Privacy Policy

Last updated: 20 April 2026

This Privacy Policy explains how Get Car Wise Ltd ("we", "us", "our") collects, uses, stores, and protects your personal data when you use our website at getcarwise.co.uk and all associated vehicle report services (collectively, the "Service"). We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using the Service, you acknowledge that you have read and understood this Privacy Policy. This policy should be read together with our Terms of Service.

1. Data Controller

Get Car Wise Ltd (company number 17154539, registered office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ) is the data controller responsible for your personal data. If you have any questions about this policy or your data, contact us at hello@getcarwise.co.uk.

2. What Data We Collect

Data Type	What We Collect	Why
Vehicle data	Registration numbers you search for	To generate your vehicle report
Payment data	Payment card details (processed by Stripe - we do not store card numbers)	To process payments for paid reports
Contact data	Email address (if provided for report delivery)	To deliver reports and respond to support requests
Technical data	IP address (hashed, one-way), browser type, device information, pages visited	To operate and secure the website, analyse usage, prevent abuse
Watch This Car data	Email address (encrypted), registration number, consent preferences, consent timestamp, hashed IP, user agent	To issue your promo code, send vehicle status notifications (if opted in), and marketing (if opted in)

We do not collect any special categories of personal data (e.g., health, race, biometric data).

3. How We Use Your Data

We use your personal data for the following purposes:

Service delivery - generating and delivering vehicle reports you request
Report delivery by email - sending your report PDF to the email address you provide (transactional email, no consent required)
Payment processing - handling transactions for paid reports via Stripe
Marketing communications - if you opt in, we will send you promotional emails including discount codes, used car buying tips, and exclusive offers. You can unsubscribe at any time (see Section 3a below)
Customer support - responding to enquiries and refund requests
Service improvement - understanding how our service is used to improve it (only with your consent via our cookie banner)
Legal compliance - meeting our legal and regulatory obligations

We do not sell your personal data to third parties. We do not send marketing emails unless you have explicitly opted in.

3a. Marketing Communications

When generating a report, you may choose to opt in to receive marketing emails from Get Car Wise by ticking the marketing consent checkbox. This is entirely optional and does not affect your report.

What marketing emails contain:

Discount codes and promotional offers (e.g., 10% off your next report)
Used car buying tips and guides
New feature announcements
Exclusive deals and offers

How to unsubscribe: Every marketing email contains an unsubscribe link. You can also unsubscribe by:

Clicking the unsubscribe link in any marketing email (processed instantly)
Emailing hello@getcarwise.co.uk with the subject "Unsubscribe"
Using our data erasure facility to delete all your data including your marketing subscription

Marketing subscriber data (your email address and subscription status) is stored and managed by Resend, Inc., our email service provider, acting as a data processor under a signed Data Processing Agreement. Your marketing subscription data is not stored in our own database.

Unsubscribing from marketing emails does not affect transactional emails (e.g., report delivery).

3b. Watch This Car / Promo Code Feature

When you use the "Watch This Car" feature on our website, we collect and process the following data:

Email address - encrypted at rest using AES-256-GCM. We store a one-way HMAC-SHA256 hash of your email for deduplication (so we can recognise returning subscribers without decrypting stored emails).
Vehicle registration number (VRM) - the registration plate you are watching.
Consent preferences - whether you opted in to vehicle status notifications ("car alerts") and/or marketing communications, stored as separate flags.
Consent timestamp - the exact date and time you submitted the form, recorded for GDPR accountability.
Hashed IP address - a one-way HMAC-SHA256 hash of your IP address, used solely for abuse prevention (rate limiting, bot detection). The original IP address is not stored.
User agent - your browser identifier string, sanitised and truncated, stored for abuse prevention only.

Lawful basis: Consent (explicit opt-in). You must tick the consent checkbox before submitting. This is not pre-ticked.

Purpose: We use this data to:

Generate and send you a unique one-time promo code for a discounted premium report
Send vehicle status notifications for the registration you are watching (if you opted in to car alerts)
Send marketing communications including buying tips and offers (only if you separately opted in to marketing)

Promo codes: Each promo code is unique, one-time use, and expires 30 days after issue. Once redeemed or expired, the code cannot be used again. We record when a code is redeemed.

Security measures: We implement a honeypot field (invisible to real users, catches automated bots) and a minimum time-on-page check to prevent automated abuse. Submissions that fail these checks are silently discarded - no data is stored.

Retention: Watch This Car data is retained until you request deletion or unsubscribe. You can request erasure at any time by emailing hello@getcarwise.co.uk, which will permanently delete your encrypted email, registration, promo code, and all associated metadata from our database.

Email delivery: Welcome emails and promo codes are sent via Resend, Inc. (our email processor). Your email address is shared with Resend solely for the purpose of delivering these transactional emails.

3c. localStorage Usage

We use your browser's localStorage (not cookies) for the following purposes:

Cookie consent preference - to remember whether you accepted or rejected analytics
Watch This Car modal state - to prevent the sign-up modal from re-appearing after you have already seen or dismissed it

localStorage data never leaves your device and is not transmitted to our servers. It contains no personal information and is not used for tracking. You can clear it at any time via your browser settings.

