arrow_back Back to Home
Legal

Privacy Policy

How we collect, use, and protect your personal data — designed around GDPR from day one.

scheduleLast updated: March 2026

NudgeDriver is committed to protecting your privacy. This policy explains what data we collect, why we collect it, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.

1. Who We Are

NudgeDriver Ltd is registered in England & Wales. We are the data controller for personal data collected through nudgedriver.co.uk and our platform services. For any data protection queries, contact us at privacy@nudgedriver.co.uk.

2. Data We Collect

2.1 Account Holders (Registered Drivers)

  • Name and email address (for account creation and notifications)
  • Phone number (for WhatsApp and SMS delivery)
  • Vehicle registration mark (to link your QR sticker to your account)
  • Notification preferences and communication settings
  • Billing information (processed securely via our payment provider — we do not store card details)

2.2 Scanners (People Who Scan a QR Sticker)

  • We collect minimal data from scanners: the IP address of the device that scanned the QR code. This is used only for abuse prevention and rate limiting, and is anonymised (last octet zeroed) after 30 days. We do not collect names, emails, or phone numbers from scanners.
  • No account, name, email, or device identity is required or stored
  • Message content typed by the scanner is processed by AI, delivered to the driver, and retained for up to 90 days for abuse prevention and audit purposes, then deleted

2.3 Technical Data

  • IP addresses (anonymised after processing, used for security and abuse prevention)
  • Browser type and device information (for security and abuse prevention)
  • Cookie data (see our Cookies Policy)

3. How We Use Your Data

  • To deliver the service: sending notifications to your preferred channels (WhatsApp, SMS, push)
  • To moderate messages: AI processing of incoming scan messages before delivery to you
  • To manage your account: billing, sticker replacement, notification history
  • For safety: detecting and routing emergency scans appropriately
  • To improve the platform: aggregated, anonymised analytics on scan patterns
  • To communicate with you: service updates, account notices, and (with your consent) product news

4. Legal Basis for Processing

  • Contract performance: processing your data to deliver the service you signed up for
  • Legitimate interests: security, fraud prevention, service improvement
  • Consent: marketing communications (you can withdraw at any time)
  • Legal obligation: compliance with UK law where required

5. Data Sharing

We do not sell your personal data. We share data only with:

  • WhatsApp / Meta: to deliver WhatsApp notifications (governed by Meta's terms)
  • SMS providers: to deliver SMS messages to your registered phone number
  • AI processing providers: message content is passed to our AI pipeline for moderation (processed under strict data processing agreements)
  • Payment processors: for billing (we use PCI-compliant third parties and never store card data)
  • Legal authorities: if required by UK law or court order

6. Data Retention

  • Account data: retained while your account is active and for 90 days after deletion
  • Message content: retained for up to 90 days for abuse prevention, then deleted
  • Scanner IP addresses: anonymised within 30 days of collection
  • Billing records: 7 years (UK legal requirement)

7. Your Rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Rectification of inaccurate data
  • Erasure ("right to be forgotten") — request deletion of your account and data
  • Restriction of processing in certain circumstances
  • Data portability — receive your data in a machine-readable format
  • Object to processing based on legitimate interests
  • Withdraw consent for marketing at any time

To exercise any right, email privacy@nudgedriver.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

8. Security

We implement industry-standard security measures including encryption in transit (TLS), encrypted QR tokens, access controls, and regular security reviews. No system is 100% secure — if you believe your account has been compromised, contact us immediately.

9. International Transfers

Your data is processed primarily in the UK and EEA. Where data is transferred outside these regions (e.g. AI processing infrastructure), we ensure appropriate safeguards are in place under UK GDPR Article 46.

10. Changes to This Policy

We may update this policy from time to time. We will notify registered users of material changes by email. Continued use of the platform after changes constitutes acceptance of the updated policy.

11. Contact

NudgeDriver Ltd · privacy@nudgedriver.co.uk · Registered in England & Wales