Privacy policy
Last updated: June 2026
EveryDriver Ltd ("we", "us", "our") is the data controller for personal information you provide when using our marketplace. We are registered with the UK Information Commissioner's Office (ICO) and comply with the UK GDPR and the Data Protection Act 2018.
1. Information We Collect
- Identity & contact details (name, email, phone, address)
- Booking and lesson information (dates, instructor, course type, test details)
- Payment metadata (last 4 digits of card, transaction ID — never the full PAN)
- Messages exchanged with instructors and our support team
- Technical data (IP address, device, browser, pages viewed) via cookies and similar technologies
2. Lawful Basis for Processing
We rely on the following lawful bases under UK GDPR:
- Contract — to deliver the bookings and services you request
- Legal obligation — to meet tax, accounting and consumer-protection duties
- Legitimate interests — to run, secure and improve the platform, prevent fraud and respond to enquiries
- Consent — for marketing emails and non-essential cookies; you can withdraw consent at any time
3. Cookies
We use strictly necessary cookies to operate the site (e.g. login, session). With your consent, we also use analytics and preference cookies to understand how the platform is used and to remember your settings. You can manage cookie preferences in your browser at any time.
4. How We Share Your Data (Third-Party Processors)
We never sell your data. We share it only with carefully selected processors who act on our instructions:
- The instructor you book (name, contact, lesson details)
- Payment processors (e.g. Ryft, Stripe, Klarna, Clearpay) — PCI DSS compliant
- Hosting and infrastructure providers (e.g. Supabase, Cloudflare)
- Email & messaging providers (e.g. transactional email services)
- Analytics providers (only where you have given consent)
- Law enforcement or regulators where legally required
5. Data Security
We use industry-standard technical and organisational measures: encryption in transit (TLS), encryption at rest for sensitive fields, role-based access controls, audit logging and regular security reviews. Payment card data is handled exclusively by PCI DSS compliant providers and is never stored on EveryDriver servers.
6. Data Retention
We keep personal data only as long as needed for the purpose it was collected:
- Booking and lesson records — 6 years (to meet UK accounting and tax requirements)
- Account data — until you delete your account, plus 30 days backup retention
- Support messages — 3 years from last contact
- Marketing preferences — until you unsubscribe or withdraw consent
7. Your GDPR Rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data ("right to be forgotten")
- Restrict or object to processing
- Data portability — receive your data in a machine-readable format
- Withdraw consent at any time (for processing based on consent)
- Lodge a complaint with the ICO (ico.org.uk) if you believe we have mishandled your data
To exercise any of these rights email info@everydriver.co.uk. We will respond within one calendar month.
8. International Transfers
Where personal data is transferred outside the UK, we rely on adequacy decisions or appropriate safeguards (such as the UK International Data Transfer Agreement / Standard Contractual Clauses) to protect your information.
9. Children
Our service is not intended for children under 16. Pupils under 18 must have parental or guardian consent before booking.
10. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated by email or by a prominent notice on the platform.
11. Contact
EveryDriver Ltd, Winchester, Hampshire. Email: info@everydriver.co.uk. ICO registration is held in the name of EveryDriver Ltd.
