Privacy Policy

Who we are

GarageInvestor ("we", "us", "our") is operated by Secure Garage Space Ltd, a private limited company registered in England and Wales (company number 14994092). Our registered office is 26 Reynolds Walk, Horfield, Bristol, BS7 0HU, United Kingdom.

We are the data controller of personal data collected through garageinvestor.co.uk. We are registered with the UK Information Commissioner's Office (ICO) under registration number ZB611171.

Questions about this policy or your data: email hello@garageinvestor.co.uk.

What data we collect

We collect the following categories of personal data:

• Account data — name and email address you provide when signing up; an encrypted password if you set one; the tier you subscribe to.
• Newsletter data — email address and source (which page you signed up from) when you join our weekly newsletter.
• Payment data — name, email, billing address, and payment card details for paid subscriptions. Card details are processed and stored exclusively by Stripe — we never see or store your card number, security code, or full card information.
• Usage data — when you save a deal to your watchlist, view a deal page, or interact with the platform, we record this to provide the service. We use Vercel Web Analytics for aggregate, cookieless visitor statistics (pageviews, traffic source, country, device type). It does not use cookies, does not store personal identifiers, and does not track you across other websites.
• Communications — emails you send us, and the records of emails we send you (open and click events from our email provider).
• Technical data — IP address, browser type, and request timestamps logged automatically by our hosting and DNS providers for security and abuse prevention.

How we use your data

We use your data to:

• Provide and maintain your account and the GarageInvestor service
• Take payment for paid subscriptions and manage billing
• Send transactional emails (signup confirmation, payment receipts, deal alerts you've opted into, password reset, etc.)
• Send the weekly newsletter you've subscribed to (you can unsubscribe at any time)
• Respond to your enquiries and support requests
• Detect and prevent fraud, abuse, and unauthorised access
• Comply with legal obligations (HMRC tax records, anti-money-laundering checks where applicable)
• Improve the service through aggregate, non-identifying analysis

Lawful bases for processing

Under UK GDPR, we rely on the following lawful bases:

• Contract — to provide the service you've signed up for, including processing payments and providing access to paid features.
• Legitimate interest — to send you transactional and product update emails, prevent fraud, and improve our service.
• Consent — to send you the marketing newsletter. You can withdraw consent at any time using the unsubscribe link in any email or by emailing us.
• Legal obligation — to retain financial records as required by HMRC and UK law.

Who we share your data with

We share your data only with the data processors necessary to operate the service. Each is bound by data protection agreements and processes data only on our instructions:

• Supabase (database and authentication; data hosted in EU region) — privacy policy
• Vercel (website hosting) — privacy policy
• Cloudflare (DNS and content delivery) — privacy policy
• Stripe (payment processing) — privacy policy
• Resend (transactional email delivery) — privacy policy
• Beehiiv (newsletter delivery) — privacy policy
• Secure Garage Space Ltd (our parent company, where you ask us to handover account management or use the partner garage management service)

We do not sell your personal data, ever. We do not share your data with advertisers or third-party marketing partners.

International data transfers

Some of our processors (Stripe, Resend, Beehiiv, Vercel) are based in the United States. Where data is transferred outside the UK or EEA, we rely on appropriate safeguards including UK International Data Transfer Agreements, Standard Contractual Clauses, and the EU-US Data Privacy Framework where applicable.

How long we keep your data

• Account data — for as long as your account is active, plus 30 days after deletion to handle any disputes.
• Payment records — 6 years from the end of the relevant tax year, as required by HMRC.
• Newsletter subscription — until you unsubscribe.
• Support emails — 2 years from the last interaction.
• Server logs — typically 30 days, then deleted automatically.

Your rights

Under UK GDPR you have the right to:

• Access a copy of the personal data we hold about you
• Rectify inaccurate or incomplete personal data
• Erase your personal data (subject to legal retention obligations)
• Restrict how we process your data
• Object to processing based on legitimate interest
• Portability — receive a machine-readable copy of your data
• Withdraw consent at any time for processing based on consent
• Lodge a complaint with the UK Information Commissioner's Office at ico.org.uk

To exercise any of these rights, email us at hello@garageinvestor.co.uk. We'll respond within one calendar month.

Cookies and similar technologies

We use a small number of essential cookies to operate the service:

• Authentication cookies (set by Supabase) — keep you logged in. Strictly necessary; the site can't function without these for logged-in users.
• Session cookies (set by Vercel and Cloudflare) — manage requests and security. Strictly necessary.
• Stripe cookies — set during checkout for fraud prevention. Strictly necessary for payment processing.

We do not use advertising cookies or behavioural tracking cookies. Our analytics provider (Vercel Web Analytics) does not use cookies at all — it produces aggregate visitor statistics from anonymised request data only. If we add tracking cookies in future, we will update this policy and ask for your consent where required.

Security

We take security seriously. Specifically: passwords are hashed using industry-standard algorithms; data is encrypted in transit (TLS 1.2+) and at rest; payment data is handled by Stripe (PCI DSS Level 1 compliant) and never touches our servers; we use role-based access controls and audit logs.

Children

GarageInvestor is intended for people aged 18 and over. We do not knowingly collect data from children under 18. If you believe we have, please contact us and we will delete it.

Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top shows when. Material changes will be communicated via email to registered users.

Contact us

By email: hello@garageinvestor.co.uk
By post: Secure Garage Space Ltd, 26 Reynolds Walk, Horfield, Bristol, BS7 0HU