Privacy Policy

1. Who We Are

TestGrab ("we", "us", "our") is a UK-based service operated via testgrab.co.uk. We are the data controller for the personal information we collect through the TestGrab mobile app and website.

We are registered with the UK Information Commissioner's Office (ICO registration number: pending). We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy explains what data we collect, why we collect it, who we share it with, how long we keep it, and what your rights are. If anything here is unclear, contact us at support@testgrab.co.uk.

2. Data We Collect

We collect the following personal data when you use TestGrab:

3. Legal Basis for Processing

Under UK GDPR Article 6, we rely on the following legal grounds:

DataLawful basis
Email, DVSA credentials, search preferences, payment dataContract performance - necessary to deliver the service you signed up for
Scanner activity logs, error reportsLegitimate interest - service operation, debugging, fraud prevention
Push notificationsConsent - only sent if you grant the OS-level permission. Revoke any time in device settings.
Marketing emails (currently none)Consent - opt-in only

We do not carry out profiling or fully automated decision-making with legal or similarly significant effects.

4. How We Use Your Data

Your personal data is used solely to:

We never sell, rent, share, or otherwise disclose your personal data to third parties for their own marketing purposes.

5. Third-Party Service Providers (Data Processors)

We share the minimum necessary personal data with a small number of service providers who process it on our behalf, each under a UK-GDPR-compliant data-processing agreement. We disclose these by category of provider:

Category of processorPurposeSafeguards
Cloud hosting & database providerStores your account data and runs the service backendEU-hosted; UK-GDPR-compliant DPA
Payment processor (PCI-DSS Level 1)Processes your paymentUK IDTA / Standard Contractual Clauses for any non-UK transfer
Push-notification providerDelivers app notifications to your deviceStandard Contractual Clauses for any non-UK transfer
Error & performance monitoringDiagnoses crashes and faults; may receive your email and technical diagnostic dataStandard Contractual Clauses for any non-UK transfer

The technical infrastructure we use to monitor the DVSA website does not receive your personal identity. We never sell, rent, or share your personal data for any third party's own marketing purposes.

6. Data Security

No system is 100% secure. We follow industry-standard practices but cannot guarantee absolute security.

7. Data Retention

DataRetention
Account data (email, preferences)While your account is active; deleted within 30 days of account closure
DVSA credentialsDeleted immediately when you disconnect DVSA in the app, or within 30 days of account closure
Booking history6 years (UK financial-records requirement under HMRC rules)
Scanner activity logs90 days, then automatically pruned
Payment records6 years (held by our payment processor)
Push notification tokensWhile your account is active; deleted on closure

You can request earlier erasure at any time - see section 8.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Most rights can be exercised directly from the in-app Settings screen (delete account, change preferences). For formal requests, email support@testgrab.co.uk. We respond within 30 days as required by UK GDPR.

9. International Transfers

Most processing happens in the UK or EU. Where we use US-based processors, data transfers are protected by the UK International Data Transfer Agreement (IDTA) and/or Standard Contractual Clauses (SCCs) approved by the European Commission.

We carry out a transfer impact assessment before adding any new US processor.

10. Children and Young People

TestGrab is designed for people aged 17 and over (the minimum driving age in Great Britain). We do not knowingly collect data from anyone under 17. If we discover we have collected data from a child under 17, we will delete it promptly.

11. Cookies and Tracking

12. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office:

We'd appreciate the chance to address your concerns first - please contact us at support@testgrab.co.uk before escalating.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Substantive changes will be notified via the app or by email at least 14 days before they take effect. The "Last updated" date above always reflects the latest revision.

14. Contact Us