Privacy Policy

Last updated: May 2026

At AutoPractice (operated by Auto Practice Limited), we take your privacy seriously. This Privacy Policy explains how we collect, use, and protect information when you use our services, including our SMS booking bot, missed call recovery system, booking dashboard, and related automation tools.

AutoPractice operates as a data processor on behalf of our business clients (who are the data controllers). We process customer data only on the documented instructions of our clients and in accordance with this policy and applicable law.

1. Who We Are

Auto Practice Limited, trading as AutoPractice, is registered in England and Wales.

Contact: [email protected]

2. Information We Collect

Business client information

• Business name, contact name, email address
• Business type and location
• Billing information (processed securely via Stripe)

End customer information (processed on behalf of clients)

• Name and phone number
• Address and postcode
• Booking details including date, time, and service type
• Vehicle details (for detailing clients)
• SMS conversation content
• Payment deposit status

Automatically collected information

• SMS delivery logs and timestamps
• Website analytics via Google Analytics (anonymised)
• IP addresses and basic device information

3. How We Use Your Information

• Service delivery: To operate the SMS booking bot and missed call recovery system on behalf of our clients
• Booking management: To record, confirm, and manage appointments
• Payment processing: To generate deposit payment links via Stripe
• Communications: To send automated SMS messages and reminders
• Service improvement: To analyse and improve our systems
• Legal compliance: To meet our obligations under applicable law

4. Legal Basis for Processing

• Contract performance: To provide our services to business clients
• Legitimate interests: To operate and improve our platform
• Legal compliance: To meet UK regulatory requirements
• Consent: Where explicitly provided for specific processing activities

5. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

• Encrypted data transmission (HTTPS) across all services
• Password-protected database access with JWT authentication
• Access controls limiting data access to authorised personnel only
• Secure cloud hosting via Railway

6. Third-Party Services (Sub-processors)

We use the following third-party services to deliver our platform. Each is subject to appropriate data protection agreements:

• Telnyx Inc — SMS delivery (USA, Standard Contractual Clauses apply)
• Stripe Inc — Payment processing (USA, Standard Contractual Clauses apply)
• Google LLC — Maps API for address validation (USA, Standard Contractual Clauses apply)
• Railway Corp — Cloud hosting and database (USA, Standard Contractual Clauses apply)
• Google Analytics — Website analytics (anonymised data only)

7. International Data Transfers

Some of our sub-processors are based in the United States. We ensure all international transfers are covered by appropriate safeguards, including UK Standard Contractual Clauses (UK SCCs) or the UK International Data Transfer Agreement (IDTA) as applicable.

8. Data Retention

• SMS conversations: Retained for 12 months
• Booking records: Retained for 24 months
• Account information: Retained while the client account is active, then deleted within 30 days of account closure
• Financial records: Retained for 7 years as required by law

9. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Right to access: Request a copy of your personal data
• Right to rectification: Request correction of inaccurate data
• Right to erasure: Request deletion of your data
• Right to restriction: Request that we limit processing of your data
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Object to certain types of processing

To exercise any of these rights, contact us at [email protected]. We will respond within one calendar month.

10. Cookies

Our website uses essential cookies for authentication, session management, and security. We also use Google Analytics cookies to understand website traffic. You can control cookie preferences through your browser settings.

11. Policy Updates

We may update this Privacy Policy from time to time. We will notify clients of significant changes by email or via the dashboard. The latest version is always available at this page.

12. Contact and Complaints

Auto Practice Limited
Email: [email protected]
Registered in England and Wales

If you have concerns about how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

---

This policy applies to autopracticelimited.com and all AutoPractice services operated by Auto Practice Limited.