Privacy Policy
Last updated: 13 April 2026
1. Who We Are
HGVDesk Ltd ("we", "us") operates the HGVDesk fleet management platform at hgvdesk.co.uk. We are the data controller for personal data processed through our service. Contact: [email protected].
2. Data We Collect
- Account data: name, email address, company name, role, phone number
- Fleet data: vehicle registrations, inspection records, defect reports, tyre data, brake test results, technician notes, photographs
- Billing data: payment information processed by Stripe (we do not store card numbers)
- Usage data: login times, pages visited, features used, IP addresses
- Device data: browser type, operating system, screen size
3. How We Use Your Data
- Providing and improving the HGVDesk platform
- Processing vehicle inspections and generating DVSA-compliant reports
- Sending inspection reports, alerts, and invoices via email
- Processing subscription payments via Stripe
- Customer support and communication
- Legal compliance including DVSA audit trail requirements
4. Legal Basis (GDPR)
We process personal data under the following lawful bases:
- Contract: necessary to provide the service you subscribed to
- Legitimate interest: improving our platform, preventing fraud, security
- Legal obligation: maintaining inspection records as required by DVSA regulations
- Consent: marketing communications (you can opt out at any time)
5. Data Storage and Security
Your data is stored on secure servers located in the EU/UK. We use PostgreSQL with encrypted connections, HTTPS everywhere, bcrypt password hashing, and JWT authentication. Inspection records are retained for the minimum period required by DVSA regulations (15 months for daily walkaround checks, 15 months for safety inspections).
6. Data Sharing
We share data only with:
- Stripe: payment processing
- Resend: transactional email delivery
- Anthropic: AI-powered inspection summaries and defect descriptions (no personal data sent, only vehicle/inspection data)
- DVSA/DVLA: vehicle lookup API queries contain only registration numbers
We do not sell your data to third parties.
7. Cookies
We use essential cookies only: session tokens for authentication. We do not use tracking cookies, analytics cookies, or advertising cookies. No cookie consent banner is required as we only use strictly necessary cookies.
8. Your Rights
Under GDPR and the UK Data Protection Act 2018, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase your data (subject to legal retention requirements)
- Restrict processing
- Data portability
- Object to processing
- Withdraw consent
To exercise any right, email [email protected]. We will respond within 30 days.
9. Data Retention
Account data: retained while your account is active, deleted within 90 days of account closure. Inspection records: retained per DVSA requirements (minimum 15 months). Billing records: retained for 7 years per HMRC requirements.
10. Changes
We may update this policy. Material changes will be notified by email. Continued use after notification constitutes acceptance.
11. Contact
HGVDesk Ltd
Email: [email protected]
ICO registration: pending