Privacy Policy

Last updated: 11 May 2026

DPLocal Ecommerce Limited (company number 16313744) is the data controller for personal data processed through Carbility.
Registered office: 61 Bridge Street, Kington, United Kingdom, HR5 3DJ.
Contact: support@carbility.co.uk

We are committed to protecting your privacy in accordance with the UK GDPR and the Data Protection Act 2018.

1. Data We Collect
   Depending on how you use Carbility, we may collect:
   • Email address (when you create an account or sign in)
   • Account and authentication data
   • Payment and credit transaction metadata (not card details — see below)
   • Vehicle registration numbers you look up
   • MOT history and report usage activity
   • IP address, device type, and browser information
   • Cookie consent preferences
   • Analytics events (page views, feature usage)
   • Support messages you send us

   We do not store your payment card details. Payments are processed securely by Stripe, which handles all card data directly.

2. How We Use Your Data
   We process your data to:
   • Provide account access, authentication, and session management
   • Deliver free previews and full paid reports
   • Manage credit purchases and balances
   • Save your report history to your account
   • Improve the reliability and performance of the service
   • Detect and prevent abuse and fraud
   • Respond to support requests
   • Measure analytics and marketing performance where you have given consent
3. Legal Bases for Processing
   
   • Contractual necessity — to provide your account, reports, and credit management
   • Legitimate interests — for security, fraud prevention, and basic product improvement
   • Consent — for analytics and marketing cookies and tracking where required
   • Legal obligation — where applicable (e.g. accounting records)
4. Third-Party Processors
   We use trusted third-party services to operate Carbility. Your data may be shared with these processors:
   • Supabase — authentication and database storage
   • Stripe — payment processing
   • Vercel — hosting and deployment
   • Upstash / Redis — caching and rate limiting
   • OpenAI — AI-generated report analysis (vehicle data is sent to their API)
   • PostHog — product analytics (where analytics consent is given)
   • Meta — marketing measurement via Pixel and Conversions API (where marketing consent is given)
   • Resend / email provider — transactional email (e.g. magic links, confirmations)
   • DVSA / public MOT data sources — vehicle MOT history
   All providers are required to handle data in accordance with applicable data protection standards.
5. Data Retention
   
   • Account and purchase records are kept while your account is active and as required for legal or accounting obligations.
   • Saved reports are kept while your account exists, unless you request deletion or our retention policy changes.
   • Analytics data is retained only as long as needed for product and marketing analysis.
   • You can request deletion of your data at any time by contacting us.
6. Your Rights
   Under UK GDPR, you have the right to:
   • Access the personal data we hold about you
   • Correct inaccurate data
   • Request deletion of your data
   • Restrict or object to processing
   • Data portability
   • Withdraw consent where processing is based on consent
   • Lodge a complaint with the Information Commissioner's Office (ICO)
   To exercise any of these rights, contact support@carbility.co.uk.
7. Cookies
   We use essential, analytics, and marketing cookies. See our Cookie Policy for full details.
8. Complaints
   If you are unhappy with how we have handled your data, you may lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.