Privacy Policy

Overview

My Moto ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By creating an account and using the My Moto app, you agree to the collection and use of information in accordance with this policy.

Who We Are

My Moto is operated as an independent service based in the United Kingdom. For data protection enquiries, you can contact us at:

What Data We Collect

We collect the following personal data when you use My Moto:

• Account information — your email address and encrypted password when you register
• Vehicle information — UK registration plates and associated vehicle details you add to your garage
• Service records — dates you enter for service history, tyre checks and insurance renewals
• DVLA data — MOT and road tax information retrieved from the DVLA API based on your vehicle registration
• DVSA MOT history — full MOT test history including pass/fail results, defects, advisories and mileage readings retrieved from the DVSA MOT History API based on your vehicle registration
• Usage data — basic technical logs such as API request times, used for debugging and service reliability

How We Use Your Data

We use your data solely to provide and improve the My Moto service. Specifically:

• To create and manage your account
• To store and display your vehicle information
• To retrieve live MOT and tax data from the DVLA on your behalf
• To retrieve full MOT test history from the DVSA MOT History API on your behalf
• To send transactional emails such as email verification, password resets and account changes
• To send reminder notifications about upcoming MOT, tax and insurance renewals
• To diagnose technical issues and maintain service reliability

We do not sell, rent or share your personal data with third parties for marketing purposes.

Legal Basis for Processing

Under UK GDPR, we process your data on the following legal bases:

• Contract performance — processing your account and vehicle data is necessary to provide the service you signed up for
• Legitimate interests — basic technical logging to maintain and secure the service
• Consent — sending reminder and notification emails, which you can opt out of at any time

Data Storage & Security

Your data is stored on servers located within the United Kingdom. We use industry-standard security measures including:

• Encrypted HTTPS connections for all data in transit
• Bcrypt password hashing — we never store passwords in plain text
• JWT token-based authentication with expiry
• Database access restricted to authenticated application processes only

While we take security seriously, no method of transmission over the internet is 100% secure. We will notify you promptly in the event of any data breach that affects your personal information.

Third Party Services

My Moto uses the following third party services to operate:

• DVLA API — to retrieve vehicle MOT and tax status data. When you look up a registration, the plate is sent to the DVLA API. The DVLA's own privacy policy applies to that request.
• DVSA MOT History API — to retrieve full MOT test history for your vehicles, including past test results, recorded defects, advisories and odometer readings. When you view MOT history in the app, your vehicle registration is sent to the DVSA API. The DVSA's own privacy policy applies to that request. MOT history data is not stored on our servers — it is fetched live each time you view it.

We do not use third party analytics, advertising networks or tracking cookies.

Data Retention

We retain your personal data for as long as your account is active. If you delete your account, all associated data including your email address, vehicle records and service history is permanently and immediately deleted from our systems.

Basic technical logs may be retained for up to 30 days for security and debugging purposes before being automatically purged.

Your Rights

Under UK GDPR you have the following rights regarding your personal data:

• Right of access — you can request a copy of the data we hold about you
• Right to rectification — you can correct inaccurate data via the app settings at any time
• Right to erasure — you can permanently delete your account and all data from within the app settings
• Right to data portability — you can request your data in a portable format by contacting us
• Right to object — you can object to certain types of processing by contacting us
• Right to restrict processing — you can request that we limit how we use your data

To exercise any of these rights, please contact us at hello@my-moto.co.uk. We will respond within 30 days.

Cookies

The My Moto website (my-moto.co.uk) does not use cookies. The My Moto app stores authentication tokens locally on your device using standard iOS secure storage — this data never leaves your device except as part of authenticated API requests to our servers.

Children's Privacy

My Moto is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "last updated" date at the top of this page. For significant changes we will notify you by email. Continued use of My Moto after changes are posted constitutes acceptance of the updated policy.

Complaints

If you have concerns about how we handle your data, please contact us first at hello@my-moto.co.uk and we will do our best to resolve the issue.

You also have the right to lodge a complaint with the UK's data protection authority: