Privacy Notice (DRVApp)

Effective date: 12 February 2026
Last updated: 22 February 2026

This Privacy Notice explains how [Company Name] (“we”, “us”, “our”) collects, uses, shares, and protects personal information when you use DRVApp and our website at [your domain] (together, the “Services”). It also explains your rights under applicable data protection laws, including the UK GDPR and the Data Protection Act 2018.

If you have questions about this notice or your personal information, please contact us using the details in the Contact section.

1) Who we are

Controller: [Company Name]
Company address: [Company Address, City, Postcode, Country]
Email: [privacy@yourdomain.com]
Phone: [Company Phone]

Where DRVApp is used by or on behalf of a client business, that business may also be a controller for the information it inputs and manages within the system.

2) Scope

This Privacy Notice applies to:

  • Visitors to our website

  • Users of DRVApp, including drivers, transport managers, and administrators

  • People whose details appear in the system, such as client contacts

This notice does not cover third-party websites or services linked from our website. Those third parties have their own privacy notices.

3) Personal information we collect

We collect information in three main ways: (a) information you provide, (b) information created while using the Services, and (c) information collected automatically (such as device and log data).

A) Information you provide

Depending on your role and how you use DRVApp, we may collect:

  • Account details: name, email address, phone number, password (stored in encrypted/hashed form)

  • Profile details: address, city, postcode, country, HGV class/qualification (where relevant)

  • Company identity data: company name, company phone, company address (entered by administrators)

  • Client information: client company name, phone, address, city, postcode, country

  • Support communications: messages you send to us, including attachments

B) Operational data created while using DRVApp

DRVApp is designed to manage delivery/pickup workflows and therefore may collect:

  • Job information: job type (delivery/pickup), job date, assigned vehicle, assigned driver, assigned manager, job status

  • Vehicle inspection records: odometer readings, checklist responses, notes against checklist items, inspection signature and timestamp

  • Delivery/pickup confirmation data: “arrived”, “delivered”, and “depart” events with timestamps; client signature; delivery note records; optional photographs of delivered loads

  • Audit and activity logs: records of actions taken in the app (for operational and security purposes)

C) Information collected automatically

When you use the Services, we may collect:

  • Device and usage data: browser type, device type, operating system, pages visited, time and date of requests

  • Log and security data: IP address, access times, error logs, authentication events

  • Approximate location (optional): If you allow location permissions in your browser/device, DRVApp may capture location at certain job events (e.g., “Arrived”/“Depart”). You can control location permissions in your device/browser settings.

Important: Location data is only collected where enabled and permitted by your device/browser. If you deny permission, location will not be collected.

4) How we use personal information

We use personal information to:

Provide and operate DRVApp

  • Create and manage user accounts for drivers and managers

  • Assign and manage delivery/pickup jobs

  • Record vehicle inspections, job events, and delivery confirmations

  • Generate operational records (e.g., delivery notes/inspection records)

Communicate with users

  • Send job and operational notifications (e.g., updates to managers)

  • Respond to enquiries and provide support

  • Send service messages, such as security alerts or essential updates

Maintain security and improve the Services

  • Detect, prevent, and investigate fraud, misuse, and security incidents

  • Troubleshoot and debug

  • Improve usability and performance

Comply with legal obligations

  • Keep records required by law or regulation

  • Respond to lawful requests from authorities

5) Legal bases for processing (UK GDPR)

We process personal information under one or more of these legal bases:

  • Performance of a contract: to provide DRVApp services and features you request or use.

  • Legitimate interests: to operate, secure, and improve DRVApp; prevent fraud; ensure service continuity. We balance these interests against your rights.

  • Legal obligation: where we must process data to comply with law.

  • Consent: where required (for example, for optional location collection depending on your device/browser settings, or certain cookies/analytics where applicable). You can withdraw consent at any time.

6) Cookies and similar technologies

We may use cookies and similar technologies to:

  • Keep you logged in (session/authentication)

  • Maintain security and prevent abuse

  • Remember preferences

If we use analytics or non-essential cookies, we will request consent where required by law. You can control cookies through your browser settings and any cookie banner preferences on our site.

If you would like a detailed cookie list (name, purpose, expiry), add a “Cookies” section and we can populate it based on your actual configuration.

7) Sharing your personal information

We do not sell your personal information. We may share personal information with:

Service providers (processors)

Companies that help us operate DRVApp, such as:

  • Hosting providers

  • Email delivery/SMTP providers

  • Security and monitoring services

  • Backup and storage services

These providers are authorised to use personal information only as necessary to provide services to us and must protect it.

Business partners and customers

Where DRVApp is operated on behalf of a business customer, relevant data may be shared internally with that customer’s authorised users (e.g., managers and administrators) to support operations.

Legal and safety disclosures

We may disclose information if required to do so by law or if we believe disclosure is necessary to:

  • Comply with legal obligations or lawful requests

  • Protect the rights, safety, and security of our users, our business, or others

  • Investigate fraud or security issues

Business transfers

If we are involved in a merger, acquisition, or sale of assets, personal information may be transferred as part of that transaction. We will notify you if required.

8) International transfers

If personal information is transferred outside the UK, we will ensure appropriate safeguards are used, such as:

  • UK adequacy regulations, or

  • International Data Transfer Agreements (IDTAs), or

  • other lawful transfer mechanisms.

9) Data retention

We retain personal information only as long as necessary for the purposes described in this notice, including to meet legal, accounting, and operational requirements.

Typical retention may include:

  • Account data: while the account is active, plus a reasonable period after deactivation for security/audit.

  • Operational records (jobs, inspections, delivery confirmations): retained for operational continuity and compliance, often for [e.g., 6 years] (adjust to your policy/industry requirements).

  • Logs: retained for a limited period for security and diagnostics.

When no longer needed, we securely delete or anonymise the information.

10) Security

We use appropriate technical and organisational measures designed to protect personal information, including:

  • Access controls and role-based permissions (drivers/managers/admins)

  • Encryption in transit (HTTPS) where configured

  • Secure password hashing via WordPress

  • Logging and monitoring for suspicious activity

No system is 100% secure. Users should also protect their accounts by using strong passwords and not sharing login credentials.

11) Your rights

Depending on your location and applicable law, you may have the right to:

  • Access your personal information

  • Correct inaccurate or incomplete information

  • Delete personal information (where applicable)

  • Restrict processing

  • Object to processing based on legitimate interests

  • Data portability (receive your data in a usable format)

  • Withdraw consent (where processing is based on consent)

  • Complain to a supervisory authority

UK users

You can raise concerns with the Information Commissioner’s Office (ICO).

We may need to verify your identity before responding to requests.

12) Children’s privacy

DRVApp is not intended for children, and we do not knowingly collect personal information from anyone under 16. If you believe a child has provided personal information, contact us and we will take appropriate steps.

13) Third-party links

Our Services may contain links to third-party sites. We are not responsible for their content or privacy practices. Please review their privacy notices before providing personal information.

14) Changes to this Privacy Notice

We may update this Privacy Notice from time to time. When we do, we will revise the “Last updated” date and, where appropriate, provide additional notice (for example, by posting a notice on our site).

15) Contact us

If you have questions or want to exercise your rights, contact:

[Company Name]
Address: [Company Address, City, Postcode, Country]
Email: [privacy@yourdomain.com]
Phone: [Company Phone]