Privacy Policy

ProfitGarage is a UK-based SaaS product operated at profitgarage.co.uk. We provide a car flip profit tracking application for independent used car traders and enthusiasts in the United Kingdom.

For any data-related queries or to exercise your rights, contact us at support@profitgarage.co.uk.

We collect only the data necessary to provide the ProfitGarage service:

• Account data — your name, email address, and optionally a UK phone number.
• Vehicle records — registration numbers, make, model, purchase and sale prices, dates, mileage, and any cost entries you add.
• Financial records — profit/loss calculations, tax estimates, mileage logs, and receipts you upload.
• Photos — images you upload against individual vehicle records.
• Subscription data — your subscription tier and billing status (processed by Stripe; we do not store card details).
• Usage data — pages visited, features used, error logs, and browser/device type. Used solely to improve the platform.

We use the data we collect to:

• Deliver the ProfitGarage service, including profit calculations, tax estimates, and DVLA/DVSA lookups on your behalf.
• Manage your account, subscription, and billing.
• Send transactional emails (account confirmation, password resets, subscription receipts).
• Respond to support requests.
• Improve platform performance, fix bugs, and develop new features.
• Comply with legal obligations.

We do not sell your data to third parties. We do not use your data for advertising.

We process your personal data under the following legal bases:

• Contract performance — processing your account and vehicle data is necessary to deliver the service you have signed up for.
• Legitimate interests — usage analytics and platform improvement, where these do not override your rights.
• Legal obligation — retaining certain records as required by UK law.
• Consent — where we ask for your explicit agreement (e.g. accepting these terms at signup).

We share your data only with trusted third-party processors required to operate the service. Each is bound by a data processing agreement:

• Supabase — database hosting and user authentication. Data stored on EU-region servers.
• Stripe — payment processing. Stripe handles all card data under PCI DSS compliance. We receive subscription status only.
• Resend — transactional email delivery (account and billing emails).
• DVLA Vehicle Enquiry API — vehicle registration lookups made at your request.
• DVSA MOT History API — MOT history lookups made at your request.
• Vercel — application hosting and edge delivery.

We do not share your data with any other third parties without your explicit consent, except where required by law.

We retain your personal data for as long as your account is active. If you delete your account, your data will be removed from our systems within 30 days.

Aggregated, anonymised analytics data (which cannot identify you) may be retained indefinitely to help us understand how the platform is used.

Stripe retains billing records for the period required by financial regulations (typically 7 years), independent of account deletion.

As a UK resident, you have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure — request deletion of your personal data ("right to be forgotten").
• Restriction — ask us to limit how we process your data in certain circumstances.
• Portability — receive your data in a structured, machine-readable format.
• Object — object to processing based on legitimate interests.
• Withdraw consent — where processing is based on consent, you may withdraw at any time.

To exercise any of these rights, contact us at support@profitgarage.co.uk. We will respond within 30 days.

If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

ProfitGarage uses browser cookies and local storage to maintain your session and store preferences. These are strictly necessary for the application to function and do not track you across other websites.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

We take reasonable technical and organisational measures to protect your data, including:

• All data transmitted over HTTPS/TLS.
• Database access restricted by row-level security policies.
• Passwords hashed using bcrypt via Supabase Auth — we never store plaintext passwords.
• Payment card data never touches our servers — processed entirely by Stripe.

No method of transmission or storage is 100% secure. In the unlikely event of a data breach affecting your rights, we will notify you and the ICO as required by UK GDPR.

ProfitGarage is intended for adults operating as traders or enthusiasts. We do not knowingly collect personal data from anyone under the age of 18. If you believe a child has created an account, please contact us at support@profitgarage.co.uk and we will delete the account promptly.

We may update this Privacy Policy from time to time. Significant changes will be communicated to registered users via email or in-app notification at least 14 days before taking effect.

The current version is always available at profitgarage.co.uk/privacy.

For any questions about this Privacy Policy or how we handle your data, contact us at support@profitgarage.co.uk.