HaulGuard

Privacy Policy

Last updated: 28 June 2026

Draft template. This document is a starting point and must be reviewed and completed by a qualified legal adviser (and your registered company/ICO details inserted) before HaulGuard is offered to paying customers.

This policy explains how HaulGuard (“we”, “us”) processes personal data when you use our DVSA walkaround compliance platform, in accordance with the UK GDPR and the Data Protection Act 2018.

1. Data controller

[Registered company name], [registered address], ICO registration [number]. For any privacy query contact our Data Protection point of contact at privacy@haulguard.app.

Where your employer (the fleet operator) determines how their team’s data is used, they are the controller and HaulGuard acts as their processor under a Data Processing Agreement.

2. Personal data we process

  • Account & identity: name, email, role, company.
  • Driver compliance data: driving licence number and expiry, CPC card and digital tachograph card expiry.
  • Inspection data: walkaround check records, defect notes, photographs, handwritten signatures, and the GPS location captured at submission.
  • Technical data: device/browser information and, with your consent, product-analytics and error-session-replay data.
  • Billing data: subscription status and invoices (card details are handled directly by Stripe; we never store them).

3. Why we process it (lawful bases)

  • Contract — to provide the service to you and your employer.
  • Legal obligation / legitimate interest — to support DVSA roadworthiness record-keeping and to secure and debug the service.
  • Consent — for non-essential analytics and session replay (you can withdraw consent at any time; see our Cookie Policy).

4. Sharing & sub-processors

We share data only with the processors needed to run the service:

  • Supabase — application database, authentication and file storage.
  • Vercel — application hosting.
  • Stripe — subscription billing.
  • Resend — transactional email.
  • Sentry — error monitoring (and session replay, only with consent).
  • PostHog — product analytics (only with consent).

5. Retention

Inspection and defect records are retained for at least 15 months to support DVSA roadworthiness requirements, and may be retained longer where required by law. Account data is kept for the life of the account and deleted on request thereafter, subject to the retention obligations above.

6. Your rights

You have the right to access, rectify, erase, restrict and port your personal data, and to object to processing. To exercise any of these rights, email privacy@haulguard.appand we will respond within one month as required by the UK GDPR. Note that inspection and defect records may be retained for the DVSA record-keeping period (see Retention) even after an erasure request, where we have a legal obligation to keep them. You may also complain to the Information Commissioner’s Office (ico.org.uk).

7. International transfers & security

Where data is processed outside the UK, appropriate safeguards (e.g. UK adequacy or Standard Contractual Clauses) apply. We protect data with encryption in transit, access controls and tenant isolation.

8. Changes

We will update this policy as needed and revise the date above.

See also: Privacy · Terms · Cookies