Privacy Policy

Effective from: 1 July 2026  ·  Last updated: 1 July 2026

This Privacy Policy explains how we handle your personal data when you use our DVSA cancellation notification service, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It must be read together with our Terms of Service.

The simple version. We collect only what we need to monitor DVSA cancellation availability for you and reach you with notifications: your email, phone, driving licence number, and your test preferences. We never ask for, collect, or store your DVSA password — the DVSA system does not use passwords. You book, change, or cancel your own test yourself on gov.uk. You have full UK GDPR rights over your data and can exercise them via WhatsApp at any time.

1. What We Collect

  • Contact data: your email address and phone number, used to deliver notifications and order confirmations.
  • Driving licence number: used to confirm the order is for you and to help match the cancellation availability we monitor against your booking eligibility. It is not used to access any DVSA account on your behalf.
  • Service preferences: the test centres, date range, time windows, and blackout dates you submit via the Application Form.
  • Order and communication records: orders placed, support messages exchanged via WhatsApp, and notices sent to you.
  • Technical data: IP address, browser, device information, and timestamps, collected automatically through standard server logs.

Payment details (card number, billing address) are handled directly by our payment provider (Stripe). We do not store them and only receive a confirmation that the payment has been made.

2. What We Do Not Collect

We never request, collect, store, transmit, or use your DVSA account password under any circumstances. The DVSA system does not use passwords, and we do not hold any DVSA login credentials for you. You should never share account passwords with any party, including us — if anyone asks for one, refuse and report the request.

We also do not collect your theory test pass certificate number or your date of birth. These are not required for the Service we provide. The booking on gov.uk is performed by you, with your own details, and those remain solely between you and the DVSA.

3. How Our Service Works — and What It Does Not Do

We provide a monitoring and notification service only. We monitor publicly visible DVSA cancellation availability and, when a slot matches the preferences you have given us, we send you a notification with a direct link to that slot on gov.uk. You then open the link, sign in with your own details, and book the slot yourself.

We use the licence number and the preferences you provide on the Application Form to match the availability we monitor against what you have asked for, so that the notifications we send you are relevant — matching your chosen centres, date range, and time windows, and excluding your blackout dates.

We do not book, change, swap, transfer, or cancel any test on the DVSA system on your behalf. Under the DVSA rules effective 12 May 2026, only the candidate may perform these actions, and our process is designed to respect that fully. Our role ends with the notification; the booking itself is always yours to complete on gov.uk.

4. Why We Are Allowed to Process Your Data (Lawful Bases)

Under UK GDPR, we rely on the following lawful bases:

  • Contract: to provide the monitoring and notification service you have ordered (processing your contact data, licence number, and preferences).
  • Legitimate interests: to operate, secure, and improve our service, prevent fraud and misuse, and defend legal claims, balanced against your rights.
  • Legal obligation: to keep financial records and comply with applicable law.
  • Consent: for non-essential analytics cookies, which you may withdraw at any time.

5. Who We Share Your Data With

We do not sell, rent, or trade your personal data. We share it only with the following categories of recipients, and only to the extent necessary to deliver the Service:

  • Payment service provider (Stripe): for transaction processing. Stripe is PCI DSS-compliant.
  • Hosting and infrastructure providers: to host our website, store data, and deliver notifications.
  • Communication service providers: WhatsApp Business and email service providers, used solely to deliver notifications and customer support.
  • Professional advisers: accountants and legal advisers, where strictly necessary and under confidentiality.
  • Legal authorities and regulators: where required by law, court order, or to protect legal rights, including reporting suspected fraud or test-slot misuse to relevant authorities.

We do not share your data with the DVSA. The Service does not interact with the DVSA on your behalf; any communication with the DVSA is performed by you, directly, on gov.uk.

6. International Data Transfers

Some of our service providers (including hosting and payment providers) may process personal data outside the United Kingdom. Where this happens, we ensure that an appropriate safeguard is in place to protect your data, such as a country covered by UK adequacy regulations or the UK International Data Transfer Agreement / UK Addendum to the Standard Contractual Clauses.

7. How Long We Keep Your Data

  • Order and contact data: kept while your order is active and for up to 12 months after completion, in case of subsequent enquiries or disputes.
  • Driving licence number: kept only as long as your order is active and the dispute window has not expired; deleted thereafter.
  • Communication records (WhatsApp / email): kept for up to 24 months for customer support and dispute defence.
  • Financial and tax records: kept for up to 6 years to comply with HMRC and other applicable record-keeping requirements.
  • Server log data: kept for up to 12 months for security and integrity.

8. Data Security

We use industry-standard technical and organisational measures to protect your personal data, including encryption in transit (HTTPS / TLS), access controls limiting personal data access to authorised personnel, secure infrastructure provided by reputable hosting providers, and PCI DSS-compliant payment processing handled by Stripe.

While we take all reasonable steps to protect your data, no method of transmission or storage is completely secure.

9. Cookies

Our website uses a small number of cookies to operate properly, remember your preferences, and improve your experience. These fall into three categories:

  • Strictly necessary cookies: required for the website to function (for example, session and security cookies).
  • Functional cookies: remember your preferences and settings.
  • Analytics cookies: help us understand how visitors use the website so we can improve it. Used only with your consent.

You can manage or disable cookies through your browser settings.

10. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

  • Access — obtain a copy of the personal data we hold about you;
  • Rectification — ask us to correct inaccurate or incomplete data;
  • Erasure — ask us to delete your data, where there is no compelling legal reason to retain it;
  • Restriction of processing — ask us to limit how we use your data;
  • Data portability — receive a copy of your data in a structured, machine-readable format;
  • Object — object to processing carried out on the basis of legitimate interests or for direct marketing;
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, contact us via WhatsApp at https://wa.me/447441944708. We will respond within one calendar month and may ask you for proof of identity to protect your data from unauthorised disclosure.

11. Right to Complain to the ICO

If you believe we have not handled your personal data in accordance with UK GDPR, you have the right to lodge a complaint with the Information Commissioner's Office:

We would, however, appreciate the opportunity to address your concerns first.

12. Children's Data

The Service is intended for use by individuals aged 17 or over, the minimum age at which a candidate may sit a UK car driving test. We do not knowingly collect personal data from children under 13. If you become aware that personal data of a child under 13 has been provided to us without parental consent, please contact us so we can delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The "Last updated" date at the top of this Policy will indicate when it was most recently revised.

14. How to Contact Us

For all matters relating to this Privacy Policy, your personal data, or your rights, please contact us via:

WhatsApp is our primary monitored support channel. Phone calls are not accepted for data requests.