Plain English summary: We collect the information needed to run your account and process your bookings. We don't sell your data. We don't show you ads. We use Supabase to store data, Stripe to handle payments, and Resend to send emails — all reputable services with strong data protections.
GoatDrive is operated as a sole trader business in the United Kingdom. For the purposes of UK GDPR, we are the data controller for the personal data we process.
We are registered with the Information Commissioner's Office (ICO). Our ICO registration number will be published here once confirmed.
Contact: hello@goatdrive.com
| Data | Who provides it | Why we need it |
|---|---|---|
| Name | Students & instructors | Account identity, booking communications |
| Email address | Students & instructors | Account login, booking confirmations, notifications |
| Phone number | Students & instructors | Shared with the other party to a confirmed booking |
| Home postcode | Students | Pre-fill pickup field; coverage matching |
| Pickup postcode | Students (at booking) | Shared with instructor; travel time calculation |
| ADI badge number | Instructors | Credential verification |
| DBS check status | Instructors | Credential verification |
| Teaching location & operating area | Instructors | Displayed on your public profile; search matching |
| Hourly rate, bio, transmission type | Instructors | Displayed on your public profile |
| Data | Generated by |
|---|---|
| Booking records | Lesson bookings (date, time, duration, price, status) |
| Payment records | Stripe session ID and payment intent ID (not card details) |
| Reviews and ratings | Post-lesson reviews submitted by students |
| Login activity | Supabase Auth (timestamps, session tokens) |
We do not use your data for advertising. We do not sell, rent, or trade your personal data to any third party.
| Processing activity | Legal basis |
|---|---|
| Account registration and authentication | Contract — necessary to provide the service you signed up for |
| Processing bookings and payments | Contract — necessary to fulfil the booking agreement |
| Sharing contact details with matched parties | Contract — necessary to allow the lesson to take place |
| Sending transactional emails (confirmations, alerts) | Contract — necessary to deliver the service |
| Retaining financial records | Legal obligation — tax and accounting requirements |
| Platform improvement and analytics | Legitimate interests — improving our service, balanced against your privacy rights |
We share data only with the service providers necessary to operate GoatDrive, and with the other party to a confirmed booking.
When a booking is confirmed, we share the student's name, phone number, and pickup postcode with the instructor. We share the instructor's name and phone number with the student. This is necessary to allow the lesson to take place.
| Provider | Purpose | Data shared |
|---|---|---|
| Supabase (supabase.com) | Database and authentication hosting | All account and booking data. Hosted on AWS in the EU. |
| Stripe (stripe.com) | Payment processing | Name, email, lesson details to initiate checkout. Card details handled entirely by Stripe. |
| Resend (resend.com) | Transactional email delivery | Name and email address of email recipient, and booking details for email content. |
| Postcodes.io (postcodes.io) | Postcode geocoding for coverage matching | Postcode strings only. No personal identifiers are sent. |
| Vercel (vercel.com) | Frontend hosting | Standard web server logs (IP address, request path). No personal data beyond what's standard for web hosting. |
All third-party providers are required to process your data only for the purposes we instruct them, and have appropriate data protection measures in place.
We may disclose your data if required to do so by law, court order, or to protect the rights, safety, or property of GoatDrive, our users, or others.
| Data type | Retention period |
|---|---|
| Account data (name, email, profile) | Until you close your account, then deleted within 30 days |
| Booking records | 7 years (required for UK tax and accounting records) |
| Payment records (Stripe session/intent IDs) | 7 years (required for financial records) |
| Reviews | Until the instructor or student account is closed |
| Authentication logs | 90 days, managed by Supabase |
When you close your account, we delete your profile data. Booking and payment records are kept for the legally required period even after account closure.
Under UK GDPR, you have the following rights regarding your personal data:
To exercise any of these rights, contact us at hello@goatdrive.com. We will respond within 30 days. We may need to verify your identity before processing the request.
GoatDrive uses minimal cookies. We use only the cookies necessary to keep you signed in (session tokens managed by Supabase Auth) and to process payments securely (Stripe).
We do not use advertising cookies, third-party tracking pixels, or analytics cookies at this time. If this changes, we will update this policy and notify registered users.
You can clear cookies at any time through your browser settings. Clearing cookies will sign you out of your GoatDrive account.
We take reasonable technical and organisational measures to protect your personal data, including:
No system is completely secure. If you suspect your account has been compromised, contact us immediately at hello@goatdrive.com.
If we become aware of a data breach that is likely to affect your rights and freedoms, we will notify you and the ICO as required by UK GDPR.
We may update this Privacy Policy from time to time. We'll notify registered users by email when we make significant changes. The "last updated" date at the top of this page always reflects the most recent revision.
Continued use of GoatDrive after changes take effect means you accept the updated policy.
For any privacy-related questions, data requests, or concerns:
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
We would appreciate the opportunity to address your concerns before you contact the ICO, so please reach out to us first.