Privacy Policy

Garage Buddy ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and garage management software (the "Service").

By accessing or using our Service, you agree to this Privacy Policy. If you do not agree with the terms of this policy, please do not access our Service.

The data controller responsible for your personal data is:

We may collect personal information that you voluntarily provide to us when you:

• Register for an account
• Use our Service
• Sign up for newsletters or updates
• Contact us for support
• Participate in surveys or promotions

3.1 Personal Information

• Name and business name
• Email address and phone number
• Business address
• Payment information (processed securely via third parties)
• Account credentials

3.2 Vehicle Data

When you use our garage management features, we may process:

• Vehicle registration numbers
• Vehicle make, model, and year
• Service history and maintenance records
• Customer vehicle information you input

3.3 Usage Data

We automatically collect certain information when you access and use the Service, including browser type, operating system, access times, pages viewed, and IP address.

We use your personal information for the following purposes:

• Service Delivery: To provide, maintain, and improve our Service
• Account Management: To process your registration and maintain your account
• Communication: To send you service updates, newsletters, and marketing communications (you can opt out at any time)
• Customer Support: To respond to your questions and provide technical support
• Service Improvements: To analyse usage patterns and improve user experience
• Security: To detect, prevent, and address fraud and abuse
• Legal Compliance: To comply with applicable laws and regulations

Under the UK GDPR and applicable data protection laws, we process your personal data based on the following legal grounds:

5.1 Consent

Where you have provided explicit consent for us to process your data for specific purposes, such as marketing communications.

5.2 Contract Performance

Processing necessary to fulfill our contractual obligations to provide you with our Service.

5.3 Legitimate Interest

Processing necessary for our legitimate business interests, such as improving our Service and ensuring security, where these interests are not overridden by your rights.

5.4 Legal Obligation

Processing necessary to comply with our legal obligations under UK law.

We may share your personal information with the following third parties:

6.1 Service Providers

We work with third-party service providers who assist us in operating our Service:

• Cloud hosting providers (data stored securely in the UK/EEA)
• Email and communication service providers
• Payment processors (we do not store payment details)
• Analytics providers

6.2 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred. We will notify you before such transfer.

6.3 Legal Requirements

We may disclose your information when required by law or in response to valid requests by public authorities.

We retain your personal data only for as long as necessary:

• Account Data: Retained while your account is active and for 2 years after account closure
• Transaction Records: Retained for 6 years to comply with UK tax and accounting requirements
• Marketing Data: Retained until you withdraw consent
• Technical Usage Data: Retained for up to 12 months

Under the UK GDPR, you have the following rights regarding your personal data:

8.1 Right to Access

You have the right to request a copy of the personal data we hold about you.

8.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

8.3 Right to Erasure

You can request deletion of your personal data in certain circumstances, such as where you withdraw consent or the data is no longer necessary.

8.4 Right to Data

You can request your data in a structured, commonly used, machine-readable format.

8.5 Right to Object

You can object to processing based on legitimate interest or direct marketing.

8.6 Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you.

8.7 Withdrawing Consent

Where processing is based on consent, you can withdraw it at any time by contacting us or using the unsubscribe link in emails.

We implement appropriate technical and organisational measures to protect your data:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256)
• Regular security assessments and penetration testing
• Access controls and role-based permissions
• Secure authentication mechanisms
• Regular employee security training
• Incident response procedures
• Data backup and disaster recovery

Your personal data may be transferred to and processed in countries outside the UK. When we transfer data outside the UK/EEA, we ensure appropriate safeguards are in place:

• adequacy decisions by the UK government
• Standard Contractual Clauses (SCCs) approved by the UK
• Binding Corporate Rules for intra-group transfers

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal data without parental consent, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new policy on our website
• Updating the "Last updated" date
• Sending an email notification for material changes

We encourage you to review this policy periodically for any changes.