Privacy Policy

1. Who we are

MotoHist is a service operated by Vellora Ops Ltd, a company registered in Scotland.

We are registered with the Information Commissioner's Office (ICO) under registration number ZC103541.

For all privacy-related enquiries, contact us at: [email protected]

2. What personal data we collect

We collect the following categories of personal data when you use MotoHist:

• Account data: Your email address and authentication credentials, managed via our authentication provider (Supabase).
• Contact and address data: Your postal address, collected when you make a booking with a MotoHist garage. This is shared with the garage to create a customer record and to support your ongoing service relationship with them. Providing your address is required to complete a booking.
• Profile data: Your chosen display name, location, biography, and profile photo if you create a community profile.
• Vehicle data: Details of motorcycles you register, including make, model, year, VIN, and registration plate.
• Service history data: Maintenance and service records associated with your vehicles, including records stamped by verified garages.
• Booking data: Appointment requests you submit to garages, and messages exchanged through the booking system.
• Community content: Posts, comments, group memberships, and interactions you create on the community platform.
• Technical data: IP addresses, browser type, and login timestamps collected by our authentication provider for security purposes.
• Audit log data: Every significant action on the platform - including booking requests, status changes, service record creation, and stamps - is recorded in an append-only audit log. Each entry records the type of action, the affected record, your account identifier, and a timestamp. The audit log does not contain your name, email, or contact details directly, but entries are linked to your account via a unique identifier.

3. How we use your personal data

4. How we share your personal data

We do not sell your personal data. We share it only in the following limited circumstances:

• With garages you book:When you request a booking, the garage can view your booking details, relevant vehicle information, and postal address through the MotoHist platform. This enables the garage to create and maintain a customer record for you within MotoHist. Your data remains on MotoHist's systems throughout - garages access it through the platform and do not receive a separate copy held independently of MotoHist. MotoHist remains the data controller for this information and you can exercise your rights in relation to it directly with us.
• When you share a history check token:Sharing a publicly accessible history check link makes a redacted view of your vehicle's service history available to the recipient. No owner name, contact details, or PII is included in history check outputs.
• With our service providers: We use trusted third-party providers (including Supabase for authentication and Amazon Web Services for file storage) who process data on our behalf under data processing agreements.
• As required by law: We may disclose data where required by a legal obligation, court order, or to protect the rights and safety of others.

5. Stamped service records

A core feature of MotoHist is the permanent, tamper-evident nature of service records that have been stamped by a verified garage. Once stamped, a service record cannot be edited or deleted by any party, including you or the garage. This is by design - it is what makes a MotoHist record trustworthy.

This means that certain personal data within a stamped record (such as the date of service and vehicle details) will be retained for as long as the vehicle record exists on the platform, even if you request erasure of your account. In such cases we will disassociate the record from your identity while preserving the record itself.

6. Data retention

• Account and profile data: Retained for as long as your account is active, or for up to 3 years following your last login. You may request deletion at any time.
• Vehicle and service records: Retained for the life of the vehicle record on the platform. Stamped records persist as described in section 5 above.
• Booking data: Retained for 7 years to comply with financial and legal record-keeping requirements.
• Contact and address data: Retained for the duration your account is active and for 3 years following your last login, in line with account data. Garages access this data through the MotoHist platform only - no separate copy is held outside of MotoHist's systems.
• Audit log: Entries are retained for the same period as the records they describe - booking-related entries for 7 years, service record entries for the life of the vehicle record. The audit log is append-only and cannot be deleted by application code. On account closure, audit entries are anonymised by removing your account identifier rather than deleted.
• Community content: Retained until you delete it, or until it is removed by moderation. Deleted posts are soft-deleted and fully purged within 30 days.

7. Your rights under UK GDPR

You have the following rights in relation to your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate data.
• Erasure: Request deletion of your data, subject to the limitations described in section 5 and 6.
• Portability: Receive your data in a structured, machine-readable format.
• Restriction: Request that we restrict processing of your data in certain circumstances.
• Objection: Object to processing carried out on the basis of legitimate interests.

To exercise any of these rights, email [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the ICO at ico.org.uk.

8. Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS), access controls, and audit logging of all write operations. No method of transmission over the internet is 100% secure; if you become aware of a security concern, please contact us immediately at [email protected].

9. Cookies and tracking

We currently use only strictly necessary cookies and local storage to maintain your login session. No advertising, analytics, or tracking cookies are set at this time.

As MotoHist develops - including when we introduce member benefits, partner discount programmes, or affiliate integrations - we may need to set additional cookies to track referrals, validate discount eligibility, or measure partner campaign performance. If and when this occurs:

• This policy will be updated before any such cookies are introduced.
• You will be notified by email or by an in-app prompt, and given the opportunity to manage your cookie preferences.
• Non-essential cookies will only be set with your explicit consent.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email or by a prominent notice within the platform. The "Last updated" date at the top of this page will always reflect the current version.