Privacy Policy

Last updated: 9 March 2026

This Privacy Policy explains how Get Car Wise ("we", "us", "our") collects, uses, stores, and protects your personal data when you use our website at getcarwise.co.uk and all associated vehicle report services (collectively, the "Service"). We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using the Service, you acknowledge that you have read and understood this Privacy Policy. This policy should be read together with our Terms of Service.

1. Data Controller

Get Car Wise is the data controller responsible for your personal data. If you have any questions about this policy or your data, contact us at hello@getcarwise.co.uk.

2. What Data We Collect

Data Type	What We Collect	Why
Vehicle data	Registration numbers you search for	To generate your vehicle report
Payment data	Payment card details (processed by Stripe — we do not store card numbers)	To process payments for paid reports
Contact data	Email address (if provided for report delivery)	To deliver reports and respond to support requests
Technical data	IP address, browser type, device information, pages visited	To operate and secure the website, analyse usage

We do not collect any special categories of personal data (e.g., health, race, biometric data).

3. How We Use Your Data

We use your personal data for the following purposes:

Service delivery — generating and delivering vehicle reports you request
Report delivery by email — sending your report PDF to the email address you provide (transactional email, no consent required)
Payment processing — handling transactions for paid reports via Stripe
Marketing communications — if you opt in, we will send you promotional emails including discount codes, used car buying tips, and exclusive offers. You can unsubscribe at any time (see Section 3a below)
Customer support — responding to enquiries and refund requests
Service improvement — understanding how our service is used to improve it (only with your consent via our cookie banner)
Legal compliance — meeting our legal and regulatory obligations

We do not sell your personal data to third parties. We do not send marketing emails unless you have explicitly opted in.

3a. Marketing Communications

When generating a report, you may choose to opt in to receive marketing emails from Get Car Wise by ticking the marketing consent checkbox. This is entirely optional and does not affect your report.

What marketing emails contain:

Discount codes and promotional offers (e.g., 10% off your next report)
Used car buying tips and guides
New feature announcements
Exclusive deals and offers

How to unsubscribe: Every marketing email contains an unsubscribe link. You can also unsubscribe by:

Clicking the unsubscribe link in any marketing email (processed instantly)
Emailing hello@getcarwise.co.uk with the subject "Unsubscribe"
Using our data erasure facility to delete all your data including your marketing subscription

Marketing subscriber data (your email address and subscription status) is stored and managed by Resend, Inc., our email service provider, acting as a data processor under a signed Data Processing Agreement. Your marketing subscription data is not stored in our own database.

Unsubscribing from marketing emails does not affect transactional emails (e.g., report delivery).

4. Legal Basis for Processing

Contract — processing necessary to deliver the report you requested and paid for
Legitimate interest — website security, fraud prevention, service improvement
Consent — marketing communications (where applicable)
Legal obligation — tax records, regulatory compliance

5. Third-Party Data Processors

We share data with the following third-party processors, only as necessary to provide our service:

Stripe, Inc. — payment processing. Card details are handled directly by Stripe (PCI DSS Level 1 certified) and never touch our servers. Stripe's privacy policy: stripe.com/privacy
Resend, Inc. — email delivery and marketing subscriber management. We share your email address with Resend to: (a) deliver your report PDF via transactional email, and (b) if you have opted in, manage your marketing subscription. Resend acts as a data processor under a signed Data Processing Agreement (DPA). Resend stores marketing subscriber data (email address and subscription status only) on their infrastructure in the United States, with appropriate safeguards under UK GDPR. Resend's privacy policy: resend.com/legal/privacy-policy
DVLA / DVSA — vehicle registration and MOT data lookups (we send only the registration number; no personal data about you is shared)
Check Car Details Ltd — licensed vehicle data provider for vehicle history checks, specifications, valuations, and images. We send only the vehicle registration number; no personal data about you is shared. Check Car Details acts as a data processor for vehicle data lookups only
Railway, Inc. — server hosting infrastructure

All third-party processors are required to process your data only for the purposes we specify and in accordance with data protection law. We have Data Processing Agreements in place with processors where required. We only share the minimum data necessary for each processor to perform its function.

We do not sell, rent, trade, or otherwise share your personal data with third parties for their own marketing purposes.

6. Data Retention

Report data and email addresses — retained for up to 30 days, then automatically deleted from our systems
Payment records — retained for up to 7 years as required by UK tax and accounting regulations (held by Stripe)
Technical logs — retained for up to 90 days for security and debugging purposes
Marketing subscriber data — retained by Resend until you unsubscribe or request erasure. When you unsubscribe, your email is marked as unsubscribed. When you request erasure, your data is permanently deleted from Resend
Analytics data — anonymised page view counts only; IP addresses are hashed and cannot be reversed

7. Cookies and Analytics

We use the following types of storage on your device:

Essential localStorage — we store your cookie consent preference (accepted or rejected) in your browser's localStorage. This is necessary to remember your choice and is not a cookie.
Analytics tracking — if you accept analytics via our cookie consent banner, we record anonymised page views to understand how people use the Service. We do not use advertising cookies, third-party tracking pixels, or fingerprinting. IP addresses are cryptographically hashed (one-way, irreversible) before storage.

You can change your analytics preference at any time by clearing your browser's localStorage for getcarwise.co.uk, which will cause the consent banner to reappear on your next visit.

We comply with the Privacy and Electronic Communications Regulations 2003 (PECR) — no analytics tracking occurs until you have given explicit consent.

8. Your Rights (UK GDPR)

Under the UK GDPR, you have the following rights:

Right of access — request a copy of the personal data we hold about you
Right to rectification — request correction of inaccurate data
Right to erasure — request deletion of your personal data (subject to legal retention requirements)
Right to restrict processing — request limitation of how we use your data
Right to data portability — receive your data in a structured, machine-readable format
Right to object — object to processing based on legitimate interest
Right to withdraw consent — where processing is based on consent, you can withdraw at any time

To exercise any of these rights, contact us at hello@getcarwise.co.uk. We will respond within 30 days.

Automated data erasure: You can request immediate deletion of all data associated with your email address (reports, email records, and marketing subscriptions) by emailing us. We also provide a programmatic erasure endpoint that permanently deletes all your data from both our systems and our third-party processors (Resend).

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data rights have been violated.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

Encrypted connections (HTTPS/TLS) for all data in transit
Secure payment processing via Stripe (PCI DSS compliant) — we never see or store your full card details
Access controls and authentication on our systems
Regular review of our security practices

While we take reasonable steps to protect your data, no system is 100% secure. We cannot guarantee absolute security of data transmitted over the internet or stored on our systems.

9a. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, as required by UK GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

10. International Transfers

Your data is primarily processed within the UK and European Economic Area. Where data is transferred to processors outside these regions (e.g., cloud infrastructure), we ensure appropriate safeguards are in place as required by UK GDPR.

11. Children

Our service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date.

13. Contact

For any questions about this Privacy Policy or to exercise your data rights:

hello@getcarwise.co.uk