1 Who we are
MyCarChecklist operates mycarchecklist.co.uk. We are the data controller for personal data collected through the Service. Contact: joe@mycarchecklist.co.uk.
2 Data we collect
Data you provide:
- Email address — when you unlock the full report.
Data collected automatically:
- Vehicle registration numbers (VRMs) entered into the search.
- IP address, browser type, device type — via server logs and analytics.
- Usage data — pages visited, features used, time on site.
- Cookies & local storage — to remember your unlock status and preferences.
We do not collect payment card details. We do not collect or store your name or address unless you provide it via our contact form.
3 How we use your data
- To provide the Service and deliver results to you.
- To unlock premium features when you provide your email.
- To send you car-buying tips, product updates, and occasional offers (email subscribers only — you can unsubscribe at any time).
- To improve the Service through aggregated, anonymised analytics.
- To comply with legal obligations.
- To detect and prevent fraud, abuse, or misuse of the Service.
4 Legal basis (UK GDPR)
- Contract / steps prior to contract — processing your VRM lookup to deliver results.
- Legitimate interests — analytics, security, fraud prevention, improving the Service.
- Consent — marketing emails (you provide consent when submitting your email). You may withdraw consent at any time by unsubscribing.
- Legal obligation — complying with applicable laws.
5 Cookies & tracking
We use the following types of cookies and local storage:
- Essential — required for the Service to function (e.g. storing your unlock status).
- Analytics — anonymous usage data to help us improve the Service (e.g. Google Analytics, if enabled).
- Advertising — Google AdSense may set cookies to serve relevant ads.
You can manage cookie preferences via our Cookie Policy page or your browser settings. Declining non-essential cookies will not prevent you from using the Service.
Our cookie banner lets you accept or decline non-essential cookies when you first visit. Essential cookies cannot be disabled as they are required for core functionality.
6 Third parties & data sharing
We share data with the following categories of third party:
- DVSA — VRMs are sent to the DVSA MOT History API to retrieve test records. Subject to DVSA's own terms.
- OpenAI — vehicle data (make, model, year, MOT history) is sent to OpenAI's API to generate AI analysis. No personal data is included in these requests.
- Netlify — our hosting provider processes server logs including IP addresses.
- Google — AdSense and Analytics may process usage data and set cookies.
- Email service provider — your email address may be stored with a third-party email platform (e.g. Mailchimp) to manage communications.
We do not sell your personal data. We do not share your email with affiliate partners.
7 Data retention
- Email addresses — retained until you unsubscribe or request deletion.
- Server logs — typically 30–90 days.
- VRM search logs — anonymised after 30 days.
- Local storage / cookies — stored on your device; cleared when you clear browser data.
8 Your rights
Under UK GDPR you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — request correction of inaccurate data.
- Erasure — request deletion of your personal data ("right to be forgotten").
- Restriction — request that we limit how we use your data.
- Portability — receive your data in a structured, machine-readable format.
- Object — object to processing based on legitimate interests or for direct marketing.
- Withdraw consent — withdraw consent for marketing at any time.
To exercise any of these rights, email joe@mycarchecklist.co.uk. I will respond within 30 days.
9 Security
We use industry-standard security measures including HTTPS encryption, secure serverless functions, and environment-variable-protected API keys. No system is completely secure; we cannot guarantee the absolute security of data transmitted over the internet.
10 Children
The Service is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
11 Changes to this policy
We may update this policy from time to time. We will update the "Last updated" date at the top. Continued use of the Service after changes constitutes acceptance of the updated policy.