Privacy Policy

Tripinsync Ltd ("Tripinsync", "we", "us", "our") is committed to protecting your privacy and handling your personal data in a transparent, lawful, and responsible manner. This Privacy Policy explains how we collect, use, store, share, and protect personal data when you use our platform, website, and services.

We are registered with the Information Commissioner's Office (ICO) under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Our ICO registration number is [ZB123456]. Our registered address is Suite 100, One Canada Square, London E14 5AB.

1. Who We Are

Tripinsync Ltd is the data controller for personal data collected through our website (tripinsync.com) and platform. If you have any questions about how we use your data, contact our Data Protection Officer:

• Email: dpo@tripinsync.com
• Post: Data Protection Officer, Tripinsync Ltd, Suite 100, One Canada Square, London E14 5AB
• Phone: +44 (0)20 7946 0000

2. Data We Collect

We collect the following categories of personal data:

2.1 Account and Identity Data

• Full name, email address, and password (hashed and salted)
• Phone number and business address
• Account type (Personal, Corporate, Employee, Commercial, Lawyer, Admin)
• Company name, Companies House registration number (for corporate accounts)
• Professional credentials (for Lawyer accounts)

2.2 Vehicle Data

• Vehicle Registration Marks (VRMs)
• Vehicle make, model, colour, and year of manufacture
• MOT, tax, and insurance status (sourced from DVLA APIs)
• Fleet assignment and driver records

2.3 Penalty Charge Notice Data

• PCN reference numbers, issuing authority details, charge dates and amounts
• PCN images and supporting documents you upload
• Appeal correspondence and outcomes
• Payment records relating to PCNs

2.4 Usage and Technical Data

• IP address, browser type and version, operating system
• Pages visited, features used, session duration and frequency
• Device identifiers and app usage data
• Error logs and crash reports

2.5 Financial Data

• Billing name and address
• Payment method details (processed securely via Stripe — we do not store full card numbers)
• Transaction history and subscription status

2.6 Communications Data

• Enquiries and messages submitted via our contact form or support portal
• Email correspondence with our team
• Support chat transcripts

3. How We Use Your Data

We use personal data for the following purposes:

3.1 Contract Performance

To provide and manage your Tripinsync account and services, including PCN management, vehicle registry, smart parking, and other platform features. This is necessary for the performance of our contract with you.

3.2 Legal Obligations

To comply with legal requirements, including financial record-keeping, tax obligations, and responses to lawful requests from regulatory authorities.

3.3 Legitimate Interests

To improve our platform and services based on usage analytics, to detect and prevent fraud and security threats, to conduct research and development, and to communicate important service updates. We have assessed that these interests are not overridden by your rights and freedoms.

3.4 Consent

To send you marketing communications, newsletters, and promotional content — but only where you have given explicit consent. You can withdraw consent at any time by clicking "Unsubscribe" in any marketing email or contacting us at hello@tripinsync.com.

4. AI Processing and Automated Decision-Making

Our AI PCN appeals tool processes information you provide about your PCN to generate appeal letter recommendations. This constitutes automated processing. However, you retain full control over what is submitted — our AI provides recommendations; you make the final decision. No legally significant decisions are made about you solely by automated means without human review.

Where AI-generated content is used in formal appeal correspondence, you review and approve all content before submission. Our legal team periodically audits AI outputs for accuracy and legal compliance.

5. Data Sharing and Third Parties

We do not sell your personal data. We share data only with:

• DVLA: We query DVLA vehicle data APIs to populate and verify vehicle registry information. Queries are logged in compliance with DVLA data sharing agreements.
• Local authorities and parking operators: When submitting PCN challenges on your behalf, we share the minimum information necessary for the representation.
• Payment processors (Stripe): For secure payment processing. Stripe is PCI DSS Level 1 certified.
• Cloud infrastructure providers (AWS UK): All data is stored on servers located in the United Kingdom.
• Analytics providers (privacy-first tools only): We use Plausible Analytics, which does not set cookies or collect personal identifiers.
• Legal professionals: Where you request connection with a motoring solicitor through our platform, your case data is shared with your explicit consent.

6. International Data Transfers

All personal data is stored and processed on servers located in the United Kingdom. Where any third-party tools or services involve data processing outside the UK or European Economic Area, we ensure appropriate safeguards are in place, including UK IDTA (International Data Transfer Agreement) or equivalent adequacy mechanisms.

7. Data Retention

• Account data: Retained for the duration of your account plus 7 years after closure (for legal and tax compliance)
• PCN and appeal records: Retained for 6 years from the date of the PCN (in line with the Limitation Act 1980)
• Financial transaction records: Retained for 7 years (HMRC requirement)
• Marketing data: Retained until consent is withdrawn, then deleted within 30 days
• Usage logs: Retained for 90 days then anonymised

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Right of access: Request a copy of all personal data we hold about you
• Right to rectification: Correct inaccurate or incomplete personal data
• Right to erasure: Request deletion of your data where there is no legitimate reason to retain it
• Right to restrict processing: Request that we limit processing of your data in certain circumstances
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interests or for direct marketing
• Rights related to automated decision-making: Request human review of automated decisions that affect you

To exercise any of these rights, contact dpo@tripinsync.com. We will respond within 30 days (one calendar month) and will not charge a fee for routine requests. If we are unable to comply, we will explain why.

9. Cookies

We use a limited number of cookies on our website. For full details, see our Cookie Policy. You can manage cookie preferences at any time via your browser settings or our cookie consent banner.

10. Security

We implement industry-standard security measures to protect your personal data, including:

• TLS 1.3 encryption for all data in transit
• AES-256 encryption for sensitive data at rest
• Multi-factor authentication for all staff accessing production systems
• Regular penetration testing by accredited third parties
• Strict role-based access controls and audit logging
• ISO 27001-aligned information security management practices

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO within 72 hours of becoming aware, as required by UK GDPR Article 33.

11. Children's Data

Tripinsync is not designed for use by children under 18. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data without parental consent, please contact dpo@tripinsync.com and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (if you are a registered user) and update the "Last updated" date at the top of this page. Your continued use of Tripinsync after the effective date of any changes constitutes your acceptance of the updated policy.

13. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Phone: 0303 123 1113
• Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

We would appreciate the opportunity to resolve any concerns directly first. Please contact us at dpo@tripinsync.com before escalating to the ICO.