Skip to main content

Privacy Policy

Last updated: February 2026

PotholeClaims.co.uk (“we”, “us”, or “our”) is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our service.

1. Data controller

PotholeClaims.co.uk is the data controller for the personal data we process. If you have any questions about this policy, please contact us at privacy@potholeclaims.co.uk.

2. Data we collect

We collect the following information when you use our service:

  • Account information: name, email address, and password hash
  • Claim information: incident details (date, location, description), vehicle details, damage details, and repair costs
  • Evidence files: photos, invoices, and other documents you upload
  • Payment information: processed by Stripe — we do not store your card details
  • Usage data: pages visited, features used, and claim progress

3. How we use your data

We use your data to:

  • Generate your claim pack documents
  • Provide the AI claim assistant functionality
  • Track and display your claim progress
  • Process payments via Stripe
  • Send transactional emails (receipts, claim updates)
  • Improve our service based on anonymised usage patterns

3a. AI processing

Our AI claim assistant uses Google Gemini to process your queries. When you use the AI assistant, your claim details and question are sent to Google's AI service to generate a response. We do not send your name, email, or contact details to the AI service. AI conversations are logged for quality and safety monitoring and are deleted when your account is deleted. AI responses are not legal advice.

4. Legal basis for processing

We process your data under the following legal bases under the UK GDPR:

  • Contract: processing necessary to provide our service to you
  • Legitimate interest: improving our service and preventing fraud
  • Consent: for optional marketing communications (which you may withdraw at any time)

5. Data storage and security

  • All data is stored in EU data centres (Supabase, London region, eu-west-2)
  • Data is encrypted at rest and in transit (TLS 1.2+)
  • Row-level security (RLS) ensures you can only access your own data
  • Evidence files are stored in private, encrypted storage buckets
  • We implement regular security audits and vulnerability scanning

6. Data retention and deletion

  • Active claims: data retained for the duration of your case
  • Case closure: when you close your case, all personal data and uploaded files are permanently deleted within 30 days
  • Dormant accounts: accounts with no activity for 15 months are automatically deleted
  • Payment records: retained for 7 years as required by UK tax law (held by Stripe)

Account deletion: You can delete your account and all associated data at any time from your dashboard settings. Upon deletion, all claim data, evidence files, AI chat history, and personal information are permanently removed within 24 hours. Payment transaction records are retained in anonymised form for 7 years as required by UK tax law (held by Stripe). Anonymised records contain no personally identifiable information.

Automatic purge: Accounts with no login activity for 15 months are automatically deleted following the same process.

7. Third-party sharing

We do not sell, rent, or share your personal data with third parties, except:

  • Stripe: for payment processing (subject to Stripe's privacy policy)
  • Supabase: as our infrastructure provider for data storage
  • Law enforcement: if required by law or court order

8. Your rights

Under the UK GDPR, you have the right to:

  • Access: request a copy of your personal data
  • Rectification: correct inaccurate personal data
  • Erasure: request deletion of your personal data
  • Portability: receive your data in a structured, machine-readable format
  • Restriction: restrict how we process your data
  • Objection: object to processing based on legitimate interest

To exercise any of these rights, email us at privacy@potholeclaims.co.uk. We will respond within 30 days.

9. Cookies

We use essential cookies only — for authentication sessions and security. We do not use tracking cookies or third-party analytics.

10. Children

Our service is not intended for individuals under 18 years of age. We do not knowingly collect data from children.

11. Changes to this policy

We may update this privacy policy from time to time. We will notify you of any material changes by email or by posting a notice on our website.

12. Contact and complaints

If you have concerns about how we handle your data, please contact us at privacy@potholeclaims.co.uk.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.