Official manufacturer service records
ServiceStamp

Privacy Policy

Last updated: 15 May 2026

1. Introduction

Service Stamp Ltd (Company No. 17159900), trading as ServiceStamp ("we", "our", or "us"), is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our vehicle service history checking service at servicestamp.co.uk.

We are based in the United Kingdom and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Service Stamp Ltd is registered with the UK Information Commissioner's Office (ICO) under registration number ZC084245.

2. Information We Collect

2.1 Information You Provide

When you use our service, we collect:

  • Email Address: For sending service history reports and order confirmations
  • Vehicle Identification Number (VIN): To retrieve service history data from manufacturer databases
  • Vehicle Registration Mark (VRM): Where you purchase a Vehicle History Check or Full Vehicle Check, to retrieve provenance data from Experian and government data sources (DVLA, DVSA)
  • Payment Information: Processed securely by Stripe (we do not store your full card details)

2.2 Automatically Collected Information

In our server request logs (used for security, abuse prevention and basic operation):

  • Browser and device information: IP address, browser type, device type, operating system

Only if you give analytics consent (see Section 9):

  • Usage data: Pages visited, time spent on site, referring websites, UTM parameters
  • Analytics cookies: Google Analytics and Ahrefs Analytics cookies (see Section 9)

3. How We Use Your Information

3.1 Primary Purposes (Lawful Basis: Contract Performance)

  • To retrieve and generate your vehicle service history report
  • To deliver your purchased report via email
  • To process your payment securely
  • To provide customer support for your order

3.2 Legal Obligations (Lawful Basis: Legal Compliance)

  • To comply with tax and accounting requirements
  • To respond to lawful requests from authorities
  • To prevent fraud and protect our service

3.3 Legitimate Interests (Lawful Basis: Legitimate Interest)

  • To improve our service and user experience using non-tracking signals (e.g. server logs, support enquiries)
  • To detect and prevent technical issues, abuse and fraud

3.4 Consent (Lawful Basis: Consent)

  • To set analytics cookies (Google Analytics, Ahrefs) and analyse aggregated usage patterns — only if you accept analytics in the cookie banner
  • To send optional marketing emails — only if you tick the marketing-consent box in your account settings

You can withdraw consent at any time via the “Cookie preferences” link in the footer, or by toggling marketing consent in your account settings. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

4. Data Sharing and Third Parties

We work with trusted third-party service providers who process data on our behalf:

4.1 Essential Service Providers

  • Stripe (Payment Processing): Stripe Inc. processes all payments and stores card details securely. Stripe is PCI DSS Level 1 certified. See Stripe's Privacy Policy.
  • Authorized Manufacturer Data Providers: We work with authorized third-party data providers to retrieve official manufacturer service history data using your VIN. These providers have secure access to manufacturer databases and process VINs to access authorized dealership service records.
  • Experian (Vehicle History Check data): When you purchase a Vehicle History Check or Full Vehicle Check, we send the vehicle registration mark (VRM) to Experian in order to retrieve finance, write-off, stolen, mileage and other provenance data. We do not send your name, email or payment details to Experian. See Experian's Privacy Policy.
  • DVLA & DVSA (UK government data): Vehicle registration, tax, MOT and recall data is retrieved from DVLA and DVSA via authorised providers using the registration mark you supply.
  • Neon (Database Hosting): Your email, VIN/registration and report data are stored in a Neon Postgres database with encryption in transit and at rest, hosted on cloud infrastructure within the UK/EEA.

4.2 We Never Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Data Storage and Security

5.1 Where We Store Your Data

  • Our databases are hosted in secure data centers within the European Economic Area (EEA)
  • All data is encrypted both in transit (TLS/SSL) and at rest
  • Access to personal data is restricted to authorized personnel only

5.2 Security Measures

We implement industry-standard security measures including:

  • Encrypted data transmission (HTTPS/TLS 1.3)
  • Encrypted database storage
  • Regular security audits and monitoring
  • Secure authentication systems
  • Access controls and logging

6. Data Retention

We retain your personal data for the following periods:

  • Email and VIN: Retained indefinitely to provide lifetime access to your purchased reports
  • Payment records: Retained for 7 years to comply with UK tax and accounting requirements
  • Service history reports: Stored indefinitely to provide permanent access via your unique report URL
  • Website usage data: Retained for up to 24 months for analytics purposes

You can request deletion of your personal data at any time (see Section 7 - Your Rights).