4. Legal Basis for Processing

Contract - processing necessary to deliver the report you requested and paid for
Legitimate interest - website security, fraud prevention, service improvement
Consent - marketing communications, Watch This Car notifications, and promo code delivery (explicit opt-in required for each)
Legal obligation - tax records, regulatory compliance

5. Third-Party Data Processors

We share data with the following third-party processors, only as necessary to provide our service:

Stripe, Inc. - payment processing. Card details are handled directly by Stripe (PCI DSS Level 1 certified) and never touch our servers. Stripe's privacy policy: stripe.com/privacy
Resend, Inc. - email delivery and marketing subscriber management. We share your email address with Resend to: (a) deliver your report PDF via transactional email, and (b) if you have opted in, manage your marketing subscription. Resend acts as a data processor under a signed Data Processing Agreement (DPA). Resend stores marketing subscriber data (email address and subscription status only) on their infrastructure in the United States, with appropriate safeguards under UK GDPR. Resend's privacy policy: resend.com/legal/privacy-policy
DVLA / DVSA - vehicle registration and MOT data lookups (we send only the registration number; no personal data about you is shared)
Check Car Details Ltd - licensed vehicle data provider for vehicle history checks, specifications, valuations, and images. We send only the vehicle registration number; no personal data about you is shared. Check Car Details acts as a data processor for vehicle data lookups only
Railway, Inc. - server hosting infrastructure (backend API)
Netlify, Inc. - frontend website hosting and content delivery. Netlify processes visitor IP addresses and request metadata as part of serving web pages. No personal data is explicitly shared by us; processing occurs as part of standard web hosting. Netlify's DPA applies automatically under their terms of service.
Google LLC - website analytics (Google Analytics in cookieless mode). Only activated after you consent via our cookie banner. IP addresses are not sent to Google. Anonymised page view data only.

All third-party processors are required to process your data only for the purposes we specify and in accordance with data protection law. We have Data Processing Agreements in place with processors where required. We only share the minimum data necessary for each processor to perform its function.

We do not sell, rent, trade, or otherwise share your personal data with third parties for their own marketing purposes.

6. Data Retention

Report data and email addresses - retained for up to 30 days, then automatically deleted from our systems
Watch This Car data - retained until you request deletion or unsubscribe. Promo codes expire 30 days after issue. You can request erasure at any time via hello@getcarwise.co.uk
Payment records - retained for up to 7 years as required by UK tax and accounting regulations (held by Stripe)
Technical logs - retained for up to 90 days for security and debugging purposes
Marketing subscriber data - retained by Resend until you unsubscribe or request erasure. When you unsubscribe, your email is marked as unsubscribed. When you request erasure, your data is permanently deleted from Resend
Analytics data - anonymised page view counts only; IP addresses are hashed and cannot be reversed

7. Cookies and Analytics

We do not use traditional tracking cookies. We use your browser's localStorage for essential preferences only (see Section 3c above).

Analytics: If you accept analytics via our cookie consent banner, we record anonymised page views using Google Analytics in cookieless mode to understand how people use the Service. We do not use advertising cookies, third-party tracking pixels, or fingerprinting. IP addresses are not sent to Google. No analytics tracking occurs until you have given explicit consent.

No third-party trackers: We do not use Facebook Pixel, advertising networks, retargeting scripts, or any other third-party tracking technology.

You can change your analytics preference at any time by clearing your browser's localStorage for getcarwise.co.uk, which will cause the consent banner to reappear on your next visit.

We comply with the Privacy and Electronic Communications Regulations 2003 (PECR).

8. Your Rights (UK GDPR)

Under the UK GDPR, you have the following rights:

Right of access - request a copy of the personal data we hold about you
Right to rectification - request correction of inaccurate data
Right to erasure - request deletion of your personal data (subject to legal retention requirements)
Right to restrict processing - request limitation of how we use your data
Right to data portability - receive your data in a structured, machine-readable format
Right to object - object to processing based on legitimate interest
Right to withdraw consent - where processing is based on consent, you can withdraw at any time

To exercise any of these rights, contact us at hello@getcarwise.co.uk. We will respond within 30 days.

Automated data erasure: You can request immediate deletion of all data associated with your email address (reports, email records, and marketing subscriptions) by emailing us. We also provide a programmatic erasure endpoint that permanently deletes all your data from both our systems and our third-party processors (Resend).

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data rights have been violated.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

Encrypted connections (HTTPS/TLS) for all data in transit
AES-256-GCM encryption for email addresses stored at rest
HMAC-SHA256 hashing for IP addresses and email deduplication (one-way, not reversible)
Secure payment processing via Stripe (PCI DSS compliant) - we never see or store your full card details
Honeypot and time-based anti-bot measures on all forms
Rate limiting on all API endpoints to prevent abuse
Access controls and authentication on our systems
Regular review of our security practices

While we take reasonable steps to protect your data, no system is 100% secure. We cannot guarantee absolute security of data transmitted over the internet or stored on our systems.

9a. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, as required by UK GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

10. International Transfers

Your data is primarily processed within the UK and European Economic Area. Where data is transferred to processors outside these regions (e.g., cloud infrastructure), we ensure appropriate safeguards are in place as required by UK GDPR.

11. Children

Our service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date.

13. Contact

For any questions about this Privacy Policy or to exercise your data rights:

Get Car Wise Ltd
Company number: 17154539
71-75 Shelton Street, Covent Garden, London, WC2H 9JQ
hello@getcarwise.co.uk