Data export and account deletion
GarageHQ is run by GarageHQ UK Ltd, a UK Limited Company registered with the Information Commissioner's Office (ICO). UK GDPR gives you specific rights over your personal data. This article covers two of the most-used:
- Right of access (Article 15) — get a copy of everything we hold on you.
- Right to erasure (Article 17) — make us permanently delete it.
What we actually hold
Before you decide to export or delete, here's the rough shape of what's stored:
| Data | Where | Notes |
|---|---|---|
| Email, display name, sign-in provider | users table | Set when you sign up. Editable from Settings. |
| Sign-in audit (last 90 days) | signin_log table | Provider used, timestamp, alert flags. Can't be edited; auto-purged at 90 days. |
| Vehicles you own | vehicles + service_history + mileage_log + appointments | Anything tied to your owner_id. |
| Email send log (last 90 days) | email_send_log table | Records of emails we sent you (reminders, invites, alerts). |
| History check reports you ran | vehicle_history_checks table | Plus the underlying provider responses. |
| Stripe customer record | Stripe (third-party) | Card details + invoices. We hold a customer ID, Stripe holds the rest. |
We do not hold:
- Your password (we use OAuth or passwordless email — there's no password to lose).
- Your card number (Stripe handles this; we never see it).
- Marketing or behavioural tracking — we don't do third-party analytics.
Exporting your data
The simplest path is email privacy@garagehq.uk from the address on your account, asking for a copy of your data. We respond within 30 days (statutory) but in practice within a couple of working days.
You'll receive a JSON archive containing:
- Every record in the tables above where you appear as
owner_idoruser_id. - Decrypted history-check reports as PDFs.
- A receipt of the export request itself (so you have an audit trail).
The archive is delivered as a password-protected ZIP via a one-time link. Password is sent separately via SMS or a different email of your choice.
Deleting your account
The right to erasure is broader than just deleting your row. The full process:
- Email privacy@garagehq.uk from the address on your account, asking us to delete it. State whether you also want any vehicles you own to be deleted (default is yes; you can opt to keep them and have them reassigned to another org member instead).
- We confirm receipt within one working day with what we're about to delete and ask you to confirm.
- You confirm. This step exists to avoid bad actors deleting accounts they've gained brief access to.
- We delete. The deletion happens within 30 days (statutory) — usually within a few hours of confirmation. Specifically:
- Your
usersrow, sign-in audit, alert preferences, and email log entries are removed. - Vehicles you own (and their service history, mileage, appointments, photos, history check reports) are removed unless you opted out.
- Your membership in any orgs is removed.
- Your Stripe customer record is anonymised but the historical invoices are retained — Stripe (and HMRC) require us to keep payment records for accounting purposes, separate from your identity.
- Your
After deletion you'll receive a final confirmation email with the date the action completed.
What we keep after deletion (and why)
A short list of things UK law requires us to retain even after an erasure request:
| Data | Retention | Reason |
|---|---|---|
| Stripe invoices and payment records | 7 years | HMRC accounting requirement |
| Tax records mentioning your name | 7 years | HMRC |
| Sign-in audit if it's evidence of a security incident | Until incident resolved | Legitimate interest under GDPR |
These are anonymised where possible. You don't have a right to compel deletion of records that other UK laws require us to keep.
Right to rectification
If something we hold is wrong but you don't want to delete it, just edit it from Settings (display name, alert windows, notification preferences). For things you can't edit yourself (sign-in audit entries you believe are wrong, history check results), email privacy@garagehq.uk with what's wrong and what you'd like corrected.
ICO complaint route
If you're unhappy with how we've handled a data request, you can complain to the UK ICO at ico.org.uk/concerns. We'd much rather you tried to resolve with us first, but the ICO route is your statutory right.
What next?
- Contacting support, general questions and bug reports.
- Locking your account, secure your sign-in if you're worried about access.
- Removing a vehicle, delete a single vehicle without touching your account.