Privacy Policy

Last updated: May 2026

This policy explains what personal information Coach Carter Ltd collects about you, how we use it, and your rights under the UK GDPR and the Data Protection Act 2018. We are the Data Controller for all personal data described in this policy.

1. Who we are

Coach Carter Ltd ("CoachCarter", "we", "us", "our") is a driving school registered in England and Wales (company number 16897166), trading as CoachCarter at coachcarter.uk. We provide driving lessons and related services through self-employed instructors who franchise with us. For any data protection query, contact: fraser@coachcarter.uk.

2. What data we collect

We may collect the following personal information about you:

• Name, email address, phone number, and home or pickup address (via enquiry forms, booking, or registration).
• Date of birth — collected on signup, or at the moment you first engage with our optional social-media content consent feature (see Section 14). Used to confirm you are old enough to grant that consent. Not a requirement for booking lessons.
• Payment information (processed securely via Stripe — we do not store card details).
• Driving experience, lesson preferences, theory and practical test date information.
• Lesson booking history, progress records, and skill assessments captured during lessons.
• Marketing preferences (only if you opt in).
• Cookie consent preferences.
• Dashcam footage from lessons — see Section 13.

3. How we use your data

We use your information to:

• Provide and manage your driving lessons.
• Respond to enquiries and arrange bookings.
• Process payments for lessons and lesson packages.
• Send booking confirmations, lesson reminders, and account notifications.
• Track your learning progress and competency development.
• Send marketing communications (only if you have opted in).
• Improve our service.
• Record dashcam footage during lessons for safety, quality assurance, instructor coaching, and insurance evidence (see Section 13).
• Where you have explicitly opted in, edit and publish dashcam clips in which you appear on social media (see Section 14).

4. Legal basis for processing

We process your data on the basis of:

• Contract performance — to deliver lessons you have booked and manage your account.
• Legitimate interests — to respond to enquiries, improve our service, ensure security, and operate dashcams in tuition vehicles for safety and quality purposes (Section 13).
• Consent — for marketing communications, analytics cookies, and the optional social-media content publication feature (Section 14).
• Legal obligation — to retain financial records as required by tax regulations.

5. How long we keep your data

We retain your personal data for as long as necessary to provide our services and comply with legal obligations:

• Account data — retained for up to 3 years after your last activity, then archived and deleted.
• Financial records — retained for 7 years as required by tax regulations (anonymised after account deletion).
• Enquiries — retained for up to 2 years after submission.
• Cookie consent records — retained for up to 2 years.
• Dashcam footage — retained for up to 30 days as standard. Footage flagged for incident, complaint, or insurance investigation may be retained for up to 12 months. Footage tied to active legal or insurance proceedings is retained for the duration of those proceedings only. Most footage is deleted within days of capture.
• Social-media content consent records — retained for as long as the consent is active, plus 2 years after withdrawal for our records of when consent was granted and withdrawn.
• Published clips on social media — clips published while your consent was active may remain published indefinitely on our channels, subject to your right to request takedown of any specific clip (see Section 14).

Automated retention is enforced weekly for platform data. Dashcam retention is enforced manually under the Coach Carter Ltd retention policy. You can request earlier deletion at any time (see Section 7).

6. Who we share your data with

We do not sell your data. We share it only with trusted third-party services that help us run the business:

• Stripe — payment processing (PCI-compliant, no card details stored by us).
• Twilio — SMS notifications and login verification.
• Resend — transactional email delivery for some flows (enquiries, certain notifications).
• IONOS (smtp.ionos.co.uk) — SMTP provider for the bulk of our transactional email (booking confirmations, reminders, login codes).
• Neon — database hosting (EU/UK region, encrypted at rest and in transit).
• PostHog — product analytics (EU-hosted; only set after your explicit cookie consent).
• Vercel — website hosting and serverless infrastructure.
• Anthropic (Claude AI) — powers the Examiner AI and Lesson Advisor features (text-only; no personal data retained by Anthropic).
• postcodes.io — UK address geocoding for travel time estimates (postcode only, no personal identifiers).
• OpenRouteService — travel time routing between pickup locations (coordinates only, no personal identifiers).
• Social media platforms — TikTok, Instagram, YouTube, Facebook, X, LinkedIn, Snapchat, Meta Ads, Google Ads — only where you have explicitly opted in to social-media content publication (Section 14). No personal data is shared with these platforms unless you have granted consent and a clip in which you appear is published.

All third parties are required to handle your data securely and in accordance with UK data protection law. Dashcam footage is not shared with any third party — it is held on the data controller's secured personal computer and never uploaded to platform infrastructure or cloud storage.

7. Your rights

Under UK GDPR you have the right to:

• Access — download all your personal data from your profile page ("Export My Data"). For dashcam footage in which you appear, see the manual process described in Section 13.
• Rectification — update your name, address, and preferences from your profile page.
• Erasure — permanently delete your account and all personal data from your profile page ("Delete My Account").
• Restrict processing — request we limit how we use your data.
• Data portability — receive your data in a machine-readable JSON format.
• Object — opt out of marketing communications and analytics tracking. Objection to dashcam recording has specific consequences (see Section 13).
• Withdraw any consent you have given — including cookie consent (via "Cookie Settings" in the page footer) and social-media content consent (via your profile page; see Section 14).

Most rights can be exercised directly from your profile page. For any other request, email fraser@coachcarter.uk. We will respond within 30 days.

