1. Introduction

ServiceStamp ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our vehicle service history checking service at servicestamp.co.uk.

We are based in the United Kingdom and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Information You Provide

When you use our service, we collect:

• Email Address: For sending service history reports and order confirmations
• Vehicle Identification Number (VIN): To retrieve service history data from manufacturer databases
• Payment Information: Processed securely by Stripe (we do not store your full card details)

2.2 Automatically Collected Information

• Browser and device information: IP address, browser type, device type, operating system
• Usage data: Pages visited, time spent on site, referring websites
• Cookies: Essential cookies for site functionality (see Section 9)

3. How We Use Your Information

3.1 Primary Purposes (Lawful Basis: Contract Performance)

• To retrieve and generate your vehicle service history report
• To deliver your purchased report via email
• To process your payment securely
• To provide customer support for your order

3.2 Legal Obligations (Lawful Basis: Legal Compliance)

• To comply with tax and accounting requirements
• To respond to lawful requests from authorities
• To prevent fraud and protect our service

3.3 Legitimate Interests (Lawful Basis: Legitimate Interest)

• To improve our service and user experience
• To analyze usage patterns and optimize performance
• To detect and prevent technical issues

4. Data Sharing and Third Parties

We work with trusted third-party service providers who process data on our behalf:

4.1 Essential Service Providers

• Stripe (Payment Processing): Stripe Inc. processes all payments and stores card details securely. Stripe is PCI DSS Level 1 certified. See Stripe's Privacy Policy.
• Authorized Data Providers: We work with authorized third-party data providers to retrieve official manufacturer service history data using your VIN. These providers have secure access to manufacturer databases and process VINs to access authorized dealership service records.
• MongoDB Atlas (Database Hosting): Your email, VIN, and report data are stored securely in encrypted MongoDB databases hosted on secure cloud infrastructure.

4.2 We Never Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Data Storage and Security

5.1 Where We Store Your Data

• Our databases are hosted in secure data centers within the European Economic Area (EEA)
• All data is encrypted both in transit (TLS/SSL) and at rest
• Access to personal data is restricted to authorized personnel only

5.2 Security Measures

We implement industry-standard security measures including:

• Encrypted data transmission (HTTPS/TLS 1.3)
• Encrypted database storage
• Regular security audits and monitoring
• Secure authentication systems
• Access controls and logging

6. Data Retention

We retain your personal data for the following periods:

• Email and VIN: Retained indefinitely to provide lifetime access to your purchased reports
• Payment records: Retained for 7 years to comply with UK tax and accounting requirements
• Service history reports: Stored indefinitely to provide permanent access via your unique report URL
• Website usage data: Retained for up to 24 months for analytics purposes

You can request deletion of your personal data at any time (see Section 7 - Your Rights).

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

7.1 Right of Access

You can request a copy of all personal data we hold about you. Contact us at contact@servicestamp.co.uk to make a Subject Access Request.

7.2 Right to Rectification

You can request correction of inaccurate or incomplete data.

7.3 Right to Erasure ("Right to Be Forgotten")

You can request deletion of your personal data. Note: We may be required to retain certain data for legal compliance (e.g., tax records for 7 years).

7.4 Right to Data Portability

You can request your data in a machine-readable format (e.g., JSON or CSV).

7.5 Right to Object

You can object to processing based on legitimate interests. However, this may prevent us from providing our service.

7.6 Right to Restrict Processing

You can request temporary suspension of data processing in certain circumstances.

To exercise any of these rights, email us at: contact@servicestamp.co.uk

We will respond to your request within 30 days as required by UK GDPR.

8. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

9. Cookies and Tracking

We use essential cookies required for the website to function properly:

• Session cookies: To maintain your browsing session
• Security cookies: To protect against fraud and abuse

We do not use advertising cookies or third-party tracking cookies. By using our website, you consent to our use of essential cookies.

10. International Data Transfers

We primarily store data within the UK/EEA. If data is transferred outside the UK/EEA (e.g., to Stripe's US servers), we ensure:

• Transfers are made to countries with adequate data protection (as determined by the UK government)
• Or appropriate safeguards are in place (e.g., Standard Contractual Clauses)

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

• Updating the "Last updated" date at the top of this page
• Sending an email notification if the changes materially affect your rights

12. Complaints and Regulatory Authority

If you have concerns about how we handle your personal data, you can:

1. Contact us directly at contact@servicestamp.co.uk
2. Lodge a complaint with the UK Information Commissioner's Office (ICO):
   • Website: ico.org.uk
   • Helpline: 0303 123 1113
   • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

13. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

• Email: contact@servicestamp.co.uk
• Website: servicestamp.co.uk