Back to DriveSage

Privacy Policy

Last Updated: March 19, 2026

At DriveSage, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

Please read this Privacy Policy carefully. By accessing or using our services, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

1. Information We Collect

1.1. Information You Provide

We may collect information that you voluntarily provide to us when you:

  • Create an account or user profile
  • Complete our personalization quiz with your car preferences
  • Enter vehicle registration numbers for MOT history checks
  • Contact our customer service team
  • Subscribe to newsletters or marketing communications
  • Participate in surveys or promotions
  • Submit feedback or reviews
  • Interact with our AI-powered car recommendation systems
  • Use the Car Match Chat feature
  • Purchase credits or subscription plans

This information may include your name, email address, phone number, vehicle registration numbers, payment information, chat history, car preferences (such as budget range, preferred car styles, favorite brands, priorities, usage patterns, and experience level), and any other information you choose to provide.

1.2. Automatically Collected Information

When you visit our website or use our services, we may automatically collect certain information about your device and usage patterns. This information may include:

  • Device information (such as your IP address, browser type, operating system, device identifiers)
  • Usage data (such as pages visited, time spent on the site, referring websites, click patterns)
  • Geographic location derived from IP address
  • Search queries and vehicle registration numbers you enter
  • Credit usage and transaction history
  • Interaction with AI features and recommendation systems
  • Performance data and error logs to improve service reliability
  • Feature usage analytics to understand user behavior and preferences

We collect this information using cookies, web beacons, local storage, and similar technologies. For more information about our use of these technologies, please see our Cookie Policy.

1.3. Information from Third Parties

We may receive information about you from third-party sources, including:

  • Social authentication providers (Google OAuth) when you sign in using these services
  • UK government databases (DVLA, MOT History) for publicly available vehicle information
  • Payment processors (Stripe) for transaction verification and fraud prevention
  • Analytics providers for aggregated usage statistics

2. How We Use Your Information

We may use the information we collect for various purposes, including to:

  • Provide, maintain, and improve our services
  • Process and fulfill your requests for vehicle information and valuations
  • Personalize your experience and deliver content relevant to your interests
  • Send you service-related communications, including subscription confirmations and receipts
  • Communicate with you about products, services, offers, and promotions (with your consent)
  • Verify your email address and maintain account security
  • Implement rate limiting and prevent abuse of our services
  • Monitor and analyze trends, usage, and activities in connection with our services
  • Detect, investigate, and prevent fraudulent transactions and other illegal activities
  • Monitor errors and performance issues to maintain service quality
  • Comply with legal obligations and enforce our terms and policies
  • Manage and track your credit usage and subscription status
  • Process payments and prevent fraud
  • Improve the quality and relevance of our AI-powered recommendations
  • Compare multiple vehicles side-by-side based on your requests
  • Store your search history for quick access to previously viewed vehicles

2.1. Legal Basis for Processing (UK GDPR)

Under UK GDPR, we process your personal information based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our services, manage subscriptions, and fulfill our contractual obligations to you
  • Legitimate Interests: To improve our services, prevent fraud, ensure security, analyze usage patterns, and provide customer support
  • Consent: For marketing communications, optional features like the personalization quiz, and certain cookie usage
  • Legal Obligation: To comply with UK tax laws, financial regulations, and other legal requirements

You have the right to object to processing based on legitimate interests or to withdraw consent at any time.

3. AI and Data Analytics

DriveSage uses artificial intelligence (AI) and data analytics to provide you with vehicle valuations, condition assessments, maintenance forecasts, and car recommendations. When you use these services, we:

  • Retrieve publicly available MOT and vehicle data
  • Process this data using our proprietary AI algorithms
  • Generate insights and predictions about vehicles
  • Store the results to improve our services
  • Analyze your car preferences and requirements shared through Car Match Chat
  • Store chat histories to provide continuity in conversations
  • Share your queries with third-party AI providers (like Google AI) to generate responses

The AI models we use are continuously learning and improving based on user interactions and vehicle data. While we strive to provide accurate and helpful insights, our AI-generated assessments should be considered as informational guidance only and not definitive evaluations.

Our Car Match Chat service processes your car preferences, requirements, and questions to provide personalized car recommendations. Chat histories are stored securely and linked to your account to ensure continuity in your conversations. These histories may be used to improve our AI models and recommendation systems.

Important: We use Google's Gemini AI models (via the Google GenAI SDK) to power our AI features. When you use AI services, your queries and relevant vehicle data are sent to Google's servers for processing. Google processes this data according to their privacy policy and our data processing agreement. We do not train or fine-tune any AI models on your data — our AI uses real-time context injection and Google Search grounding to generate responses. We store conversation history in your account for your convenience.

