Privacy Policy

CarVerity.ai is operated by CarVerity Ltd. Under UK GDPR, we are responsible for deciding how your personal data is collected, used and protected.

We collect the following categories of information when you use CarVerity.ai:

To generate reliability reports, we query data from:

• DVSA (MOT history)
• DVLA (vehicle enquiry data where available)
• Our own aggregated repair-cost and claim-pattern datasets

We do not control the accuracy of these external data sources and use them only to generate your reliability report. A copy of retrieved vehicle data may be stored so you can revisit previous reports.

Under UK GDPR, we rely on the following legal bases:

• Contract: To provide the service you requested, such as creating an account, generating a report, or processing payments.
• Legitimate interests: To maintain site security, prevent fraud, improve scoring models, and analyse usage trends.
• Legal obligation: For record-keeping relating to payments and accounting.
• Consent: If you ever opt into marketing communications.

All scores come from a deterministic scoring engine based on MOT outcomes, advisory patterns, defect trends, age and mileage alignment, and repair-cost risk indicators.

AI is only used to produce a readable written summary, created after the score has been generated. We do not send your name, email, or full report history to the AI model. Vehicle data may be briefly processed to generate the summary, but it is not stored by the AI provider and is not used to train models.

We use minimal essential cookies to operate the site, including:

• Authentication cookies (Supabase)
• Session cookies
• Security and fraud-prevention cookies
• Stripe checkout cookies when making a purchase

We do not use analytics, marketing or advertising cookies at this time. Your browser allows you to control or block cookies if you choose.

Some of our service providers are located outside the UK, for example in the United States.

When we transfer your data internationally, we rely on the UK addendum to the EU Standard Contractual Clauses or other UK-GDPR-approved safeguards. These ensure your data remains protected to UK standards.

We may share limited data with trusted service providers:

All providers are contractually required to protect your data.

We store data securely using Supabase and our hosting providers. We protect your data through:

• Encrypted connections (HTTPS/TLS)
• Password hashing
• Access controls and authentication
• Server-side security and monitoring
• Regular updates and vulnerability checks

We keep your account and report history for as long as your account is active with us, or we need it for legal or accounting purposes.

If you request account deletion, we delete your account details, saved reports, and report history. We may retain minimal payment-related information as required by financial regulations.

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Delete your data ("right to be forgotten")
• Object to certain types of processing
• Restrict how we use your data
• Request portability of your data
• Withdraw consent at any time

To exercise these rights, contact us at privacy@carverity.ai.

If you have any questions about this Privacy Policy or how we process your personal data, please contact us:

You can raise a concern with the Information Commissioner's Office (ICO) if you believe we have handled your data unlawfully.

We would appreciate the chance to resolve your concerns before you contact the ICO.