Privacy Policy

1. Introduction

PartScope ("PartScope", "we", "us", or "our") is committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, store, and share information when you use the PartScope platform and related services (the "Service").

We are a Data Controller for information collected about our account holders (dealership operators and administrators). We act as a Data Processor for personal data contained within parts enquiries that our customers process through the Service.

This policy is issued in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, password (encrypted), organisation name, and role within the organisation. We may also collect telephone numbers and billing addresses when you subscribe to a paid plan.

2.2 Customer Enquiry Data (Processed on Your Behalf)

When your customers submit parts enquiries via email, web form, phone, WhatsApp, or SMS, the Service processes the content of those communications. This may include names, email addresses, phone numbers, company names, machine and equipment details, part descriptions, and any other information provided in the enquiry. We process this data on your behalf as a Data Processor.

2.3 Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, actions taken, timestamps, browser type, device information, and IP addresses. This data helps us improve the Service and provide technical support.

2.4 Images and Documents

If you or your customers upload images (such as photographs of machine serial plates, broken parts, or documents), these are processed by our AI systems for information extraction and stored as part of the relevant case record.

3. How We Use Your Information

We use the information we collect for the following purposes:

To provide, operate, and maintain the Service, including AI-powered extraction, gap detection, automated messaging, fleet memory, and customer intelligence features. To process payments and manage subscriptions. To communicate with you about your account, service updates, and support. To improve the Service through aggregate usage analysis. To comply with legal obligations. To protect the security and integrity of the Service.

4. AI Processing and Third-Party Services

The Service uses artificial intelligence to analyse and extract information from enquiries. To provide this functionality, enquiry content is processed by third-party AI services, including OpenAI (GPT models). These services process data in accordance with their respective data processing agreements and do not use your data to train their models.

Voice calls processed through the Service may use third-party speech-to-text and text-to-speech services. WhatsApp and SMS communications may be routed through Twilio. Email processing uses n8n automation workflows.

All third-party processors are selected for their compliance with applicable data protection standards and are bound by data processing agreements.

5. Data Storage and Security

Your data is stored on servers provided by Supabase (PostgreSQL databases) with hosting infrastructure in the European Union. Data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption.

We implement row-level security policies at the database level to ensure that each organisation's data is isolated and inaccessible to other organisations. Access to production data is restricted to authorised personnel and is subject to audit logging.

While we implement industry-standard security measures, no system is completely secure. We encourage you to use strong, unique passwords and to report any suspected security incidents immediately.

6. Data Retention

We retain your account information and associated data for as long as your subscription is active. Upon cancellation or termination, your data is retained for 30 days to allow for reactivation or data export, after which it is permanently deleted from our systems and backups within 90 days.

Billing records and transaction data are retained for 7 years in accordance with UK accounting and tax regulations.

7. Data Sharing

We do not sell, rent, or trade your personal data. We share data only in the following circumstances: with third-party service providers who assist in operating the Service (as described in Section 4), where required by law, regulation, or legal process, to protect the rights, property, or safety of PartScope, our users, or the public, and in connection with a merger, acquisition, or sale of assets (with prior notice to affected users).

8. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

The right to access your personal data and obtain a copy. The right to rectification of inaccurate data. The right to erasure ("right to be forgotten") in certain circumstances. The right to restrict processing. The right to data portability. The right to object to processing. Rights related to automated decision-making and profiling.

To exercise any of these rights, please contact us at info@partscope.io. We will respond to your request within 30 days.

9. Cookies

The Service uses essential cookies required for authentication and session management. We do not use advertising or tracking cookies. Essential cookies cannot be disabled as they are necessary for the Service to function correctly.

10. International Data Transfers

Our primary data storage is within the European Union. Where data is transferred to service providers outside the UK/EEA (such as AI processing services based in the United States), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and compliance with the UK's international data transfer framework.

11. Children's Privacy

The Service is designed for business use and is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Service at least 30 days before they take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Complaints

If you have concerns about how we handle your personal data, you may contact us at info@partscope.io. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection, at ico.org.uk.

14. Contact

For any questions about this Privacy Policy or our data practices, please contact us at:

PartScope
Email: info@partscope.io