Privacy Policy

Last updated: 19 February 2026

vAutoStock Ltd ("we", "us", or "our") operates the vAutoStock Lite mobile application (the "App") and associated web services. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our App.

1. Information We Collect

1.1 Account Information

When you register or are invited to the App, we collect:

• Full name
• Email address
• Role within your dealership (admin, manager, or process user)
• Dealership/tenant information

1.2 Vehicle Data

We store vehicle information entered by your team or retrieved from government APIs (DVLA, DVSA), including:

• Registration number, make, model, colour, VIN
• MOT status and expiry dates
• Tax status
• Outstanding vehicle recalls

1.3 Camera and Photos

The App requests camera access to allow you to photograph vehicle damage for damage assessment records. Photos are:

• Captured only when you actively use the camera feature
• Uploaded to secure cloud storage (Firebase) linked to your tenant account
• Used solely for vehicle damage documentation within your dealership
• Never shared with third parties or used for advertising

1.4 Microphone and Audio

The App requests microphone access for the voice damage capture feature. This allows you to describe vehicle damage by voice, which is then transcribed into structured data. Audio recordings are:

• Captured only when you actively press and hold the record button
• Sent to our transcription service (OpenAI Whisper) for speech-to-text conversion
• Not stored permanently after transcription is complete
• Never used for voice profiling or any purpose other than damage transcription

1.5 Location Data

The App requests location access for the GPS vehicle parking feature. This allows you to save where a vehicle is parked on your lot. Location data is:

• Captured only when you actively tap the "Set Location" button
• Stored as coordinates associated with the specific vehicle
• Not tracked continuously or in the background
• Used solely to help your team locate parked vehicles

1.6 Push Notification Tokens

We collect Firebase Cloud Messaging (FCM) device tokens to send you relevant notifications about:

• Subscription status and billing alerts
• Usage threshold warnings
• Important service updates

You can disable notifications at any time via your device settings.

1.7 Analytics and Crash Data

We use Firebase Crashlytics to collect anonymous crash reports and diagnostics. This helps us identify and fix bugs. Crash data includes:

• Device model and operating system version
• App version
• Stack traces from crashes
• No personally identifiable information is included in crash reports

2. How We Use Your Data

We use your data exclusively to:

• Provide and operate the vAutoStock Lite service
• Authenticate your account and manage access
• Store and display vehicle and damage records for your dealership
• Send service-related notifications
• Monitor and improve app stability
• Process subscription billing

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Data Storage and Security

• All data is stored on secure servers hosted in the United Kingdom
• Data is encrypted in transit using TLS/HTTPS
• Each dealership's data is fully isolated using row-level security — your data is never accessible to other tenants
• Access tokens are short-lived (24 hours) with secure refresh mechanisms
• Passwords are hashed using bcrypt
• Admin panel access is protected by two-factor email verification

4. Third-Party Services

We use the following third-party services to operate the App:

• Firebase (Google) — push notifications, crash reporting, and media storage. Firebase Privacy Policy
• OpenAI — voice transcription (Whisper API). Audio is processed and not retained by OpenAI. OpenAI Privacy Policy
• DVLA — vehicle data lookup (UK Government service)
• DVSA — MOT history and vehicle recall data (UK Government service)

5. Data Retention

• Account data is retained while your subscription is active
• Vehicle and damage records are retained for the duration of your subscription
• Upon account deletion or subscription cancellation, your data is removed within 90 days
• Crash logs are retained for up to 90 days
• Billing event logs are retained for 7 years as required by UK law

6. Your Rights

Under UK GDPR, you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate data
• Erasure — request deletion of your data ("right to be forgotten")
• Portability — request your data in a machine-readable format
• Restriction — request that we limit how we use your data
• Objection — object to certain types of data processing

To exercise any of these rights, contact us at privacy@vautostock.co.uk.

7. Children's Privacy

The App is not intended for use by anyone under the age of 18. We do not knowingly collect data from children.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via the App or email. The "Last updated" date at the top indicates the most recent revision.

9. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: privacy@vautostock.co.uk
• General enquiries: support@vautostock.co.uk