Privacy Policy

Introduction

We at GarageAI Ltd respect your privacy and are committed to complying with UK GDPR (as amended by the Data (Use and Access) Act 2025), Data Protection Act 2018, and PECR. This Privacy Policy explains how we collect, use, share, and protect personal data in providing the Service and operating the Website. No material divergences from EU GDPR noted as of this date, but we monitor for adequacy impacts.

1. Data We Collect

• Subscriber Data (Garages): Name, email, phone number, payment details (via Stripe), garage details.
• Caller Data (Leads): Phone number (from missed call), name, vehicle registration, reason, optional message (via form).
• Website Data: Emails for waitlist (via Mailchimp), booking details (via Calendly), technical data (IP addresses, device info, logs).

No Cookies: We do not use cookies on forms or the Website; SMS links are direct.

2. How We Collect Data

Directly from you (subscription signup, Website forms). Automatically via webhooks (missed calls from Twilio). From callers via SMS-linked forms. Via third parties: Mailchimp (waitlist emails), Calendly (demo bookings).

3. How We Use Data

Provide the Service (e.g., send SMS, generate emails). Operate the Website (e.g., process waitlist signups, schedule demos). Billing via Stripe. Internal admin (e.g., lead history for owner visibility). Marketing (waitlist updates, with consent via Mailchimp). Legal compliance (e.g., audits). Lawful bases: Contract (for subscribers), legitimate interests (for operations, with LIA conducted for SMS follow-ups confirming necessity and minimal override of rights), consent (for waitlist marketing). No reliance on new "recognized legitimate interests" under DUAA, as standard interests apply.

4. Sharing Data

With processors: Twilio (calls/SMS), Postmark (emails), Stripe (payments), Mailchimp (waitlist), Calendly (bookings), hosting providers (e.g., AWS in UK/EU). No sharing with third parties for marketing without consent. As required by law (e.g., ICO requests). Sub-processors notified per DPA.

5. Data Storage and Retention

Stored in UK/EU secure servers. Retained: Subscriber data for subscription duration + 6 years (tax purposes); caller data for 12 months or until deletion request; Website data (e.g., waitlist) until unsubscribed + 2 years. Deleted securely on cessation.

6. Security

We use encryption, firewalls, access controls, and regular audits. Notify breaches within 72 hours per UK GDPR. Comply with Ofcom scam prevention (e.g., monitoring for abuse).

7. Your Rights

Under UK GDPR: Access, rectify, erase, restrict, object, portability. Email daniel@garageai.co.uk. Complaints to ICO.

8. International Transfers

Data stays in UK/EU; if transferred, we use UK-approved mechanisms (e.g., IDTA or EU SCCs + UK Addendum). Mailchimp and Calendly may involve US transfers; we ensure adequacy (e.g., Data Privacy Framework).

9. Children

Service and Website not for under-18s; no child data processed.

10. Changes

Notified via email; check regularly.

11. Contact

GarageAI Ltd, [Insert Address, e.g., London, England]. Email: daniel@garageai.co.uk.