3.1. Vehicle Comparison Feature

Our vehicle comparison feature allows you to compare up to 4 vehicles side-by-side. When you use this feature:

  • We retrieve MOT and DVLA data for each vehicle you compare
  • Our AI analyzes all vehicles simultaneously to provide rankings and recommendations
  • Comparison results are stored in your account for future reference
  • You can share comparison results by generating a unique link (stored for 30 days)

3A. Third-Party Services and Analytics

3A.1. Analytics and Performance Monitoring

We use the following third-party services to monitor and improve our platform:

  • Microsoft Clarity: Records anonymised session replays including mouse movements, clicks, scrolling behaviour, and page content to help us understand how users interact with our platform. Clarity is only activated if you accept analytics cookies via our cookie banner. Learn more: https://clarity.microsoft.com/terms
  • Google Ads (gtag.js): Tracks advertising conversions to measure campaign effectiveness. Only activated if you accept analytics cookies
  • Google AdSense: Serves relevant advertisements on our platform. Only activated if you accept analytics cookies
  • Meta Pixel: Tracks page views and conversion events (sign-ups, purchases) for Facebook/Instagram advertising attribution. Only activated if you accept marketing cookies
  • Vercel Analytics: First-party analytics tracking page views and user flows. Does not set cookies
  • Vercel Speed Insights: Monitors real user performance metrics (Core Web Vitals). Does not set cookies
  • Sentry: Captures error logs and crash reports to identify and fix technical issues quickly. Sentry may collect IP addresses, user IDs, and technical error details

These services process data according to their respective privacy policies. You can learn more about their data practices:

  • Vercel Privacy Policy: https://vercel.com/legal/privacy-policy
  • Sentry Privacy Policy: https://sentry.io/privacy/

3A.2. Email Services

We use Gmail SMTP services to send transactional emails including:

  • Email verification links when you create an account
  • Password reset instructions
  • Subscription confirmation receipts (required by UK consumer rights law)
  • Important account notifications

We do not send marketing emails without your explicit consent. You can opt out of marketing communications at any time.

3A.3. Rate Limiting and Abuse Prevention

To prevent abuse and ensure fair usage, we implement rate limiting based on:

  • IP addresses for anonymous users (10 free searches per day)
  • User accounts for authenticated users (based on subscription tier)
  • Credit balances for premium features

This processing is necessary to maintain service quality for all users and prevent system abuse.

4. Car Preference Personalization Quiz

DriveSage offers an optional personalization quiz that collects information about your car buying preferences and journey to enhance your experience with our services. When you complete the quiz, we collect and store:

  • Your current journey stage (browsing, actively buying, comparing options, or checking a specific car)
  • Your budget preferences (min/max price range or flexible budget indication)
  • Preferred car styles (hatchback, SUV, saloon, estate, coupe, MPV, pickup, or open to all)
  • Favorite car brands (up to 5) or indication of being open to all brands
  • Your top priorities (family-friendly, fuel efficiency, performance, practicality, technology, luxury, environmental, style, reliability - up to 3)
  • Primary usage pattern (commuting, long-distance, city driving, family trips, weekend use, business)
  • Your experience level with cars (first-time buyer, beginner, experienced, enthusiast, or dealership/trade professional)

We use your quiz responses to:

  • Personalize car recommendations in Car Match Chat based on your specific preferences and budget
  • Tailor the level of detail and technical complexity in our AI-generated analyses to match your experience level
  • Provide contextually relevant vehicle valuations and maintenance forecasts aligned with your priorities
  • Route you to the most appropriate features based on your current journey stage
  • Improve the accuracy and relevance of our AI recommendations over time

Your quiz responses are stored in your user profile and can be viewed, edited, or deleted at any time from your profile settings. You can skip the quiz or retake it whenever your preferences change. The quiz is optional, and all DriveSage features remain accessible regardless of whether you complete it.

Quiz data is retained for as long as your account is active. If you delete your account, all quiz responses and preference data will be permanently deleted along with your other account information.

5. Credit System and Payment Information

DriveSage operates using a credit system for accessing premium features. We collect and process the following information related to our credit and payment systems:

  • Credit purchase history and usage patterns
  • Subscription status and renewal information
  • Payment method information (processed securely through Stripe)
  • Billing address and contact information
  • Transaction timestamps and amounts

We use this information to:

  • Process payments and manage subscriptions
  • Track credit balances and usage
  • Prevent fraudulent transactions
  • Provide customer support for billing issues
  • Analyze service usage patterns to improve our offerings

Payment processing is handled by Stripe, a secure third-party payment processor. DriveSage does not store complete credit card information on our servers. For more information about Stripe's security practices, please refer to their privacy policy.

