Privacy Policy

Account information: name, email address, phone number, password (hashed), and account role (customer or valetor). For valetors, we also collect business name, service areas, service descriptions, and profile photos.

Booking and job data: vehicle details, service address, appointment dates and times, job status history, service notes, and any messages exchanged between customers and valetors through the platform.

Payment data: payment method details (processed and stored by Stripe; we do not store full card numbers), transaction amounts, payout history, invoices, and Stripe Connect account identifiers for valetors.

Location data: service addresses provided during booking, valetor service area postcodes, and route/travel time data calculated for job scheduling. We do not continuously track your real-time location.

Communications: messages sent through the in-app messaging system and connected social channels (Instagram, Facebook), conversation metadata, and any correspondence with our support team.

Technical data: device type, operating system, browser type, IP address, app version, crash reports, and performance metrics collected automatically when you use the platform.

To provide the service: creating and managing accounts, processing bookings, facilitating communication between customers and valetors, calculating routes and travel times, and processing payments and payouts.

To improve the platform: analysing usage patterns to improve features, fixing bugs, monitoring performance, and developing new functionality.

To protect the platform: detecting and preventing fraud, enforcing our Terms of Service, verifying user identities, and ensuring the safety and security of all users.

To communicate with you: sending booking confirmations, status updates, payout notifications, important service announcements, and responding to support enquiries. We do not send marketing emails without your explicit opt-in consent.

We process your personal data under the following lawful bases: contract performance (to provide the services you have requested), legitimate interests (to improve the platform, prevent fraud, and ensure security), legal obligation (to comply with tax, accounting, and regulatory requirements), and consent (for optional features such as marketing communications, which you can withdraw at any time).

We share personal data with the following third-party processors, each of which is bound by data processing agreements: Supabase (database hosting and authentication, data stored in the EU), Stripe (payment processing, PCI DSS compliant), Google Maps Platform (geocoding and directions for route planning; addresses are sent server-side only), Expo / EAS (mobile app build and push notification delivery), Resend (transactional email delivery), and Sentry (error tracking and crash reporting).

We do not sell your personal data to third parties. Data is only shared with processors as necessary to operate the platform and provide the services described in this policy.

Active account data is retained for as long as your account remains open and active. If you close your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it by law.

Financial and transaction records are retained for a minimum of 6 years after the relevant tax year, as required by HMRC for tax and accounting compliance. This includes payment amounts, payout records, and invoice data.

Anonymised and aggregated data that cannot be used to identify you may be retained indefinitely for analytical and statistical purposes.

You have the following rights regarding your personal data: the right of access (to request a copy of the data we hold about you), the right to rectification (to correct inaccurate or incomplete data), the right to erasure (to request deletion of your data, subject to legal retention requirements), the right to restrict processing, the right to data portability (to receive your data in a structured, machine-readable format), and the right to object to processing based on legitimate interests.

To exercise any of these rights, please contact us at the email address provided below. We will respond to your request within one month, as required by law. If your request is complex, we may extend this period by up to two further months, and we will inform you of the reason for the extension.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been infringed.

The Valetors platform uses essential cookies only. These are strictly necessary for the platform to function and include session authentication tokens and security-related cookies. We do not use advertising, tracking, or analytics cookies.

Because these cookies are essential to the operation of the service, they do not require separate consent under UK cookie regulations. No cookie banner is displayed as there are no optional cookies to manage.

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS) and at rest, row-level security policies on our database, secure password hashing, and regular security reviews. While we take reasonable steps to protect your data, no method of transmission over the internet is completely secure.

Some of our third-party processors may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the ICO, or the processor operates in a country with an adequate level of data protection as determined by the UK government.

The Valetors platform is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the platform. The date of the most recent revision will be indicated at the top of the page.

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at support@valetors.com. We aim to respond to all privacy-related enquiries within two business days.