Privacy Policy

This Privacy Policy explains how GarageOS Ltd ("GarageOS", "we") collects, uses, stores, and shares personal data when you use garageos.co.uk, our applications, and related services. We are the data controller for driver and visitor data unless stated otherwise. Garages are controllers for their own customer relationships; we process job-related data on their behalf as described below.

1. Data controller and contact

GarageOS Ltd, 123 Shoreditch High Street, London E1 6JE, United Kingdom. Email: sales@tronix-inc.co.zw. Data Protection Officer: sales@tronix-inc.co.zw. You may contact the ICO at ico.org.uk if you are unsatisfied with our response to a complaint.

2. Personal data we collect

Account data: name, email, phone, password hash, account type (driver or garage), and preferences.

Vehicle data: registration number, make, model, fuel type, MOT history from authorised sources, mileage you provide, and maintenance records you create.

Booking data: quotes, messages, photos, job status, payments, reviews, and dispute records.

Garage business data: company name, Companies House details, insurance certificates, bank details for payouts, MOT authorisation numbers, staff users, and workshop photos.

Technical data: IP address, device identifiers, browser type, cookies, log files, and analytics events.

Communications: support tickets, call recordings where disclosed, and survey responses.

We do not intentionally collect special category data unless you volunteer it in free-text fields; please avoid sharing health or other sensitive information in symptom descriptions where not necessary.

3. How we use your data

We use personal data to operate the marketplace: matching drivers with garages, displaying quotes, processing payments, sending booking confirmations and reminders, moderating reviews, providing AI-assisted diagnostics, improving our services, preventing fraud, complying with law, and marketing GarageOS where you have consented or soft opt-in applies for similar products.

Garages receive data necessary to perform booked work, including contact details and vehicle information. Aggregated anonymised statistics may be published or licensed without identifying individuals.

4. Legal bases (UK GDPR)

We rely on: Contract — processing necessary to provide the Platform and fulfil bookings; Legitimate interests — fraud prevention, security, analytics, product improvement, and B2B marketing to garages, balanced against your rights; Consent — optional marketing to drivers, non-essential cookies, and certain AI features where required; Legal obligation — tax, accounting, and regulatory requests; Vital interests — rarely, in emergencies involving safety.

You may withdraw consent at any time without affecting lawfulness of processing before withdrawal. Where we rely on legitimate interests, you may object as described in section 8.

5. Sharing and recipients

We share data with: garages you engage; regulated payment partners supporting open banking transfers; cloud hosting (UK/EU regions); email and SMS providers; analytics tools; customer support platforms; identity and verification vendors; DVLA or DVSA connected services for vehicle lookups; professional advisers; and authorities when legally required.

We require processors under Article 28 UK GDPR contracts. We do not sell personal data. Business transfers may include data as part of merger or acquisition with notice where required.

6. Retention

Active account data is retained while your account exists. Job and payment records are kept for seven years for tax and dispute purposes. Marketing suppression lists are kept indefinitely to honour opt-outs. Logs and security data are typically retained 12–24 months. MOT lookup caches may be refreshed periodically per source licences. Anonymised data may be kept without time limit.

7. Your rights

You have the right to access, rectify, erase, restrict, object, and port data where applicable. You may lodge a complaint with the ICO. To exercise rights, use our GDPR request page or email sales@tronix-inc.co.zw; we respond within one month, extendable for complex requests. We may verify identity before disclosure.

Drivers may manage marketing preferences in account settings. Garages manage their own customer communications in compliance with PECR and UK GDPR.

8. Cookies and similar technologies

See our Cookie Policy for details and preference controls. Essential cookies are necessary for login and security. Analytics and marketing cookies require consent where applicable.

9. Security

We implement encryption in transit (TLS), access controls, staff training, and regular security testing. No system is perfectly secure; report concerns to sales@tronix-inc.co.zw. In case of a personal data breach likely to affect your rights, we will notify you and the ICO as required.

10. International transfers

Data is primarily processed in the UK and EEA. Where processors are outside the UK, we use UK international data transfer agreements, adequacy regulations, or standard contractual clauses. Copies of safeguards are available on request.

11. Automated decision-making

AI features suggest diagnoses, quote fairness, and garage matching scores. These are advisory; significant decisions affecting you are not made solely by automation without human review where legally required. You may request human review of a materially adverse automated outcome related to account restrictions.

12. Children

GarageOS is not directed at under-18s. We do not knowingly collect children's data. Contact us to delete such data if discovered.

13. Changes

We may update this policy with notice for material changes. The "last updated" date reflects the current version.

14. Contact

sales@tronix-inc.co.zw · GarageOS Ltd, 123 Shoreditch High Street, London E1 6JE · Related: Terms, GDPR rights, Complaints.

Processor role for garage customers: When a garage uses GarageOS to manage Jobs, we process driver contact and vehicle data on the garage's instructions to facilitate booking, messaging, and payment. Garages must provide their own privacy information to customers. Our data processing agreement sets out security measures, sub-processors, and breach notification duties.

Marketing: Drivers receive promotional emails only with consent or after a garageOS service enquiry under PECR soft opt-in rules. Every marketing email includes an unsubscribe link. We may show personalised content on the Platform based on your vehicle and booking history under legitimate interests; you may object in settings.

