Privacy Policy
Last updated: 24 May 2026
This Privacy Policy explains how Karqi handles personal data in connection with the Karqi fleet compliance service (the "Service"). It is written to comply with the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003 ("PECR").
1. Who we are
Karqi (a division of cheesman.uk)
47 New Farm Road, Alresford, Hampshire, SO24 9QT, United Kingdom
info@karqi.co.uk.
We act as a data controller for personal data relating to visitors to our website, prospective customers, and the administrators and users who register for an account.
We act as a data processor on behalf of our business customers for personal data that they upload into the Service about their drivers, vehicles and operations. In that case, the customer organisation is the controller and our processing is governed by the Terms of Service and the Data Processing Addendum contained within them.
2. The personal data we collect
- Account data: name, email address, hashed password, role within your organisation.
- Organisation data: company name, fleet size, vehicle registrations, driver names and contact details that you add.
- Operational data: daily walk-around check answers, defect descriptions and photographs, MOT, tax, insurance and service records, incident reports.
- Billing data: handled by Stripe Payments UK Ltd. We store only customer and subscription identifiers, plan, quantity and invoice metadata. We never see or store your full card number.
- Technical data: IP address, browser type, device type, pages visited, timestamps, session cookies. Used to keep you signed in and to protect the Service.
- Communications: emails you send us and our replies, support tickets, in-app notifications.
3. Why we use it and our lawful basis
- To provide the Service you have asked for — lawful basis: performance of a contract.
- To take payment through Stripe and issue invoices — performance of a contract and compliance with a legal obligation.
- To keep the Service secure, prevent fraud and abuse, and diagnose faults — our legitimate interests in running a safe service.
- To send service messages such as password resets, billing notices, expiry reminders and the daily manager digest — performance of a contract.
- To improve the Service by understanding how it is used — our legitimate interests; if we use optional analytics cookies this is done with your consent.
- To meet legal obligations such as HMRC tax record-keeping — legal obligation.
4. Who we share data with
We use a small number of trusted processors to deliver the Service. We do not sell personal data and we do not share it with advertising networks.
- Supabase / Lovable Cloud — application hosting, database and authentication (EU region).
- Stripe Payments UK Ltd — subscription billing and card processing.
- Resend — transactional email delivery (password resets, reminders, digests).
- Cloudflare — content delivery, DNS and edge protection.
We may also disclose personal data where required by law, court order, or to protect the rights, property or safety of Karqi, our customers or others.
5. International transfers
Some of our processors store or process data outside the UK. Where that happens, we rely on the UK International Data Transfer Agreement, the EU Standard Contractual Clauses together with the UK Addendum, or an adequacy decision made by the UK Government. You can request a copy of the safeguards in place by emailing info@karqi.co.uk.
6. How long we keep data
- Account and organisation data: for as long as your subscription is active, then up to six years to meet HMRC and other legal record-keeping duties.
- Daily check records and defect logs: retained for the period your organisation chooses, in line with the DVSA Guide to Maintaining Roadworthiness (minimum 15 months for walk-around check records).
- Billing records: six years after the end of the financial year (HMRC requirement).
- Support emails: up to three years after the last contact.
On request we will delete personal data sooner where we are not required by law to keep it.
7. Your rights
Under UK GDPR you have the right to:
- access a copy of the personal data we hold about you;
- have inaccurate data corrected;
- have your data erased where there is no overriding legal reason to keep it;
- restrict or object to certain processing;
- receive your data in a portable format;
- withdraw consent at any time where we rely on consent;
- not be subject to decisions based solely on automated processing that significantly affect you (we do not currently carry out such processing).
To exercise any of these rights, email info@karqi.co.uk. We will respond within one calendar month.
8. Complaints
If you are unhappy with how we handle your personal data, please contact us first so we can try to put it right. You also have the right to complain to the Information Commissioner's Office (ICO): ico.org.uk, helpline 0303 123 1113.
9. Security
Karqi is delivered over HTTPS. Data is encrypted in transit and at rest. Database access is protected with role-based permissions and row-level security so that one organisation cannot see another organisation's data. Passwords are stored as salted hashes and never in plain text.
10. Children
The Service is intended for use by businesses and is not directed at children under 18. We do not knowingly collect personal data from children.
11. Changes to this policy
If we make material changes we will notify account administrators by email and update the "last updated" date at the top of this page.
12. Contact
Karqi (a division of cheesman.uk)
47 New Farm Road, Alresford, Hampshire, SO24 9QT, United Kingdom
info@karqi.co.uk