Privacy Policy

Last updated: May 2026  ·  Applies to autoalpha.co.uk

AutoAlpha ("we", "us", "our") is committed to protecting your personal data. This policy explains what information we collect, why we collect it, and how we use it when you use our website and services at autoalpha.co.uk.

1. Who we are

AutoAlpha is a UK-based car market analytics service. For any privacy-related queries, contact us at hello@autoalpha.co.uk.

2. Data we collect

• Account data: when you register, we store your email address, hashed password, and plan type.
• Usage data: we log the searches you run (make, model, filters used) and the results returned, linked to your account.
• Payment data: payments are processed by Stripe. We do not store your card details - Stripe handles all payment data under their own privacy policy.
• Technical data: IP address, browser type, pages visited, and session duration, collected via standard server logs.
• Contact form data: name, email, and message content when you submit a contact enquiry.

3. How we use your data

• To provide and maintain your AutoAlpha account and subscription.
• To process payments and manage your billing.
• To store and retrieve your scrape history so you can re-download results.
• To respond to contact form enquiries.
• To send transactional emails (e.g. account confirmation, password reset). We will not send marketing emails without your consent.
• To monitor and improve site performance and reliability.

4. Legal basis for processing (UK GDPR)

• Contract: processing your account and subscription data is necessary to deliver the service you signed up for.
• Legitimate interests: security monitoring, fraud prevention, and improving our service.
• Consent: any marketing communications (if offered in future) will require explicit opt-in.

5. Data retention

We retain your account data for as long as your account is active. If you delete your account, your personal data is permanently removed within 30 days. Scrape history associated with your account is deleted at the same time. Anonymised, aggregated usage statistics may be retained indefinitely.

6. Data sharing

We do not sell your personal data to third parties. We share data only with:

• Stripe: for payment processing.
• Render / our hosting provider: for server infrastructure. Data is stored in the EU/UK.
• Supabase: for database services (EU region).

We may disclose data if required by law or a valid legal request.

7. Cookies

We use a session authentication cookie to keep you logged in. We do not use advertising cookies or third-party tracking cookies. No cookie consent banner is shown because we only use strictly necessary cookies.

8. Your rights

Under UK GDPR you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data ("right to be forgotten").
• Object to or restrict processing in certain circumstances.
• Data portability - receive your data in a machine-readable format.

To exercise any of these rights, email hello@autoalpha.co.uk. We will respond within 30 days.

9. Security

Passwords are hashed using bcrypt and never stored in plain text. All data is transmitted over HTTPS. We conduct regular security reviews and apply updates promptly.

10. Changes to this policy

We may update this policy as our service evolves. Material changes will be communicated via the email address on your account. Continued use of AutoAlpha after changes constitutes acceptance of the updated policy.