Vehicle lookup data: Registration lookups use DVLA/DVSA licensed channels. We cache results to reduce API calls. You may not use lookup data for unrelated commercial purposes. Mileage recorded on MOT certificates is displayed as supplied by official records; garages may record additional readings at check-in.

Reviews and public content: Reviews you post may display your first name and vehicle make. Garages may respond publicly. You can report reviews that breach our content policy. We moderate for fraud and abuse.

Retention requests: After account deletion, some data persists in backups for a limited period and in aggregated form. Legal holds may delay deletion where litigation or investigation requires.

15. Information for drivers

When you request quotes, garages you select receive your name, phone, email, vehicle details, and fault description. Garages outside your selection do not receive your contact details. You may delete messages in your account; garages may retain records for legal obligations. Payment card details are tokenised by our payment partner; we do not store full card numbers on our servers.

Location data from postcode searches is used to rank garages geographically but we do not continuously track your GPS unless you enable optional features in the mobile app with permission. Push notifications require device tokens stored with your account preferences.

16. Information for garage partners

Garages must maintain their own privacy notices for customers they serve. GarageOS processes driver data on the garage's instructions for Jobs booked through the Platform. Garages must not export Platform data into unrelated marketing lists. Staff user accounts should use role-based access; you are responsible for credentials of employees you authorise.

Verification documents such as insurance certificates are stored securely and reviewed by verification staff. We delete outdated documents when superseded unless law requires retention. Bank details are shared only with payment providers for payouts.

17. Research and product development

We may use anonymised or aggregated data to train fault-diagnosis models, benchmark pricing fairness, and publish industry insights. Individual diagnoses are not sold to insurers without separate consent. Where personal data is used in model training, we apply pseudonymisation and access controls consistent with our DPIA records.

18. Electronic marketing (PECR)

We send service SMS and email without marketing consent because they are necessary for bookings you make. Promotional messages to drivers require opt-in or soft opt-in after a service relationship as permitted by PECR. Garages sending marketing through Platform tools must obtain appropriate consent and honour unsubscribe requests. We maintain suppression lists shared across GarageOS systems to respect opt-outs.

19. Third-party links

Our site may link to garage websites, insurers, or partners. Their privacy practices are not controlled by GarageOS. Review their policies before submitting data. Embedded content such as maps or payment widgets may set their own cookies subject to your consent choices.

20. Supervisory authority and escalation

You have the right to lodge a complaint with the Information Commissioner's Office (Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, ico.org.uk). We encourage you to contact us first so we can address concerns. Our DPO coordinates complex requests and breach notifications. For garage-customer disputes involving personal data, we may clarify each party's role as controller or processor in writing.

Law enforcement: We disclose personal data when required by UK law, court order, or to protect vital interests. We challenge overbroad requests where permitted and document disclosures. Transparency reports summarising request volumes may be published annually.

Accessibility of this policy: You may request this policy in an alternative format. We support screen readers on core flows and continue to improve accessibility under WCAG 2.1 AA targets for public marketing pages.

21. Fraud prevention and monitoring

We process identity signals, device fingerprints, and transaction patterns to detect fake reviews, payment fraud, and duplicate garage accounts. This processing is necessary for our legitimate interests in securing the Platform. Automated risk scores may delay payouts or flag accounts for manual review; you will be notified where action affects your access and may appeal through sales@tronix-inc.co.zw with supporting documentation.

22. Records and accountability

GarageOS maintains records of processing activities as required by Article 30 UK GDPR. We conduct data protection impact assessments for high-risk processing such as large-scale vehicle profiling and AI-assisted triage. Our staff receive annual privacy training. Processor agreements with sub-vendors are reviewed on a rolling basis. A summary of key sub-processors is available to garage partners in the dashboard legal section.

23. Personal data breaches

We maintain an incident response plan. Where a breach is likely to result in risk to individuals, we notify the ICO within 72 hours where required and communicate to affected users without undue delay when the risk is high. Garages must notify us without undue delay if they suspect a breach affecting Platform data so we can coordinate responses.

24. Data minimisation and accuracy

We collect only data needed for stated purposes. Account fields optional for drivers remain optional unless needed for a specific product. You are responsible for accuracy of information you enter; garages must keep business credentials current. We periodically prompt verification refreshes for insurance and MOT authorisation. Outdated data is archived or deleted according to retention schedules above.

Questions: If anything in this policy is unclear, contact sales@tronix-inc.co.zw before using the Platform. We welcome feedback from consumer groups, garage trade associations, and privacy professionals to improve our practices.

Version history: Material changes to this policy are archived and available on request. Previous versions from 2024 and 2025 introduced AI diagnostics transparency, garage processor terms, and expanded cookie disclosures following PECR guidance updates.

By creating an account or continuing to use GarageOS after the last updated date shown on this page, you acknowledge that you have read and understood this Privacy Policy together with our Cookie Policy and Terms of Service.

Our registered office for correspondence is GarageOS Ltd, 123 Shoreditch High Street, London E1 6JE. Regulatory enquiries from the ICO or other authorities should be marked for the attention of the Data Protection Officer.

If you are a former user, you may request confirmation of deletion after account closure. Some anonymised analytics derived from your use may remain in aggregate statistics that cannot be linked back to you.