6. Sharing Your Information

We may share your personal information with the following categories of recipients:

6.1. Service Providers

We may share your information with third-party service providers who perform services on our behalf, such as:

  • AI processing services (Google Gemini AI)
  • Payment processing (Stripe)
  • Analytics and session recording (Microsoft Clarity, Vercel Analytics)
  • Advertising and conversion tracking (Meta Pixel, Google Ads)
  • Error monitoring (Sentry)
  • Cloud hosting (Vercel)

These service providers are contractually obligated to protect your information and are prohibited from using it for any other purpose.

6.2. Legal Compliance and Protection

We may disclose your information if required by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

6.3. Business Transfers

If DriveSage is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

6.4. With Your Consent

We may share your information with other parties with your consent or at your direction.

7. Data Security

We have implemented appropriate technical and organizational measures to protect the security of your personal information from unauthorized access, disclosure, alteration, and destruction. However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

Our security measures include:

  • Encryption of sensitive data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication requirements
  • Secure handling of API keys and third-party service credentials
  • Regular backups and disaster recovery planning

8. Your Rights and Choices

Under UK GDPR and applicable data protection laws, you have the following rights regarding your personal information:

8.1. Your Data Protection Rights

  • Right of Access: Request a copy of the personal information we hold about you
  • Right to Rectification: Correct inaccuracies in your personal information
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal information in certain circumstances
  • Right to Restriction: Request that we restrict processing of your personal information
  • Right to Object: Object to our processing of your personal information based on legitimate interests
  • Right to Data Portability: Request transfer of your personal information to another service provider
  • Right to Withdraw Consent: Withdraw consent for processing based on consent (e.g., marketing emails, optional features)
  • Right to Lodge a Complaint: File a complaint with the UK Information Commissioner's Office (ICO) if you believe your rights have been violated

8.2. Managing Your Account and Data

You can manage your information directly through your DriveSage account:

  • Profile Settings: Update your name, email, and password
  • Preferences: View, edit, or delete your car preference quiz responses
  • Chat History: View or delete your Car Match Chat conversation history
  • Search History: Clear your vehicle lookup history stored in your browser
  • Marketing Preferences: Opt out of promotional emails (you'll still receive essential service communications)

8.3. Account Deletion

You can request account deletion at any time by contacting drivesagehelp@gmail.com. When you delete your account:

  • Your personal information (name, email, profile data) will be permanently deleted within 30 days
  • Your chat history, quiz responses, and search history will be permanently deleted
  • Active subscriptions will be cancelled (no refunds for unused time)
  • Unused credits will be forfeited
  • Some data may be retained for legal and regulatory compliance (e.g., transaction records for 7 years for tax purposes)

8.4. Exercising Your Rights

To exercise any of these rights, please contact us at drivesagehelp@gmail.com with:

  • Your name and email address associated with your account
  • A clear description of your request
  • Proof of identity (if required for security purposes)

We will respond to your request within one month (30 days) as required by UK GDPR. In complex cases, we may extend this by two additional months and will inform you of the extension and reasons.

UK Information Commissioner's Office (ICO): If you're not satisfied with how we've handled your data or your request, you can lodge a complaint with the ICO at https://ico.org.uk/make-a-complaint/ or call 0303 123 1113.

9. Data Retention

We will retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to comply with our legal obligations, resolve disputes, and enforce our agreements. When determining the retention period for your information, we consider:

  • The amount, nature, and sensitivity of the personal information
  • The potential risk of harm from unauthorized use or disclosure
  • The purposes for which we process the information
  • Whether we can achieve those purposes through other means
  • Applicable legal requirements

Specific retention periods:

  • Account information: For as long as your account is active, plus 30 days after deletion request
  • Payment information: 7 years (as required by UK tax and financial regulations)
  • Credit transaction history: For the duration of your account plus 1 year after account closure
  • AI chat histories: Up to 12 months from the date of the conversation, or until you delete them
  • Quiz responses: For as long as your account is active, or until you delete them from your profile
  • Vehicle lookup data: Anonymized and aggregated data may be retained indefinitely for improving our algorithms
  • Email verification tokens: 24 hours or until used
  • Password reset tokens: 1 hour or until used
  • Error logs (Sentry): 90 days
  • Analytics data: 2 years in aggregated form

When you delete your account, we will delete or anonymize your personal information within 30 days, except for data we're legally required to retain.

