Privacy Policy

DRIVECORE LTD ("we", "our", or "us") is committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy provides comprehensive information about how we collect, use, disclose, store, and protect your personal data when you use our DriveCore vehicle tracking platform, mobile applications (iOS and Android), web dashboard, and all related services (collectively, the "Services").

We are registered with the Information Commissioner's Office (ICO) under UK GDPR - ZC093182 and comply fully with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR) where applicable.

The data controller responsible for your personal data is:

3.1 Information You Provide Directly

• Account information: Name, email address, phone number, password (stored securely hashed)
• Payment and billing: Card details (processed by Stripe; we do not store full card numbers), billing address, payment history
• Vehicle and device registration: IMEI, registration number, make, model, colour, fuel type, year of manufacture
• DVLA data: When you verify your vehicle, we may receive data from the Driver and Vehicle Licensing Agency (DVLA)
• Communications: Support tickets, feedback, and correspondence

3.2 Information Collected Automatically

• GPS location data: Real-time and historical latitude, longitude, altitude, and timestamps from your tracked vehicles
• Driving data: Speed, mileage, acceleration, braking patterns, idle time, and trip duration
• Device telemetry: Battery level, signal strength, ignition status, and connectivity status
• Usage analytics: App opens, feature usage, session duration, and interaction patterns
• Technical data: IP address, browser type, device model, operating system, and unique device identifiers

3.3 Special Categories of Data

We do not intentionally collect special category data (e.g. health, biometrics, race, religion). Location data may indirectly reveal information about your movements; we process it only as necessary to provide the Services.

Our core service involves collecting and processing location data from GPS trackers installed in your vehicles. This data enables:

• Real-time vehicle tracking and live map display
• Historical playback and route replay
• Geofence alerts (entry/exit notifications)
• Mileage and fuel consumption reports
• Overspeed and driving behaviour analytics
• Theft recovery and asset protection

Location data is transmitted securely via our tracking infrastructure and stored in the UK and EU where possible. Data is encrypted in transit (TLS) and at rest (AES-256).

We process your personal data on the following legal bases:

• Contract (Art. 6(1)(b)): To perform our contract with you—providing tracking, alerts, reports, and support
• Legitimate interests (Art. 6(1)(f)): To improve our Services, prevent fraud, ensure security, and communicate important service updates
• Consent (Art. 6(1)(a)): For marketing communications, optional analytics, and non-essential cookies—you may withdraw consent at any time
• Legal obligation (Art. 6(1)(c)): To comply with tax, regulatory, and law enforcement requirements

We use your data for the following purposes:

• Service delivery: Providing vehicle tracking, geofencing, alerts, reports, and fleet management features
• Payment processing: Managing subscriptions, invoicing, and payment collection
• Communications: Sending real-time alerts (speed, geofence, low battery), service notifications, and support responses
• Security: Detecting and preventing fraud, unauthorised access, and abuse
• Improvement: Analysing usage to improve our Services, fix bugs, and develop new features
• Legal compliance: Responding to lawful requests from authorities and enforcing our terms
• Marketing: Only with your consent—you can opt out at any time

We may share your data with the following categories of recipients:

• Cloud and infrastructure: Firebase (Google), Google Cloud Platform—for hosting, databases, and authentication
• Payment processing: Stripe—for secure payment handling (we do not store card details)
• Mapping and geolocation: Mapbox, Google Maps—for map display and geocoding
• Analytics (optional): With your consent, we may use analytics providers to understand usage
• Sub-processors: All sub-processors are bound by Data Processing Agreements (DPAs) and process data only on our instructions
• Authorities: When required by law, court order, or to protect our legal rights

We retain your data only for as long as necessary to fulfil the purposes set out in this policy:

• Account data: Retained while your account is active and for up to 7 years after closure for legal and tax purposes
• Location and tracking data: Typically 90 days to 12 months depending on your subscription tier; may be longer for enterprise customers
• Payment records: 7 years for accounting and tax compliance
• Support communications: Up to 3 years for quality and dispute resolution
• Logs and security data: Up to 12 months for security monitoring

You may request earlier deletion of your data, subject to our legal retention obligations. Upon account deletion, we will anonymise or delete your data within 30 days where possible.

Your data may be transferred to and processed in countries outside the UK, including the European Economic Area (EEA) and the United States. Where we do so, we ensure appropriate safeguards:

• UK adequacy decisions (where the destination country is deemed adequate)
• UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU SCCs
• Standard Contractual Clauses (SCCs) approved by the ICO

You may request a copy of the safeguards we use for international transfers by contacting us.

Under UK data protection law, you have the following rights:

• Right of access (Art. 15): Request a copy of your personal data (Subject Access Request)
• Right to rectification (Art. 16): Request correction of inaccurate or incomplete data
• Right to erasure (Art. 17): Request deletion of your data ("right to be forgotten") in certain circumstances
• Right to restrict processing (Art. 18): Request limitation of processing in specific situations
• Right to data portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format
• Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time
• Right to lodge a complaint: With the ICO at ico.org.uk if you believe we have not handled your data properly

To exercise any of these rights, contact us at support@drivecore.co.uk. We will respond within one month. There is no fee for most requests, though we may charge a reasonable fee for manifestly unfounded or excessive requests.

We implement appropriate technical and organisational measures to protect your personal data:

• Encryption: TLS 1.3 for data in transit; AES-256 for data at rest
• Access controls: Role-based access, strong authentication, and principle of least privilege
• Monitoring: Logging, intrusion detection, and regular security assessments
• Staff training: Data protection and security awareness for all personnel
• Incident response: Procedures to detect, report, and respond to data breaches; we will notify the ICO and affected individuals where required

Despite our efforts, no method of transmission over the Internet is 100% secure. We encourage you to use strong passwords and keep your account credentials confidential.

We use cookies and similar technologies (e.g. local storage, pixels) for:

• Essential cookies: Required for authentication, session management, and security—cannot be disabled
• Functional cookies: Remember your preferences (e.g. map view, units)
• Analytics cookies: Help us understand how you use our Services (with your consent)

You can manage cookies through your browser settings. Disabling essential cookies may affect the functionality of our Services. For more details, see our Cookie Policy.

We do not use your personal data for automated decision-making that produces legal effects or similarly significantly affects you. Our Services may use algorithms to:

• Detect overspeed events and generate alerts
• Calculate mileage and driving statistics
• Identify geofence entry/exit

These processes support the provision of our Services and do not constitute profiling under UK GDPR. If we introduce profiling in the future, we will inform you and, where required, obtain your consent.

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at support@drivecore.co.uk. We will take steps to delete such information.

Our Services may contain links to third-party websites or integrate with third-party services (e.g. DVLA, mapping providers). We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any personal data.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by:

• Posting the updated policy on our website with a new "Last updated" date
• Sending an email notification to your registered email address
• Displaying an in-app notification where appropriate

Your continued use of our Services after such changes constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

If you have questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your data, please contact us:

We aim to respond to all enquiries within 5 business days. For formal Subject Access Requests, we will respond within one month as required by UK GDPR.