Privacy Policy

Effective Date: 07-06-2025

This Privacy Policy describes how BuiltThis Software ("us", "we", or "our"), based and operating across the UK (England, Scotland, Wales, Northern Ireland), collects, uses, and discloses your personal data when you use our BuiltThis Software applications and services (the "Services").

We are committed to protecting your privacy and handling your data in an open and transparent manner, in compliance with UK data protection laws, including the UK GDPR. This policy explains what personal data we collect, how we use it, who we share it with, and your rights regarding your data.

We are the data controller responsible for your personal data processed under this policy.

1. Data We Collect

We aim to collect as little personal data as possible. We collect the following personal data from you:

• Account Data: The only information required to create an account is your email address.
• Payment Data: While we use Stripe to process payments, we receive limited data related to your transactions from Stripe, such as the date, time, amount, currency, and a payment transaction ID. We do not receive or store your full payment card details.
• Usage Data: Information about how you use the Services, such as features used, actions taken (e.g., initiating a report), duration of use, and interaction with Premium Services (e.g., successful report generation).
• Communication Data: Records of any correspondence and communication with us, such as support requests or emails sent to [email protected].
• Technical Data: Information about the device and connection you use to access the Services, including IP address, browser type and version, operating system, and device identifiers.

We do not collect your name, physical address, or any other personal identifiers beyond your email address for account purposes. Any information you input into the Car Inspector application related to a vehicle is processed to generate the Report but is not stored or linked to your personal Account data after the Report is generated, other than a record of the successful use of a Token.

2. How We Use Your Data (Purpose and Legal Basis)

We use your personal data for the following purposes, based on the specified legal bases under UK GDPR:

To Provide and Maintain the Services

To operate the software, manage your Account (using your email), track your Token balance, and deliver the features you use, including generating Reports via the Car Inspector application.

Legal Basis: Performance of a contract (our Terms and Conditions with you).

To Process Transactions

To process your Token purchases via Stripe using payment identifiers and manage billing records.

Legal Basis: Performance of a contract (our Terms and Conditions with you) and Compliance with a legal obligation (e.g., accounting/tax records).

To Improve the Services

To understand user behaviour and interaction with features (e.g., which parts of the guide are used most, usage patterns of premium services), identify technical issues, and develop new features. This is typically done using aggregated or anonymised data where possible.

Legal Basis: Legitimate interests (improving our business and user experience). We ensure our legitimate interests do not override your data protection rights.

To Provide Customer Support

To respond to your inquiries received via email, troubleshoot issues with your Account or the Services, and handle requests such as the right to erasure.

Legal Basis: Performance of a contract (our Terms and Conditions with you) or Legitimate interests (addressing user queries and managing support).

To Ensure Security and Prevent Fraud

To protect the Services, your Account, and other users from fraudulent or malicious activity, using data such as IP addresses and usage patterns.

Legal Basis: Legitimate interests (protecting our business and users) and Compliance with a legal obligation (e.g., preventing financial crime).

To Communicate with You

To send you important information about your Account, Service updates, changes to terms or policies via the email address provided.

Legal Basis: Performance of a contract (important service updates) or Legitimate interests (operational communications). We do not use your email for marketing communications unless we obtain your explicit consent separately.

3. Sharing Your Data

We share your personal data only when necessary for the purposes described above:

Service Providers

Third-party companies that perform services on our behalf:

• Stripe: For payment processing. When you purchase tokens, payment details are provided directly to Stripe. We receive limited transaction data (like amount and a payment ID) from Stripe. Stripe acts as a separate data controller or joint data controller for the payment data they process. Please refer to Stripe's Privacy Policy (https://stripe.com/gb/privacy) for details on how they handle your payment data.

These service providers are contractually bound to only process personal data according to our instructions and applicable data protection laws.

Legal and Regulatory Authorities

If required by law, court order, or governmental request.

Business Transfers

In connection with a merger, acquisition, or sale of all or a portion of our assets, your data may be transferred to the acquiring entity.

With Your Consent

We may share your data with other parties when we have your explicit consent.

4. International Transfers

We are based in the UK. However, some of our service providers (including potentially Stripe and cloud hosting providers depending on their infrastructure) may be located outside the UK or the European Economic Area (EEA).

When we transfer your personal data to a country outside the UK/EEA that is not deemed to have adequate data protection laws by the UK government or European Commission, we ensure appropriate safeguards are in place. These may include:

• Transferring to countries covered by UK adequacy regulations (e.g., the EU-US Data Privacy Framework for transfers to certified US entities).
• Using standard contractual clauses approved by the UK government, combined with supplementary technical and organisational measures where necessary.

By using our Services, you understand that your personal data may be transferred to and stored in countries outside the UK/EEA.

5. Data Security

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. Given the minimal nature of the data we collect (primarily email and payment IDs), these measures are proportionate to the risk. However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Your email address (Account Data) is retained for the duration your Account is active. Payment IDs are retained for as long as required for accounting and potential dispute resolution purposes related to transactions. Usage Data is typically retained for analytical purposes for a limited time or processed in an aggregated/anonymised form for longer periods. Communication Data is retained for as long as necessary to resolve your query and for a short period afterwards for record-keeping.

Upon termination of your Account (see Section 7 below), your email address and most associated usage data will be deleted or anonymised within a reasonable timeframe, except for data we are legally required to retain (e.g., financial records linked by payment ID for tax purposes).

7. Your Data Protection Rights (UK GDPR)

Under UK GDPR, you have certain rights regarding your personal data:

• The right to access: You have the right to request a copy of the personal data we hold about you.
• The right to rectification: You have the right to request that we correct any information you believe is inaccurate or incomplete.
• The right to erasure ('right to be forgotten'): You have the right to request that we erase your personal data under certain conditions.
• The right to restrict processing: You have the right to request that we restrict the processing of your personal data under certain conditions.
• The right to object to processing: You have the right to object to our processing of your personal data under certain conditions, particularly where the legal basis is legitimate interests.
• The right to data portability: You have the right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions (note: this right applies to data provided by you or generated by your use, where processing is based on consent or contract).
• The right to withdraw consent: Where we process your data based on consent (e.g., for marketing, if applicable), you have the right to withdraw that consent at any time. (Note: We do not currently use consent for processing the data listed in Section 1).

If you make a request, we have one calendar month to respond to you.

To exercise any of these rights, including your right to erasure, please contact us using the details in Section 10 below. We may need to request specific information from you (such as the email address linked to your account) to help us confirm your identity.

8. Complaints

If you have concerns about our use of your personal data, you have the right to make a complaint to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

9. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. We may also inform you via email or through a prominent notice on our Services if the changes are significant.

10. Contact Us

If you have any questions about this Privacy Policy, the data we hold on you, or you would like to exercise one of your data protection rights, please contact us:

By email: [email protected]