AutoChain
Get started
Legal

Privacy Policy

Effective date: 31 May 2026

AutoChain Limited ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website and services, in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

AutoChain Limited is the data controller for the personal data we process through our platform. Our registered office is at Gladstone Place, Brighton, BN2 3QE, United Kingdom. We are registered with the Information Commissioner (IC, formerly ICO) as required under the Data Protection Act 2018.

You can contact our data protection contact at: privacy@autochain.co.uk

2. Information We Collect

2.1 Information You Provide

  • Account information: name, email address, phone number, postal address
  • Vehicle information: registration, make, model, year, service history
  • Service records: maintenance history, receipts, photographs, service provider details
  • Payment information: billing address (payment card details are processed by our payment providers)
  • Communications: messages, reviews, support requests and feedback

2.2 Information We Collect Automatically

  • Technical data: IP address, browser type, device information, operating system
  • Usage data: pages visited, time spent, features used, click patterns
  • Cookies and tracking: see our Cookie Policy for full details

2.3 Information from Third Parties

  • Vehicle data: publicly available information from DVLA records
  • Payment processors: transaction confirmations and payment status

3. How We Use Your Information

We process your personal data to provide and maintain our platform, create and manage your account, process payments, store and manage vehicle service records, send service reminders and notifications, improve our services, prevent fraud and ensure platform security, and comply with legal obligations.

Legal bases: contract performance, legitimate interests, consent (for marketing), and legal obligation.

4. For Garage Customers (End Users)

When your garage uploads your vehicle service records to AutoChain, your garage remains responsible for the accuracy of the data they submit. AutoChain securely stores your service history to create a tamper-resistant digital record.

Vehicle service history records (including dates of service, work carried out, mileage, and parts used) may be disclosed to authorised third parties as described in Section 5 below. This is a core function of the AutoChain platform. Your data is not sold. AutoChain does not sell your personal data.

5. How We Share Your Information

We do not sell your personal data. We may share information in the following circumstances:

  • Vehicle service history, third-party disclosure: As part of providing the AutoChain platform, verified vehicle service history records (including service dates, work carried out, mileage at service, and parts fitted) may be shared with authorised third parties. This includes but is not limited to: vehicle history check providers, insurers, finance companies, warranty providers, and prospective vehicle purchasers or their agents who query a vehicle's history. Such sharing is carried out on the basis of legitimate interests (maintaining accurate and trustworthy vehicle provenance records) and, where applicable, with the consent of the garage or vehicle owner. Records are shared at vehicle registration mark (VRM) level and do not include personal contact information unless expressly authorised.
  • Platform service providers: Payment processors, cloud hosting and storage providers, customer support tools, and analytics providers, limited to what is necessary for them to provide their services to us.
  • Legal obligation: Where required by law, court order, or regulatory authority.
  • Business transfer: In the event of a merger, acquisition, or sale of assets, subject to the same privacy protections applying to any transferred data.

6. Data Security

We implement appropriate technical and organisational measures including encryption in transit and at rest, strict access controls, regular security assessments, staff training on data protection, and incident response procedures.

7. International Data Transfers

Your data is primarily stored and processed within the UK and EEA. Where data is transferred outside the UK, we ensure appropriate safeguards are in place. For transfers from the UK, we rely on adequacy regulations or the IC's International Data Transfer Agreement (IDTA) as the appropriate transfer mechanism under UK GDPR.

8. Data Retention

  • Account data: until you delete your account plus 30 days
  • Service records: 7 years (for warranty and legal purposes)
  • Transaction data: 7 years (accounting and tax)
  • Communications: 3 years unless longer retention is required
  • Marketing data: until you withdraw consent or 2 years of inactivity

9. Your Rights

Under UK GDPR you have the following rights regarding your personal data:

  • Right of access, request a copy of the personal data we hold about you
  • Right to rectification, ask us to correct inaccurate or incomplete data
  • Right to erasure, request deletion of your data in certain circumstances
  • Right to restrict processing, ask us to pause processing in certain circumstances
  • Right to data portability, receive your data in a structured, machine-readable format
  • Right to object, object to processing based on legitimate interests or for direct marketing
  • Rights related to automated decision-making, not to be subject to solely automated decisions that produce significant legal or similarly significant effects (we do not currently use automated decision-making of this kind)
  • Right to withdraw consent, where processing is based on your consent, you may withdraw it at any time without affecting prior processing
  • Right to complain, lodge a complaint with AutoChain or with the IC (formerly ICO) if you believe your data has not been handled lawfully (see below)

To exercise any of these rights, contact privacy@autochain.co.uk or use our online request form. We will respond within one month. There is no charge for making a request, though we may charge a reasonable fee for manifestly unfounded or excessive requests.

Right to Complain

If you believe AutoChain has not handled your personal data in accordance with UK GDPR, you have the right to complain. We ask that you contact us first so we have the opportunity to address your concern:

We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. If we need more time, we will let you know.

If you are not satisfied with our response, or if you prefer to contact the supervisory authority directly, you may lodge a complaint with the Information Commissioner (IC, formerly ICO):

  • Website: ico.org.uk/make-a-complaint
  • Telephone: 0303 123 1113
  • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

10. Cookies

We use cookies and similar technologies to improve your experience. See our Cookie Policy for full details.

11. Children's Privacy

Our services are not intended for children under 18. We do not knowingly collect personal information from children under 18.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice on our platform at least 14 days before they take effect. Where we need to obtain fresh consent for any changed processing, we will do so explicitly. The current version will always be available on this page with the effective date shown above.

13. Contact Us