Privacy Policy

Last updated: April 2026

CoachCarter ("we", "us", "our") operates a driving school management platform used by multiple driving schools across the UK. We are the Data Controller for all personal data processed through this platform. This policy explains what information we collect, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.

1. Who we are

CoachCarter is a driving school platform operated by Fraser Carter. The platform provides lesson booking, learner progress tracking, and business management tools to driving schools and their learners. When you use a driving school powered by CoachCarter, your data is controlled by CoachCarter as the platform operator. For data protection queries, contact us at: hello@coachcarter.co.uk

2. What data we collect

We may collect the following personal information:

• Name, email address and phone number (via enquiry forms, booking, or registration)
• Payment information (processed securely via Stripe — we do not store card details)
• Driving experience, lesson preferences, and test date information
• Lesson booking history, progress records, and skill assessments
• Pickup and drop-off addresses for lessons
• Marketing preferences (only if you opt in)
• Cookie consent preferences

3. How we use your data

We use your information to:

• Provide and manage the driving school platform for you and your driving school
• Respond to enquiries and arrange lessons
• Process payments for lessons and packages
• Send booking confirmations, lesson reminders, and account notifications
• Track your learning progress and competency development
• Send marketing communications (only if you have opted in)
• Improve our platform and services

4. Legal basis for processing

We process your data on the basis of:

• Contract performance — to deliver lessons you have booked and manage your account
• Legitimate interests — to respond to enquiries, improve our platform, and ensure security
• Consent — for marketing communications and analytics cookies
• Legal obligation — to retain financial records as required by tax regulations

5. How long we keep your data

We retain your personal data for as long as necessary to provide our services and comply with legal obligations:

• Account data — retained for up to 3 years after your last activity, then archived and deleted
• Financial records — retained for 7 years as required by tax regulations (anonymised after account deletion)
• Enquiries — retained for up to 2 years after submission
• Cookie consent records — retained for up to 2 years

Automated data retention is enforced weekly. You can request earlier deletion at any time (see Section 7).

6. Who we share your data with

We do not sell your data. We share it only with trusted third-party services that help us operate the platform:

• Stripe — payment processing (PCI-compliant, no card details stored by us)
• Twilio — SMS notifications and login verification
• Resend / Nodemailer — email delivery (booking confirmations, reminders, magic links)
• Neon — database hosting (EU/UK region, encrypted at rest and in transit)
• PostHog — analytics (EU-hosted, only with your consent)
• Vercel — website hosting and serverless infrastructure

All third parties are required to handle your data securely and in accordance with UK data protection law. Your driving school's instructors and administrators can access your booking and progress data within the platform.

7. Your rights

Under UK GDPR, you have the right to:

• Access — download all your personal data from your profile page ("Export My Data")
• Rectification — update your name, address, and preferences from your profile page
• Erasure — permanently delete your account and all personal data from your profile page ("Delete My Account")
• Restrict processing — request we limit how we use your data
• Data portability — receive your data in a machine-readable JSON format
• Object — opt out of marketing communications or analytics tracking
• Withdraw consent — change your cookie preferences at any time via the "Cookie Settings" link

Most rights can be exercised directly from your profile page. For any other requests, email us at hello@coachcarter.co.uk. We will respond within 30 days.

8. Cookies and analytics

Our platform uses the following types of cookies:

• Necessary cookies — login tokens stored in your browser to keep you signed in. These are essential for the platform to work and cannot be disabled.
• Analytics cookies — we use PostHog, a privacy-friendly analytics platform hosted in the EU, to understand how visitors use our site. These cookies are only set after you give explicit consent via our cookie banner. You can change your preference at any time via the "Cookie Settings" link in the page footer.

No advertising or third-party tracking cookies are used. Learn more about PostHog's privacy practices at posthog.com/privacy.

9. Data security

We take the security of your data seriously. Our platform uses:

• SSL/TLS encryption on all connections
• Parameterized database queries to prevent injection attacks
• Security headers on all responses (HSTS, Content-Type-Options, etc.)
• Rate limiting on login requests to prevent abuse
• Audit logging of administrative data access

10. Driving schools on our platform

CoachCarter operates as a platform for multiple driving schools. When you book lessons through a driving school powered by CoachCarter, your data is controlled by CoachCarter (not the individual driving school). Your driving school's instructors and administrators can view your booking and progress data within the platform, but they cannot export or transfer your data outside the platform without your knowledge.

11. Changes to this policy

We may update this policy from time to time. The current version will always be available on this page. We will notify you of significant changes via email if you have an account.

12. Complaints

If you have concerns about how we handle your data, you can contact the Information Commissioner's Office (ICO) at ico.org.uk.