Last updated: April 2026
AutoLog ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This policy explains what data we collect, why we collect it, and your rights under the UK General Data Protection Regulation (UK GDPR).
AutoLog is operated as an independent UK-based service. Our contact email is hello@autologapp.co.uk.
We collect only the data necessary to provide the AutoLog service and to understand how it is used. The table below summarises what we collect and why.
| Data | Purpose |
|---|---|
| Email address and display name | Account authentication and communication |
| Vehicle registration numbers and details (make, model, MOT/tax dates, mileage) | Core app functionality — vehicle tracking |
| Fuel fill-up data (mileage, cost, fuel station name) | Fuel and cost tracking features |
| Service and maintenance records | Service history and maintenance scheduling |
| Scanned document images | Document storage — stored encrypted in private cloud storage |
| Trip distance data (distance only) | Trip logging — no routes or GPS paths are stored permanently |
| Device location | Used only for trip distance calculation; never stored permanently |
| Pseudonymous website and app usage data (see section 8a below) | Subject to your consent — used to understand and improve AutoLog |
AutoLog does not collect:
Under UK GDPR, we process your data on the following legal bases:
AutoLog uses the following third-party services to operate. Each is subject to its own privacy policy.
| Service | Purpose | Data shared |
|---|---|---|
| Supabase (EU London region) | Database, authentication and analytics storage | Account, vehicle and pseudonymous usage data |
| DVLA Vehicle Enquiry API (UK Government) | Vehicle registration lookups | Registration number only |
| DVSA MOT History API (UK Government) | MOT history retrieval | Registration number only |
| OpenAI | Document OCR and maintenance data | Document images and registration number; no other PII |
| Cloudflare | Website hosting, DDoS protection, country-level IP geolocation | Standard web request data. Cloudflare may derive country from IP; we store only the two-letter country code (e.g. "GB"), not the IP address. |
| Apple (App Store, Sign in with Apple, StoreKit) | App distribution, authentication, subscriptions | Handled directly by Apple under their privacy policy |
| Resend | Transactional email delivery | Email address |
We do not sell your data to any third party. We do not use third-party analytics providers (such as Google Analytics, Mixpanel or Meta Pixel). All analytics data is stored in our own Supabase database.
All data is transmitted over encrypted HTTPS connections. Scanned document images are stored encrypted at rest in private cloud storage accessible only to your account. We use Supabase's row-level security to ensure your data is accessible only to you.
Your account data is retained for as long as your account is active. If you delete your account, all associated personal data is permanently removed within 30 days. Anonymised, aggregated statistics that cannot identify you may be retained for longer for service improvement purposes.
Pseudonymous analytics data collected under consent is retained for up to 24 months from the date of collection. See section 8a for details.
You have the following rights regarding your personal data:
To exercise any of these rights, contact us at hello@autologapp.co.uk. We will respond within 30 days.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
The AutoLog website and web app use no third-party tracking cookies and no advertising cookies. The only information stored in your browser is:
sb-. These are essential for the service to function and cannot be disabled without logging you out.al_vid) — remembers which vehicle you last viewed. Strictly necessary for UX continuity.al_consent_v1) — stores your analytics consent choice (accepted or rejected). Storing this record is itself strictly necessary to implement the consent mechanism.al_first_action_prompted_*, al_history_prompt_*) — remember whether you have dismissed certain UI prompts. These are only set if you have accepted analytics. Clearing them has no effect on core functionality.al_anon_id, al_session_id, al_utm, al_first_touch, al_page_start, al_session_ts) — only set if you have accepted analytics. Details in section 8a below. Cleared if you withdraw consent.No third-party advertising or analytics cookies are set. AutoLog does not use Google Analytics, Meta Pixel, or any other external tracking service.
You can review or change your analytics preference at any time using the Cookie preferences link in the footer of any page.
AutoLog collects pseudonymous product analytics data only with your explicit consent. You will be asked for consent via a banner when you first visit the site. If you do not accept, no analytics data is collected. If you accept, the following is collected:
Every event is tagged with two identifiers: a long-lived anonymous ID (a randomly generated UUID stored in your browser's local storage) and a session ID (a randomly generated UUID that resets after 30 minutes of inactivity). If you subsequently sign in or create an account, events after that point are also tagged with your account identifier.
These identifiers are pseudonymous: they let us count unique visitors and analyse session behaviour without storing your name, email address, or IP address alongside each event. Email addresses and registration plates referenced in events are SHA-256 hashed on your device before transmission.
Analytics data is stored in AutoLog's own Supabase database, in the EU London region. It is not shared with any third-party analytics provider. AutoLog does not use Google Analytics, Mixpanel, Hotjar or any equivalent external service. The data is accessible only by AutoLog's owner and is used solely to improve the product.
Analytics data is retained for up to 24 months from the date of collection and used only in aggregated form for product improvement and marketing attribution. It is not used for advertising, is not sold to third parties, and is deleted once the retention period expires.
You can withdraw analytics consent at any time using the Cookie preferences link in the footer of any page. Withdrawing consent stops future analytics collection and clears the analytics identifiers from your browser. It does not delete previously collected pseudonymous events, but those events cannot be tied back to you once the anonymous ID is cleared from your device. You may also request deletion of all events tied to your anonymous ID by contacting hello@autologapp.co.uk.
AutoLog is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
We may update this Privacy Policy from time to time. Material changes will be communicated to you by email. Continued use of AutoLog after changes take effect constitutes acceptance of the updated policy. The date at the top of this page indicates when the policy was last revised.
If you have any questions about this Privacy Policy or how we handle your data, please contact us:
AutoLog
Email: hello@autologapp.co.uk