by contacting support.

If you need your data deleted sooner, please contact us at [email protected].

7. Your Rights

Access your data
Rectify inaccurate data
Erase your data ("right to be forgotten")
Restrict or object to processing
Data portability
Withdraw consent at any time (where applicable)

To exercise your rights, contact us at [email protected].

8. Cookies

We use cookies and similar technologies for the following purposes:

Essential Cookies: Session management, authentication, CSRF protection (cannot be disabled).
Analytics Cookies: Usage statistics via Firebase Analytics (requires your consent via cookie banner).
Preference Cookies: Dark mode, language settings (stored locally in your browser).

You can manage your cookie preferences using the cookie consent banner on our website. For more details, see our Cookie Policy.

9. Security

We implement appropriate technical and organisational measures to protect your data. However, no system is completely secure, and we cannot guarantee absolute security.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through our website.

11. Contact Us

If you have any questions or concerns about this Privacy Policy or your data, please contact us at [email protected].

12. Complaints

If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner's Office (ICO): https://ico.org.uk/make-a-complaint/