fleetmark

Legal

Privacy policy

Last updated April 2026

1. Who we are

FleetMark ("we", "us", "our") operates a web-based vehicle condition reporting and fleet compliance platform for UK fleet operators. Questions about your data go to hello@fleetmark.co.uk.

2. What we collect

Account data

Your name, email, and password (stored as a hash — never plain text). If you are part of an organisation, your role and membership.

Vehicle data

Registration, make, model, colour, MOT and tax status. Retrieved from the DVLA when you enter a registration.

Record data

Checklist items, defect notes, photos, signatures, mileage, fuel level, GPS coordinates at the time of the record. Submitted by you during a walkaround or handover.

Technical data

IP address, browser, device, operating system, and usage metrics such as pages visited. Collected automatically to keep the service running.

Payment data

Handled entirely by Stripe. We never store card numbers. See Stripe's privacy policy.

3. How we use your data

  • Operate the service and generate records.
  • Look up vehicle data from the DVLA on your behalf.
  • Send transactional notifications — record confirmations, account updates.
  • Process payments and manage your subscription.
  • Maintain security, detect fraud, troubleshoot issues.
  • Improve the product using aggregated, non-identifiable data.

4. Legal basis

Under UK GDPR, we rely on:

  • Contract performance— to provide the service you signed up for.
  • Legitimate interests— to run, secure, and improve the platform. Balanced against your rights.
  • Consent— for optional marketing. Withdraw at any time.

5. Who we share data with

We never sell your data. Data is shared only with service providers acting as processors for us:

  • Supabase — database and authentication (EU region).
  • Vercel — application hosting.
  • Resend — transactional email.
  • Stripe — payment processing.
  • DVLA — vehicle data lookup.

We may disclose data if required by law or to protect the rights, safety, or property of FleetMark, our users, or the public.

6. Retention

  • Account data— kept while your account is active. On closure, deleted within 30 days unless we must retain it by law.
  • Record data— retained for 15 months minimum (DVSA requirement for daily walkarounds). Longer retention available on Enterprise. Earlier deletion on request where legally permitted.
  • Technical data— up to 12 months, then deleted or anonymised.

7. Your rights

Under UK GDPR you have the right to:

  • Access — receive a copy of the data we hold about you.
  • Rectification — correct inaccurate data.
  • Erasure — delete your data, subject to legal retention.
  • Portability — receive your data in a machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Restrict processing — limit how we use your data in certain cases.

To exercise any of these, email hello@fleetmark.co.uk. We respond within one month.

You also have the right to complain to the Information Commissioner's Office at ico.org.uk.

8. Cookies

We use strictly necessary authentication cookies only. No advertising, no third-party tracking. See our cookie policy for details.

9. International transfers

Your data is primarily stored in the UK/EU (Supabase EU region). Where data transits outside the UK/EU (e.g. Vercel's edge network), we rely on appropriate safeguards including standard contractual clauses.

10. Children

FleetMark is not intended for anyone under 18. We do not knowingly collect data from children. Contact us if you believe this has happened and we will delete it promptly.

11. Changes

We may update this policy. Material changes will be flagged at least 30 days before they take effect, by email or by notice within the service.

12. Contact

hello@fleetmark.co.uk.