Privacy Policy

1. Data We Collect

We collect the following categories of personal data:

• Account Information. Your name and email address, collected when you register an account via Supabase Auth.
• Vehicle Information. Vehicle Registration Marks (VRMs) and any nicknames you assign to tracked vehicles. We also store vehicle specification data retrieved from the DVLA VES API (make, colour, year of manufacture).
• Payment Information. We use Stripe to process payments securely. We do not store credit or debit card numbers, CVV codes, or full card details on our servers. Stripe is the data controller for your payment card information. See Stripe’s Privacy Policy.
• Technical Data. IP addresses, browser type, and usage logs collected for security, fraud prevention, and service performance purposes. We do not use this data for advertising.
• Notification Preferences. Your chosen alert settings per vehicle (e.g. MOT expiry, listing detection).

2. Legal Basis for Processing

We process your personal data on the following legal bases under UK GDPR:

• Contract performance: to provide the vehicle monitoring service you have subscribed to.
• Legitimate interests: to maintain service security, prevent fraud, and improve the service.
• Legal obligation: where we are required to process data to comply with applicable law.

3. How We Use Your Data

• To provide vehicle monitoring, scan marketplaces, and send alert emails when a vehicle match is detected.
• To manage your subscription, process renewals, and handle billing via Stripe.
• To send transactional emails (alerts, subscription confirmations) via Resend. We do not send marketing emails without your explicit consent.
• To detect and prevent fraud, abuse, and misuse of the service.

4. Third-Party Data Processors

We share data only with carefully selected third-party processors necessary to operate the service. All processors are bound by appropriate data processing agreements.

SCCs = Standard Contractual Clauses, providing appropriate safeguards for transfers outside the UK/EEA under UK GDPR Article 46.

5. Data Retention

• Active subscriptions. We retain all vehicle tracking data, scan history, and alert logs for the duration of your active subscription.
• After cancellation. If your subscription expires and is not renewed, we will retain your data for up to 12 months to allow reactivation. After this period, vehicle tracking data may be permanently deleted.
• Financial records. We are required by law to retain certain billing and transaction records for up to 7 years for tax and accounting purposes.

6. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Right of access. You may request a copy of all personal data we hold about you.
• Right to rectification. You may request correction of inaccurate or incomplete data.
• Right to erasure. You may request the deletion of your account and all associated vehicle data, subject to our legal retention obligations.
• Right to data portability. You may request your data in a structured, machine-readable format.
• Right to object. You may object to processing based on legitimate interests, and withdraw consent for marketing communications at any time.
• Right to complain. You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data has been handled unlawfully.

To exercise any of these rights, contact us at hello@previouskeeper.com. We will respond within 30 days.

7. Cookies

We use only functional cookies strictly necessary to keep you logged in (session cookies managed by Supabase Auth). We do not use advertising, analytics, or tracking cookies. No cookie consent banner is shown because no non-essential cookies are set.

8. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include encrypted data storage, HTTPS-only connections, and row-level security policies on our database. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a notice within the service. Continued use after notification constitutes acceptance of the updated policy.