Privacy Policy

CarVerify Ltd is the data controller responsible for your personal data. If you have questions about how we handle your data, contact our Data Protection Officer at [email protected].

We may collect the following personal data:

• Identity data — name, email address.
• Transaction data — payment details (processed securely by our payment provider; we do not store card numbers), purchase history, report records.
• Technical data — IP address, browser type and version, device information, operating system, time zone, and general location data.
• Usage data — pages visited, vehicle registration marks searched, features used, and interaction patterns.
• Communication data — messages you send via our contact form or email.

We use your personal data for the following purposes and lawful bases:

• To provide our services (contract) — generating reports, processing payments, managing subscriptions.
• To communicate with you (contract/legitimate interest) — sending reports, responding to enquiries, service notifications.
• To improve our services (legitimate interest) — analysing usage patterns, fixing bugs, developing new features.
• To comply with legal obligations (legal obligation) — tax records, fraud prevention, responding to lawful requests from authorities.
• To send marketing communications (consent) — promotional emails and offers. You can opt out at any time.

We do not sell your personal data. We may share data with:

• Payment processors — to process transactions securely.
• Data providers — to fulfil vehicle history checks (e.g., DVLA, Experian). Only the vehicle registration mark is shared; no personal data.
• Analytics providers — anonymised/aggregated data to help us improve our services.
• Legal authorities — where required by law or to protect our legal rights.

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Account data — retained while your account is active, then deleted within 12 months of account closure.
• Transaction records — retained for 7 years to comply with HMRC requirements.
• Report data — retained for 12 months from the date of generation to support the Data Guarantee.
• Marketing preferences — retained until you withdraw consent.

Under the UK GDPR, you have the following rights:

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — request correction of inaccurate or incomplete data.
• Right to erasure — request deletion of your personal data ("right to be forgotten").
• Right to restrict processing — request that we limit how we use your data.
• Right to data portability — receive your data in a structured, commonly used format.
• Right to object — object to processing based on legitimate interests or direct marketing.
• Right to withdraw consent — where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, email [email protected]. We will respond within 30 days.

We implement appropriate technical and organisational measures to protect your personal data, including:

• SSL/TLS encryption for all data in transit.
• Encrypted storage for sensitive data at rest.
• Access controls limiting data access to authorised personnel only.
• Regular security audits and vulnerability assessments.

Your data is primarily stored and processed within the UK and European Economic Area. Where data is transferred outside these regions, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

Our services are not directed at individuals under 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately.

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Telephone: 0303 123 1113

We would appreciate the chance to address your concerns first — please contact us at [email protected] before escalating to the ICO.

We may update this Privacy Policy from time to time. Material changes will be communicated via our website or by email. We encourage you to review this page periodically.

For any privacy-related enquiries:

Data Protection Officer: [email protected]
General support: [email protected]

Or use our contact page.