Fleet Privacy Policy

How we handle your fleet, driver and vehicle data

Last updated: 26 March 2026

This Fleet Privacy Policy explains how USK DIGITAL LTD ("Mekavo", "we", "us") collects, uses and protects data in connection with the Mekavo fleet management platform.

This policy applies specifically to fleet operators, their organisations, team members (managers and drivers), and the vehicle and inspection data processed through the Service.

1. Who We Are

USK DIGITAL LTD is a company registered in England and Wales (No. 16477044), with its registered office at 76 Letchworth Road, Leicester, LE3 6FH, United Kingdom.

For fleet data, we act as a data processor on behalf of the fleet operator (the data controller). For account registration and billing data, we act as the data controller.

2. Data Controller & Processor Roles

Under GDPR, the roles are as follows:

  • Fleet operator (your organisation) — Data Controller for driver personal data, vehicle data, inspection records and defect reports within your organisation
  • Mekavo — Data Processor, processing data on your behalf to provide the Service
  • Mekavo — Data Controller for account registration data, billing information and website analytics

As a fleet operator, you are responsible for ensuring you have a lawful basis to process your drivers' data and for informing them accordingly.

3. What Data We Collect

We collect the following categories of data:

Organisation data: Organisation name, address, industry, registration number, billing details

User account data: Name, email, phone number, password (hashed), role within organisation

Vehicle data: Registration/plate number, make, model, VIN, mileage, MOT/ITV/TUV dates, documents, photos

Inspection data: Inspection type, checklist responses (pass/fail), photos, notes, GPS location (if enabled), timestamps, inspector identity

Defect data: Description, severity, photos, reporter identity, timestamps, resolution status and history

Billing data: Stripe customer ID, subscription plan, payment history (we do not store card details — Stripe handles this)

Usage data: Login timestamps, feature usage, device type, IP address, browser information

4. How We Use Your Data

We process your data for these purposes:

  • Providing the fleet management service (inspections, defects, vehicles, teams)
  • Sending reminders (MOT, insurance, tax, service dates) via email or SMS
  • Processing payments and managing subscriptions
  • Generating compliance reports and dashboards
  • Improving the Service based on usage patterns
  • Communicating service updates and security notices
  • Complying with legal obligations

We do not sell your data. We do not use driver inspection data for advertising or marketing purposes.

5. Driver Data

When drivers are invited to a fleet organisation, we collect and process:

  • Name and email address (provided by the organisation owner or the driver themselves)
  • Phone number (optional, for SMS reminders)
  • Inspection records completed by the driver (timestamped, attributed)
  • Defect reports submitted by the driver (timestamped, attributed)
  • Login activity and device information

Organisation owners and managers can view driver inspection and defect records. Drivers can view their own records and assigned vehicles.

Driver rights: Drivers may request access to their data, correction of inaccuracies, or deletion of their account. If a driver leaves an organisation, their personal account persists but organisation data access is revoked. Inspection and defect records created within the organisation may be retained by the organisation for compliance purposes.

6. Inspection & Defect Data

Inspection and defect records are core to the Service. This data:

  • Is stored securely and associated with the organisation, vehicle and user who created it
  • May include photographs, GPS coordinates, timestamps and free-text notes
  • Is accessible to authorised organisation members according to their role
  • May be exported by organisation owners for audit and compliance purposes
  • Is retained according to the organisation's settings or applicable regulatory requirements

7. Data Sharing

We share data only in these circumstances:

  • Within your organisation — team members see data according to their role permissions
  • Stripe — for payment processing (PCI DSS compliant)
  • Vehicle data providers — when you request vehicle lookups (registration number only)
  • SMS providers — phone numbers for reminder delivery
  • Law enforcement — when required by law or court order

We do not share your fleet data with other organisations, advertisers or data brokers.

8. Data Retention

We retain data as follows:

  • Active accounts — data retained while the account/organisation is active
  • Deleted accounts — personal data deleted within 90 days of deletion request
  • Inspection records — retained for the duration set by the organisation or minimum regulatory period (typically 15 months for daily walkaround checks under DVSA guidelines)
  • Billing records — retained for 7 years as required by UK tax law
  • Server logs — deleted after 90 days

9. Your Rights

Under GDPR, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your data (subject to legal retention requirements)
  • Portability — receive your data in a structured format
  • Restriction — limit how we process your data
  • Objection — object to processing based on legitimate interest

To exercise these rights, contact us at [email protected]. We respond within 30 days.

You may lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk, or with your local data protection authority.

10. Security

We implement appropriate technical and organisational measures to protect your data:

  • All data encrypted in transit (TLS/HTTPS) and at rest
  • Passwords hashed with bcrypt
  • Access controls based on user roles
  • Regular security updates and monitoring
  • Infrastructure hosted on secure cloud providers with ISO 27001 certification
  • Stripe PCI DSS Level 1 compliant payment processing

11. International Transfers

Your data is primarily processed and stored within the European Economic Area (EEA). Where data is transferred outside the EEA, we ensure appropriate safeguards are in place (Standard Contractual Clauses or adequacy decisions).

12. Changes to This Policy

We may update this policy from time to time. We will notify organisation owners of material changes via email. The "Last updated" date at the top will always reflect the current version.

13. Contact Us

For privacy-related enquiries:

USK DIGITAL LTD
Company No. 16477044
76 Letchworth Road
Leicester, LE3 6FH
United Kingdom

Email: [email protected]

We use cookies to keep you logged in and improve your experience. We don't use tracking or advertising cookies. Cookie Policy