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

7.1 Right of Access

You can request a copy of all personal data we hold about you. Contact us at hello@servicestamp.co.uk to make a Subject Access Request.

7.2 Right to Rectification

You can request correction of inaccurate or incomplete data.

7.3 Right to Erasure ("Right to Be Forgotten")

You can request deletion of your personal data. Note: We may be required to retain certain data for legal compliance (e.g., tax records for 7 years).

7.4 Right to Data Portability

You can request your data in a machine-readable format (e.g., JSON or CSV).

7.5 Right to Object

You can object to processing based on legitimate interests. However, this may prevent us from providing our service.

7.6 Right to Restrict Processing

You can request temporary suspension of data processing in certain circumstances.

To exercise any of these rights, email us at: hello@servicestamp.co.uk

We will respond to your request within 30 days as required by UK GDPR.

8. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

9. Cookies and Tracking

We use cookies and similar technologies (including localStorage and sessionStorage) to operate the site and, with your consent, to understand how it is used. On your first visit you'll see a cookie banner — non-essential cookies are not set until you accept them. You can change your choice at any time via the link in the footer.

9.1 Strictly necessary (no consent required)

These are required for the service you've requested and cannot be switched off:

  • Session and authentication cookies — to keep you logged in and maintain your browsing session
  • Security cookies — CSRF protection and abuse prevention
  • Consent storagess_consent_v1 in localStorage, records your cookie choices so we don't re-prompt
  • Stripe (checkout only)__stripe_mid, __stripe_sid set by Stripe on the checkout page for fraud prevention
  • Vercel infrastructure cookies — bot-challenge and routing cookies set by our hosting provider

9.2 Analytics (consent required)

Only set if you accept analytics in the cookie banner. Help us understand how the site is used so we can improve it:

  • Google Analytics 4_ga, _ga_*, _gid, _gat_*. Retained up to 2 years (default 14 months for event data). Provided by Google LLC; data may be transferred outside the UK/EEA under appropriate safeguards. See Google's Privacy Policy and the GA opt-out browser add-on.
  • Ahrefs Analytics — first-party cookies set by analytics.ahrefs.com for aggregate traffic measurement. See Ahrefs' Privacy Policy.
  • UTM parameter trackingutm_params in sessionStorage, used to attribute traffic sources to GA events. Cleared automatically when the browser tab closes.

9.3 Marketing

We do not currently set marketing or advertising cookies. The category is reserved in the cookie preferences modal so we can offer it transparently if we add any in future.

9.4 Withdrawing or changing consent

Open at any time to change or withdraw consent. Withdrawing analytics consent stops new cookies being set; existing analytics cookies are cleared on your next page load.

10. International Data Transfers

We primarily store data within the UK/EEA. If data is transferred outside the UK/EEA (e.g., to Stripe's US servers), we ensure:

  • Transfers are made to countries with adequate data protection (as determined by the UK government)
  • Or appropriate safeguards are in place (e.g., Standard Contractual Clauses)

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

  • Updating the "Last updated" date at the top of this page
  • Sending an email notification if the changes materially affect your rights

12. Complaints and Regulatory Authority

If you have concerns about how we handle your personal data, you can:

  1. Contact us directly at hello@servicestamp.co.uk
  2. Lodge a complaint with the UK Information Commissioner's Office (ICO):
    • Website: ico.org.uk
    • Helpline: 0303 123 1113
    • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

13. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

← Back to home

Buying or selling vehicles in volume?

Reports from £3.99 with volume pricing. The more you check, the less you pay — plus dedicated support and a team dashboard.

Apply for Trade Account