9A. Automated Decision-Making

DriveSage uses automated processing and AI to provide our services. Here's how automated decision-making affects you:

9A.1. AI-Powered Features

The following features use automated processing:

  • Vehicle Valuations: AI analyzes MOT history and market data to estimate vehicle value
  • Maintenance Forecasts: Predictive models estimate future maintenance costs
  • Car Recommendations: AI suggests vehicles based on your preferences and requirements
  • Risk Assessments: Automated analysis of vehicle condition and potential issues
  • Comparison Rankings: AI ranks multiple vehicles based on various factors

Important: These automated assessments are advisory only and do not constitute legally binding decisions. You retain full control over your car buying decisions. Our AI provides guidance to help inform your choices, but you should always verify information and conduct your own due diligence before purchasing a vehicle.

9A.2. Rate Limiting and Fraud Prevention

We use automated systems to:

  • Limit the number of free searches based on IP address
  • Detect suspicious payment patterns
  • Prevent abuse of our services

These automated decisions may affect your access to services. If you believe you've been incorrectly rate-limited, please contact drivesagehelp@gmail.com.

Under UK GDPR, you have the right to:

  • Obtain human intervention for automated decisions that significantly affect you
  • Express your point of view regarding automated decisions
  • Challenge automated decisions

10. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information. If you believe we have any information from or about a child under 16, please contact us using the information provided in the "Contact Us" section.

11. Cookies and Local Storage

We use cookies and similar technologies to enhance your experience and collect information about how you use our services.

11.1. Types of Cookies We Use

  • Essential Cookies: Required for authentication, session management, and core functionality. These cookies are necessary for the website to function and cannot be disabled.
  • Analytics Cookies: Help us understand how users interact with our platform (Microsoft Clarity, Google Ads, Google AdSense). Only loaded after you accept analytics cookies via our cookie banner.
  • Marketing Cookies: Used for advertising attribution and conversion tracking (Meta Pixel). Only loaded after you accept marketing cookies via our cookie banner.

11.2. Local Storage

We use browser local storage to enhance your experience by storing:

  • Your cookie consent preferences
  • Your recent vehicle search history (stored locally on your device only)
  • Quiz dismissal status to avoid showing the quiz repeatedly
  • Tutorial completion status
  • Free check eligibility flags for anonymous users

Local storage data remains on your device and is not transmitted to our servers unless you choose to sync it with your account. You can clear local storage at any time through your browser settings.

11.3. Managing Cookies

Most browsers allow you to control cookies through their settings. However, disabling essential cookies may affect your ability to use certain features of our services. For more information, see our Cookie Policy.

12. International Data Transfers

DriveSage is based in the United Kingdom. Your personal information may be transferred to, and processed in, countries other than the UK, including the United States and other jurisdictions where our service providers operate.

12.1. Data Transfer Locations

Your data may be processed in the following locations:

  • United Kingdom: Our primary database and application servers (Vercel UK region)
  • United States: Google Cloud (Gemini AI), Stripe payment processing, Sentry error monitoring, Microsoft Clarity
  • European Union: Backup storage and failover systems

12.2. Data Transfer Safeguards

When we transfer your personal information outside the UK, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs): We use UK-approved SCCs with our US-based service providers
  • Adequacy Decisions: Some transfers are to countries recognized by the UK as providing adequate data protection
  • Data Processing Agreements: All third-party processors are contractually bound to protect your data according to UK GDPR standards

Our key data processors include:

  • Google Cloud (Gemini AI): Processes AI queries under Standard Contractual Clauses
  • Microsoft Clarity: Processes session replay data under Microsoft's data protection framework
  • Stripe: Processes payments globally under their UK-compliant data protection framework
  • Sentry: Stores error logs in US servers under Standard Contractual Clauses
  • Vercel: Hosts application primarily in UK region (lhr1) with US-based backup systems

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our information practices, legal requirements, or new features. The "Last Updated" date at the top of this policy indicates when it was last revised.

How we notify you of changes:

  • Material Changes: If we make significant changes that affect your rights, we'll notify you by email (to the address in your account) at least 30 days before the changes take effect
  • Minor Updates: For non-material changes (e.g., clarifications, formatting), we'll update this page and note the revision date
  • Your Acceptance: Continued use of our services after changes take effect constitutes acceptance of the updated Privacy Policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

14. Contact Us and Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Protection Inquiries:
Email: drivesagehelp@gmail.com
Subject Line: "Privacy Request" or "Data Protection"

Response Times:

  • General inquiries: Within 48 hours
  • Data subject access requests: Within 30 days (as required by UK GDPR)
  • Urgent security matters: Within 24 hours

UK Information Commissioner's Office (ICO):
If you're not satisfied with our response, you have the right to lodge a complaint with the ICO:
Website: https://ico.org.uk/make-a-complaint/
Phone: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Document Information:
Last Updated: March 19, 2026
Version: 3.0
Effective Date: March 19, 2026
Previous Version: October 27, 2025

This Privacy Policy is compliant with UK GDPR, Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).