8. Cookies and analytics

Our website uses the following types of cookies:

• Necessary cookies — login tokens stored in your browser to keep you signed in. These are essential and cannot be disabled.
• Analytics cookies — we use PostHog, a privacy-friendly analytics platform hosted in the EU, to understand how visitors use our site. These are only set after you give explicit consent via our cookie banner. You can change your preference at any time via the "Cookie Settings" link in the page footer.

No advertising or third-party tracking cookies are used. Learn more about PostHog at posthog.com/privacy.

9. Data security

We take the security of your data seriously. Our systems use:

• SSL/TLS encryption on all connections.
• Parameterized database queries to prevent injection attacks.
• Security headers on all responses (HSTS, Content-Type-Options, etc.).
• Rate limiting on login requests to prevent abuse.
• Audit logging of administrative data access.

10. Our instructors

CoachCarter lessons are delivered by self-employed driving instructors who franchise with Coach Carter Ltd. Your instructor is not a separate Data Controller — Coach Carter Ltd remains the controller of your personal data. Your instructor has access to your booking history, progress records, lesson notes, and the dashcam footage from lessons they have personally taught (for the legitimate-interests purposes in Section 13). Instructors are contractually bound to handle your data only for the purposes set out in this policy, and not to export, transfer, or use it outside the CoachCarter service.

11. Learners under 18

Learners under 18 are subject to additional safeguards:

• The optional social-media content consent feature (Section 14) is not available to learners under 18. You will not see the consent option on your profile.
• Dashcam footage of learners under 18 is held under the same legitimate-interests basis as for adult learners (Section 13), but retained for the minimum period necessary and never used for content-publication purposes.
• Where appropriate, parents or guardians may exercise data rights on behalf of a learner under 18.

12. Changes to this policy

We may update this policy from time to time. The current version will always be available on this page. We will notify you of significant changes by email if you have an account.

13. Dashcam recording in tuition vehicles

All Coach Carter Ltd tuition vehicles are fitted with dashcams that record continuously during lessons. Both forward-facing road view and interior cabin view are recorded. Recording starts when the lesson begins and stops when it ends.

Why we record. Dashcam recording is processed under the legal basis of legitimate interests (UK GDPR Article 6(1)(f)) for four purposes:

• Safety — to investigate incidents involving learners, instructors, or third parties (including in-cabin behaviour by either party).
• Quality assurance — to resolve any complaint a learner or instructor raises against the other.
• Instructor coaching and development — to support our instructors' professional development.
• Insurance evidence — to support insurance claims arising from incidents.

The interior cabin view is intentional and serves to protect both learner and instructor equally in the rare event of a contested allegation.

Where footage is stored. Footage is held on the data controller's secured personal computer. It is not uploaded to the CoachCarter platform, not uploaded to cloud storage, and not transferred to any third party.

Who can access it. Only the data controller (Fraser Carter) and the instructor who delivered the lesson have access to footage from that lesson. No wider access is granted without a documented and justified reason.

How long we keep it. Up to 30 days as standard; up to 12 months for footage flagged for an incident, complaint, or insurance investigation; longer only while active legal or insurance proceedings are open. Most footage is deleted within days.

Your right to request a copy. You may request a copy of dashcam footage in which you appear via a Subject Access Request to fraser@coachcarter.uk. We will respond within 30 days.

Your right to object. You have the right to object to dashcam processing under Article 21 UK GDPR. Because dashcam recording is a fleet-wide non-negotiable safety measure that protects both you and your instructor, we are unable to provide tuition that is not subject to recording. If you object and do not wish to proceed under this policy, regrettably we will be unable to teach you. We have made this decision deliberately because the recording is a primary safeguarding measure for both parties.

Public publication is a separate matter. Dashcam footage is never published or shown externally on the basis of legitimate interests alone. Any external use of footage requires your separate, explicit, informed consent under Section 14.

14. Social-media content consent (optional, 18+ only)

From time to time we publish edited clips of lessons on our social-media channels to share what learning to drive with CoachCarter is like. We do this only with your explicit advance consent. Granting this consent is entirely optional and has no effect on your lesson availability or the standard lesson rate. As a thank-you for participating, learners with active consent receive a 5% discount on lessons.

This feature is for learners aged 18 and over only.

What you would be agreeing to, if you opt in:

• Coach Carter Ltd may use clips from lessons you appear in for content purposes — including editing (cropping, slow-motion, captions, music, voiceover, splicing, compilations) and publication on the platforms listed in Section 6 (TikTok, Instagram, YouTube, Facebook, X, LinkedIn, Snapchat, the CoachCarter website, and paid advertising on Meta and Google).
• Your consent applies only to those listed platforms. Adding new platforms in future would require a fresh consent from you.
• Your consent lasts until you withdraw it. You may withdraw at any time from your profile page.

If you withdraw your consent:

• We will stop publishing any new clips featuring you.
• We will use reasonable efforts to remove already-published clips featuring you from our channels within 14 days of your withdrawal.
• Reasonable-efforts removal applies to our own posts. We cannot guarantee removal of third-party reshares, downloads, or archive copies that may persist on the wider internet outside our control.
• Your 5% lesson discount ends from the next lesson booking after withdrawal.

If you never opt in, no clips of you will be published, ever. Refusing this consent has no impact on your lesson availability, your lesson rate (other than the 5% discount tied to the consent itself), or any other aspect of our service.

15. Complaints

If you have concerns about how we handle your data, please contact us first at fraser@coachcarter.uk. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.