Privacy Policy
Last updated: 22 February 2026
At a glance
NotifyDriver is a subscription service that lets people anonymously alert a vehicle owner by scanning a QR code sticker on the windscreen.
- Data controller: NotifyDriver Ltd (UK company).
- Account holders: we collect your email, a hashed password, vehicle registration number(s), and alert history.
- Members of the public who scan a QR code: we do not ask for any personal details — no name, email, or phone number.
- Cookies: essential session cookies only. No advertising or analytics cookies.
- We share data with: Stripe (payments), Hetzner (hosting), and UK government vehicle APIs (DVLA/DVSA) — only as needed to run the service.
- Your rights: access, correction, deletion, restriction, portability, objection.
- Complaints: you can complain to the ICO at any time (details below).
1. Who we are
The data controller responsible for your personal data is:
NotifyDriver Ltd
Registered office: 86–90 Paul Street, London, EC2A 4NE, United Kingdom
Company number: TBC
Email: support@notifydriver.com
Privacy enquiries: support@notifydriver.com
We are registered with the UK Information Commissioner’s Office (ICO) as a data protection fee payer. Our ICO registration reference is available on request.
2. What personal data we collect
We collect different information depending on how you interact with us.
2.1 Account holders (subscribers)
Account and identity: email address, password (stored only as a secure hash — never in plain text).
Vehicle and QR code: vehicle registration number (number plate), public QR ID linked to your sticker, and vehicle data retrieved from government sources (e.g. make, colour, MOT and tax status).
Alerts and usage: alerts received (timestamp, type, delivery status), login events, and security logs.
Billing: subscription status, plan, trial dates, and Stripe customer/subscription IDs. We do not store your card details — these are handled entirely by Stripe.
Support: any messages you send us via email or a contact form.
2.2 Members of the public who scan a QR code
NotifyDriver is designed so that anyone can send an alert without creating an account and without sharing their identity. We do not ask for your name, email, phone number, or address.
The alert itself records: a timestamp, the alert type selected, and delivery status.
Technical data: like most websites, our servers may process technical information in logs (such as IP address, browser/device type, and the page requested) for security, rate limiting, and abuse prevention.
3. How we collect personal data
Directly from you: when you sign up, manage your account, add a vehicle, or contact support.
Automatically: through essential cookies and server logs when you use the website.
From third-party sources: when you use features that retrieve data from the DVLA Vehicle Enquiry Service (vehicle details), the DVSA MOT History API (MOT records), or Stripe (payment/subscription status).
4. How we use your data and our lawful basis
We only process personal data when the law allows it. The main lawful bases we rely on are:
- Contract (Article 6(1)(b) UK GDPR) — to provide the subscription service you signed up for.
- Legitimate interests (Article 6(1)(f) UK GDPR) — to keep the service secure, prevent abuse, and improve reliability.
- Legal obligation (Article 6(1)(c) UK GDPR) — to comply with accounting, tax, and other legal duties.
| Purpose | Data used | Lawful basis |
|---|---|---|
| Deliver alerts when your QR code is scanned | Email, QR ID, alert data | Contract |
| Provide your dashboard and vehicle tools | Account data, vehicle data | Contract |
| Retrieve vehicle info from DVLA/DVSA | Vehicle registration number | Contract |
| Process payments and manage your subscription | Email, Stripe IDs | Contract / Legal obligation |
| Prevent spam, fraud, and abuse | IP addresses, usage logs, rate-limit data | Legitimate interests |
| Respond to support requests | Email, message content | Contract / Legitimate interests |
| Meet legal and accounting obligations | Billing records | Legal obligation |
Where we rely on legitimate interests, our interest is protecting users and keeping the service reliable. You have the right to object (see section 8).
5. Who we share data with
We share personal data only when necessary to run NotifyDriver:
- Stripe — payment processing and subscription billing. We never see or store your card details. Stripe’s privacy policy.
- Hetzner — cloud hosting and infrastructure. Servers are located in Germany and Finland (EU/EEA). Hetzner’s privacy policy.
- DVLA Vehicle Enquiry Service (VES) — we send your vehicle registration number to retrieve vehicle information. This is a UK government service.
- DVSA MOT History API — we retrieve MOT test history for vehicles you add. This is a UK government service.
- Open Charge Map — if you use EV charging features, we may send an approximate location to find nearby charge points. No personal data is shared.
We may also share data with professional advisers (e.g. lawyers, accountants) where needed, and with authorities if we are legally required to do so.
We never sell your personal data.
6. International data transfers
Our hosting is in the EU/EEA (Hetzner — Germany and Finland). Stripe may process some data outside the UK/EEA (including in the United States) and relies on appropriate safeguards such as Standard Contractual Clauses. You can read more in Stripe’s privacy policy.
7. How long we keep your data
We keep personal data only as long as we need it:
- Account data: retained while your subscription is active, then deleted 30 days after cancellation.
- Alert history: retained for 12 months, then deleted.
- Billing and tax records: we may keep invoices and payment records for up to 6 years to meet legal and accounting requirements.
- Server logs: typically retained for up to 90 days for security purposes.
If you ask us to delete your data, we will do so promptly unless we have a legal reason to keep it.
8. Your data protection rights
Under UK GDPR, you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate or incomplete data.
- Erasure — ask us to delete your data (where there is no legal reason to keep it).
- Restriction — ask us to limit how we use your data in certain circumstances.
- Data portability — receive your data in a structured, commonly used format.
- Objection — object to processing based on legitimate interests. We will stop unless we have compelling grounds to continue.
To exercise any of these rights, email support@notifydriver.com. We aim to respond within one month. We may need to verify your identity before acting on your request.
These rights are free of charge in most circumstances.
9. Withdrawing consent
Where we rely on your consent (for example, if you opted in to marketing emails), you can withdraw it at any time by clicking the unsubscribe link in the email or contacting us. Withdrawing consent does not affect the lawfulness of processing that already took place.
10. Complaints
If you are unhappy with how we handle your personal data, please contact us first and we will try to resolve it.
You also have the right to complain to the UK supervisory authority:
Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113
11. Cookies
We use essential cookies only — specifically, a session cookie for login/security and a cookie to remember your theme preference (light/dark mode). These are strictly necessary to provide the service you have requested.
We do not use analytics, advertising, or third-party tracking cookies. Because our cookies are strictly necessary, we rely on the exemption under the Privacy and Electronic Communications Regulations (PECR) and do not require separate consent for them.
12. Security
We use appropriate technical and organisational measures to protect your data, including:
- HTTPS/SSL encryption for all connections
- Passwords stored as secure hashes (never in plain text)
- Rate limiting on alerts and login attempts to prevent abuse
- Session timeouts for inactive accounts
- Restricted access to production systems
- Vehicle registration numbers handled securely (never placed in URLs)
No system is completely secure, but we take reasonable steps to protect your information.
13. Children
NotifyDriver is intended for people aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact us and we will delete it.
14. Automated decision-making
We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.
15. Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last updated” date. Where changes are significant, we will notify account holders by email.