Privacy Policy

Version 2.0 · Effective: 26 March 2026 · GDPR Compliant

  Plain English summary: We store your email address and a record of your searches to operate the Service. We use Google Analytics to understand how people use the site and Google Ads to measure advertising effectiveness. Payments are handled by Stripe. We do not sell your data, share it with advertisers, or use it for anything beyond operating this service. You can ask us to delete everything at any time.

1. Who we are

FactorySpecs is operated by FactorySpecs Ltd, registered in England. For GDPR purposes, we are the data controller for personal data processed through this Service.

Contact: hello@factoryspecs.co.uk

2. What data we collect

Account data: When you register, we collect your email address and a hashed (one-way encrypted) version of your password. We never store your password in plain text.

Payment data: If you purchase a report or credit pack, payment is processed by Stripe. We receive confirmation of payment, your email address, and transaction amount. We do not receive, process, or store your card number, expiry date, or CVV. Stripe's privacy policy applies to payment processing.

Usage data: We log the vehicle registration plates you search, the date and time of each search, the report type, and the number of credits used. This is used to deliver the Service, operate the credit system, and monitor for abuse.

Technical data: Standard server logs may record your IP address and browser type. These are not linked to your account and are retained for a maximum of 30 days.

Analytics data: We use Google Analytics to collect anonymised data about how visitors use the site, including pages visited, time on site, and referral source. This data is aggregated and cannot identify you personally. We also use Google Ads conversion tracking to measure the effectiveness of our advertising.

What we do NOT collect: We do not collect precise location data, biometric data, or any special category personal data. We do not store payment card details.

3. How we use your data

To provide the Service: authenticating your account, delivering reports, and managing credits (Legal basis: Contract)
To process payments: via Stripe, to fulfil purchases (Legal basis: Contract)
To send service communications: order confirmations, important updates, and responses to your enquiries (Legal basis: Contract / Legitimate interests)
To improve the Service: understanding how the site is used via analytics (Legal basis: Consent, via cookie banner)
To measure advertising: tracking whether ad clicks result in signups or purchases (Legal basis: Consent, via cookie banner)
To prevent abuse: detecting automated use, fraudulent transactions, or misuse of the Service (Legal basis: Legitimate interests)

We do not use your data for automated profiling, behavioural advertising, or any purpose beyond operating this Service.

4. Data sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes.

To operate the Service, your vehicle lookup requests are processed by our data providers. These requests contain vehicle registration numbers or VINs only, not your name or email address.

We use the following sub-processors:

Railway (railway.app): hosting and infrastructure
Stripe (stripe.com): payment processing. Stripe receives your email and payment details as necessary to process transactions. See Stripe's privacy policy.
Google (analytics.google.com): anonymised website analytics and advertising measurement
DVSA / DVLA: MOT history and vehicle enquiry data (no personal data transmitted, vehicle reg only)
Vehicle data providers: factory option, valuation, and vehicle history data (vehicle reg/VIN only, no personal data transmitted)

5. Data retention

We retain your account data and search history for as long as your account is active. If you delete your account or request erasure, your data will be permanently deleted within 30 days. Payment records may be retained for up to 7 years as required by UK tax law.

6. Your rights under GDPR

As a UK/EU data subject, you have the right to:

Access: request a copy of the personal data we hold about you
Rectification: ask us to correct inaccurate data
Erasure: ask us to delete your account and all associated data ("right to be forgotten")
Restriction: ask us to stop processing your data in certain circumstances
Portability: receive your data in a machine-readable format
Object: object to processing based on legitimate interests
Withdraw consent: for analytics cookies, at any time via your browser settings or our cookie preferences

To exercise any of these rights, email hello@factoryspecs.co.uk. We will respond within 30 days.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

7. Cookies

We use the following cookies:

Strictly necessary (always active):

Session cookie: keeps you logged in during your visit. Essential to operate the Service.
Cookie preference cookie: remembers whether you have accepted or rejected optional cookies.

Analytics and advertising (require consent):

Google Analytics (_ga, _ga_*): anonymised usage data to help us understand how the site is used. No personal data is transmitted. Set by Google, expires after 2 years.
Google Ads conversion tracking (_gcl_*): measures whether ad clicks lead to actions on our site. Does not track you across other websites. Set by Google, expires after 90 days.

You can withdraw cookie consent at any time by clearing your browser cookies or using your browser's privacy settings.

8. International transfers

Some of our sub-processors (Google, Stripe) may process data outside the UK/EEA. Where this occurs, appropriate safeguards are in place including Standard Contractual Clauses and/or adequacy decisions.

9. Security

Your password is stored as a one-way hash. We cannot recover it. All data is transmitted over HTTPS. Payment processing is handled entirely by Stripe, a PCI DSS Level 1 certified provider. However, no system is completely secure and we cannot guarantee absolute security.

10. Children

This Service is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has registered, please contact us and we will delete the account immediately.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. The "Effective" date at the top of this page will always reflect the most recent version.

Also see our Terms of Use