Privacy Policy
Last updated: 5 May 2026
1. Who we are
This privacy policy explains how Poseidon Detailing ("we", "us", "our") collects and uses personal data when you visit poseidondetailing.co.uk or book our mobile car detailing services in Rugby, Warwickshire and the surrounding areas.
We are the data controller for the personal data we hold about you. Contact us at [email protected] or 07722 056402 with any privacy question.
We are registered with the UK Information Commissioner's Office (ICO). Our ICO registration number is shown at the bottom of this page once issued.
2. What we collect, and why
| Data | Purpose | Lawful basis |
|---|---|---|
| Name, email, phone, postcode | Booking, contacting you, sending receipts | Contract / Legitimate interest |
| Vehicle make, model, registration (if provided) | Quoting and delivering the service | Contract |
| Booking location address | Travelling to perform the service | Contract |
| Payment metadata (card brand, last 4 digits, expiry) | Letting you re-use a saved card; receipts | Contract |
| Pageview path, browser family, mobile/desktop flag | Aggregate, anonymous traffic analytics | Legitimate interest |
| Newsletter email address | Sending offers and updates if you opt in | Consent |
We do not collect, store, or process your card number, CVV or full card data. Card payments go directly to our payment processor (Stripe). We only see and store a Stripe token plus the last 4 digits and brand of your card, so that you can re-use it for future bookings.
We do not log your IP address or full browser user-agent string in our analytics. Visitor sessions are identified by a hash that rotates daily, so visitors cannot be tracked across days, sites, or back to a real identity.
3. Who we share data with
We use a small number of third-party processors. Each has been chosen for security and UK/EU data-protection compliance:
- Stripe — card payments and receipts (PCI-DSS Level 1 certified, UK-based for UK customers).
- Resend — transactional email delivery (booking confirmations, contact-form acknowledgements).
- Railway — application hosting and database storage (EU region).
- Cloudflare — DNS, SSL certificate, content delivery network and DDoS protection.
- Backblaze B2 — encrypted off-site backups (EU region).
We do not sell personal data to advertisers. We do not use third-party advertising cookies or tracking pixels.
4. How long we keep your data
- Account & vehicle data: kept while your account is active, deleted within 30 days of an erasure request or after 24 months of inactivity.
- Bookings & invoices: kept for 6 years after the invoice date — required by HMRC.
- Contact-form messages: kept for 12 months, then automatically deleted.
- Pageview analytics: kept for 90 days, anonymously aggregated, then deleted.
- Email send log: kept for 90 days for deliverability debugging.
- Newsletter subscribers: kept until you unsubscribe.
5. Cookies
We use only strictly necessary cookies: a session cookie that keeps you logged in and protects you against cross-site request forgery (CSRF). These cookies do not require your consent under UK PECR. We do not use advertising, tracking, or analytics cookies. Cloudflare may set a security cookie to mitigate bot attacks; this is also strictly necessary.
If we ever introduce optional analytics or marketing cookies, we will ask for your consent first via a banner.
6. Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you (a "subject access request").
- Ask us to correct data that is inaccurate.
- Ask us to delete your data (the "right to erasure"). Logged-in customers can do this from My Account → Settings → Delete account.
- Restrict or object to processing where the basis is legitimate interest.
- Request your data in a portable format.
- Withdraw consent for any processing that was based on consent (e.g. the newsletter — every email contains a one-click unsubscribe link).
Email [email protected] with subject "Privacy request" and we will respond within 30 days at no cost.
7. Security
We protect your data with industry-standard measures: TLS encryption in transit, encrypted-at-rest database storage, bcrypt password hashing, anti-CSRF tokens on every form, rate-limited login, bot protection (Cloudflare Turnstile), and audit logging. Card data never touches our servers.
8. Complaints
If you are not satisfied with how we have handled your data, you have the right to complain to the UK Information Commissioner's Office at ico.org.uk/make-a-complaint or by calling 0303 123 1113.
9. Changes
We may update this policy. Material changes will be flagged on the home page banner for at least 14 days. The "last updated" date at the top of this page always shows the current version.
Poseidon Detailing · Rugby, Warwickshire · ICO registration: pending · Company: sole trader.