This Privacy Policy explains how Infinite Life Records Ltd (trading as ALL V Compliance) collects, uses, stores and protects your personal data when you use our platform. We are committed to handling your data transparently and in full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who we are
Infinite Life Records Ltd, trading as ALL V Compliance, is a UK-based technology company that provides a vehicle compliance management platform for private vehicle owners, garage businesses and fleet operators. We are the data controller for personal data collected through our website and application.
Our platform connects vehicle owners with garage businesses, enables fleet operators to monitor driver compliance, and provides tools for UK vehicle regulatory tracking (MOT, road tax, insurance and driving licence).
For data protection enquiries, contact us at: privacy@allvcompliance.com
2. What data we collect
All users (owners, garages, fleet operators)
- Account information: first name, last name, email address, hashed password, phone number
- Account type: Vehicle Owner, Garage, or Fleet Operator
- Device and usage data: browser type, IP address, pages visited, actions taken within the app — collected for security and product improvement
Vehicle Owners
- Vehicle data: registration number, make, model, year, colour, fuel type
- Compliance data: MOT status and expiry, road tax status and expiry, insurance provider and policy details, driving licence information
- Documents: uploaded MOT certificates, insurance certificates and NCB documents (stored securely; processed by OCR to extract key dates)
- Booking history: MOT and service bookings made through the platform
Garage Operators
- Business information: garage name, address, postcode, MOT licence number, Authorised Examiner (AE) number
- Service data: booking records, customer vehicle records, invoice and payment information, advisory quote history
- Availability data: MOT slot availability you publish on the platform
Fleet Operators
- Business information: company name, company registration number, address
- Fleet data: vehicle registrations and compliance status for vehicles under your management
- Courier/driver links: email addresses of drivers you invite to share their compliance data with you; driver compliance data shared with your explicit consent and theirs
Data from the DVLA
When you or a visitor enters a vehicle registration number, we query the DVLA Vehicle Enquiry Service (VES) API to retrieve publicly available vehicle information including MOT status, tax status, make, colour and year of manufacture. This is done in real time and the response is stored against your vehicle record.
3. How we use your data
- To provide the platform: creating and managing your account, displaying your vehicle compliance status, processing bookings and quotes
- To send compliance reminders: notifying you when your MOT, road tax or insurance is approaching expiry
- To power the AI assistant (Moti): your vehicle and compliance data is used to generate personalised responses from our AI assistant. Data sent to the AI is processed by Anthropic's Claude API under a data processing agreement
- To connect you with garages: sharing your vehicle registration and contact details with a garage when you make a booking through the platform
- For garage and fleet management: displaying booking, customer and compliance data within the relevant dashboard
- For platform security and fraud prevention: monitoring for unusual activity, preventing unauthorised access
- To improve our service: analysing aggregated usage data to understand how the platform is used and where we can improve
- To comply with legal obligations: retaining records as required by UK law
4. Our lawful basis for processing
Under UK GDPR, we must have a lawful basis for each type of processing we carry out:
- Contract (Article 6(1)(b)): processing necessary to provide the service you signed up for — account management, vehicle tracking, bookings
- Legitimate interests (Article 6(1)(f)): platform security, fraud prevention, service improvement, sending compliance reminders to existing users
- Legal obligation (Article 6(1)(c)): retaining financial records and complying with HMRC requirements
- Consent (Article 6(1)(a)): sending push notifications and marketing communications — you can withdraw consent at any time
5. Who we share your data with
We do not sell your personal data. We share data only with the following third parties, each under appropriate data processing agreements:
- DVLA (Driver and Vehicle Licensing Agency): we query the VES API to retrieve vehicle compliance data. The DVLA is a UK government body and acts as a data controller in its own right
- Neon (database): our PostgreSQL database is hosted on Neon's infrastructure. All data is stored within the EU/UK under appropriate data transfer safeguards
- Railway (backend hosting): our API server is hosted on Railway. Processing occurs within the EU
- Netlify (frontend hosting): our web application is served via Netlify's global CDN
- Anthropic (AI processing): when you use the Moti AI assistant, relevant vehicle and compliance data is sent to Anthropic's Claude API to generate responses. No data is used to train Anthropic's models under our enterprise agreement
- Garages on the platform: when you book a service, the garage receives your name, contact details and vehicle registration. Garages are independent data controllers for any further processing they carry out
- Fleet operators (for drivers/couriers): if you accept a fleet link invitation, your vehicle compliance data is shared with that fleet operator. You can revoke this at any time from within the app
We may disclose personal data to law enforcement or regulatory authorities if required by law, or to protect the rights, property or safety of ALL V Compliance, our users or the public.
6. How long we keep your data
- Active accounts: we retain your data for as long as your account is active and for a period of 12 months after account closure
- Vehicle compliance records: retained for 6 years to support compliance history and potential disputes
- Financial and booking records: retained for 7 years in line with HMRC requirements
- Uploaded documents: retained until you delete them or close your account, whichever is sooner
- Inactive accounts: if your account has been inactive for 24 months and you have not responded to re-engagement communications, we will delete your account and associated data
7. Your rights
Under UK GDPR you have the following rights regarding your personal data:
✦ Right of access
Request a copy of the personal data we hold about you (Subject Access Request).
✦ Right to rectification
Ask us to correct inaccurate or incomplete personal data.
✦ Right to erasure
Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
✦ Right to restrict processing
Ask us to pause processing of your data in certain circumstances.
✦ Right to data portability
Receive your data in a structured, machine-readable format to transfer to another service.
✦ Right to object
Object to processing based on legitimate interests, including direct marketing.
✦ Withdraw consent
Where processing is based on consent (e.g. push notifications), withdraw it at any time without affecting past processing.
✦ Right to complain
Lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have mishandled your data.
To exercise any of these rights, contact us at privacy@allvcompliance.com. We will respond within 30 days.
ICO: You can contact the Information Commissioner's Office at ico.org.uk or by calling 0303 123 1113 if you have concerns about how we handle your personal data.
8. Cookies
Our website uses minimal cookies. We do not use advertising or tracking cookies.
- Strictly necessary: session tokens stored in
localStorage to keep you logged in across visits. These are essential and cannot be disabled.
- Functional: your app preferences (e.g. selected user type, last viewed page) stored in
localStorage to improve your experience.
- Analytics: we do not currently use any third-party analytics cookies. If we introduce analytics in future, we will update this policy and request your consent.
You can clear stored data at any time by clearing your browser's site data in Settings. Note this will log you out of the application.
9. Security
We take the security of your data seriously and implement appropriate technical and organisational measures, including:
- All data transmitted between your device and our servers is encrypted using TLS (HTTPS)
- Passwords are never stored in plain text — we use bcrypt hashing with a minimum cost factor of 10
- Authentication uses signed JSON Web Tokens (JWT) with short expiry times
- Our database (Neon PostgreSQL) is hosted within the EU with encryption at rest
- Access to production systems is restricted to authorised personnel only
- We conduct regular reviews of our security practices
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform affected users without undue delay.
10. Children
ALL V Compliance is not directed at children under the age of 17. We do not knowingly collect personal data from anyone under 17. If you believe a child has provided us with personal data, please contact us at privacy@allvcompliance.com and we will delete it promptly.
11. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology or legal requirements. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Notify registered users by email or via an in-app notification
- Where required by law, request fresh consent
Continued use of the platform after changes take effect constitutes acceptance of the updated policy.
12. Contact us
If you have any questions, concerns or requests relating to this Privacy Policy or our data practices, please contact us: