Last updated: 21 May 2025
PCNTrack is a UK-based fleet compliance automation platform operated as a sole trader business. We are registered with the Information Commissioner's Office (ICO) under the UK Data Protection Act 2018 and UK GDPR. Our data controller registration number is [ICO REGISTRATION NUMBER — add once registered].
Contact us: hello@pcntrack.co.uk
We collect and process the following personal data:
| Business account data | Name, email, business name | Contract performance | Duration of your account |
| Driver data | Name, mobile number, vehicle reg | Legitimate interest (PCN matching) | 3 years from last PCN, then deleted |
| PCN records | PCN reference, amount, issuer, photos | Contract performance | 7 years (HMRC compliance) |
| Payment data | Handled entirely by Stripe — we never see card numbers | Contract performance | Per Stripe's policy |
| Usage data | Login times, feature usage | Legitimate interest (service improvement) | 12 months rolling |
| Error logs | Technical errors, stack traces (via Sentry) | Legitimate interest (reliability) | 90 days rolling |
We retain personal data only for as long as necessary:
When you delete a driver or PCN in the dashboard, it is soft-deleted (hidden from your view immediately) and permanently destroyed within 90 days.
We use the following cookies and tracking technologies:
| Supabase session | Essential | Keeps you logged in | Session end |
| Sentry | Functional | Captures errors to improve reliability | 90 days |
| pcntrack_cookie_consent | Essential | Remembers your cookie preference | 1 year |
We do not use advertising cookies, social media tracking pixels, or any third-party analytics tools. You can withdraw consent for non-essential cookies at any time by clearing your browser cookies or using the consent banner at the bottom of any page.
We use the following sub-processors:
| Supabase (EU West — Ireland) | Database and authentication | EU standard contractual clauses |
| Stripe | Payment processing | UK adequacy decision |
| Twilio | SMS notifications | Standard contractual clauses |
| Anthropic | AI PCN extraction (photo processing) | Standard contractual clauses |
| Sentry | Error monitoring | Standard contractual clauses |
| Vercel | Hosting and deployment | Standard contractual clauses |
We never sell your data. We never share your data with advertisers.
You have the right to:
To exercise any right, email us at hello@pcntrack.co.uk. We will respond within 30 days. You also have the right to complain to the ICO at ico.org.uk.
If you use PCNTrack to process personal data on behalf of your business (for example, your drivers' data), we act as a data processor and you act as the data controller. A Data Processing Agreement (DPA) is available at /dpa and is incorporated into our Terms of Service for all customers.
All data is stored in Supabase (EU West, Ireland) with Row Level Security enforced at the database level, ensuring complete multi-tenant isolation. All connections are encrypted in transit (TLS 1.3). Passwords are never stored — we use Supabase Auth with email-based authentication.
We will notify you by email of any material changes to this privacy policy at least 30 days before they take effect. The current version is always available at pcntrack.co.uk/privacy.