Version 1 · Effective 14 July 2026
Privacy Notice
How Quartz Recovery collects, uses, shares, retains and protects personal data.
Who controls your data
QUARTZ RECOVERY LIMITED is controller of the personal data used to run the Quartz Recovery marketplace, websites, apps, administration and support service. For questions or rights requests, email privacy@quartzrecovery.com. Our responsible director acts as Privacy Lead; we do not claim to have a statutory Data Protection Officer.
An independent driver is a separate controller for personal data they must use to provide the recovery service, meet legal duties, manage insurance or defend a claim. Drivers may use customer data only for the booked service and lawful follow-up.
Data we collect
- Account and identity data, including name, contact details, date of birth, login records and social-sign-in identifiers.
- Customer booking data, including pickup and destination, vehicle registration and condition, recovery requirements, quotes, payments, invoices, refunds and disputes.
- Driver and vehicle data, including selfie, driving licence, public liability insurance, own motor insurance, MOT, truck details, availability, quotes, earnings and bank or Stripe Connect status.
- Location data: customer-supplied booking locations and driver GPS only while the driver is online or assigned to an active job.
- Communications, including in-platform messages, approved attachments, support records and call recordings after both call participants acknowledge the recording notice.
- Technical and security data, including IP address, device, app version, diagnostics, consent choices and fraud or abuse indicators.
- Admin and moderation data, including review decisions, audit history, reports, blocks, legal holds and access activity.
How and why we use data
- Contract: create accounts, show quotes, arrange recoveries, route communications, collect payment as agent, support jobs, provide receipts and administer refunds.
- Legal obligation: keep financial and contract records, respond to lawful requests, protect consumers and meet data-protection and tax requirements.
- Legitimate interests: secure the platform, prevent fraud, moderate content, resolve complaints, improve reliability, enforce agreements and establish or defend legal claims. We balance these interests against your rights.
- Consent: optional analytics, non-essential device storage and call recording. You may withdraw consent without affecting earlier lawful processing.
- Vital interests or substantial public interest where genuinely necessary for emergency safety or safeguarding.
Automated tools and human decisions
We may use rules to match jobs, identify unusual activity, enforce objective document-expiry restrictions and prioritise review. We do not use facial recognition or create biometric templates from driver selfies or licences. Decisions with significant effects, including misconduct or payout holds, are subject to human review and appeal.
Who receives data
We share only what is needed with the matched customer or driver, authorised staff, support providers and processors. Key service categories include Stripe for payments and connected-driver payouts; hosting, database and content-delivery providers; mapping and location providers; LiveKit for in-app calls; email, SMS and push-notification providers; Sentry for minimised essential diagnostics; optional PostHog analytics only after consent; and Support Board for customer support.
We may also disclose data to professional advisers, insurers, banks, courts, regulators or law enforcement where lawful. We do not sell personal data and do not use cross-company advertising tracking.
International transfers
Some providers may process data outside the UK. Before enabling an optional provider we require suitable contractual and security terms, a documented transfer mechanism such as UK adequacy regulations, the UK International Data Transfer Agreement or UK Addendum to approved standard clauses, and a transfer risk assessment where required. Optional providers are disabled if these safeguards cannot be verified.
Retention
- Raw driver GPS: 90 days.
- Call recordings: 30 days.
- Chats, job photos, support records and superseded compliance files: 24 months.
- Security and access logs: 12 months.
- Financial records, contracts and acceptance evidence: six years.
- Disputes and legal holds: six years after closure, or longer only where legally required.
- Backups: up to 90 days before rotation.
- Data may be kept longer for an active legal hold, then returned to the normal schedule. We anonymise data where continued statistical use does not require identification.
Your rights
UK data-protection law may give you rights to be informed, access your data, correct it, request erasure or restriction, object, receive portable data, withdraw consent and challenge qualifying automated decisions. You may make a request in the app or email privacy@quartzrecovery.com. We may verify identity and normally respond within one month.
You may complain to the UK Information Commissioner’s Office at ico.org.uk. Please contact us first if you are comfortable doing so, so we can try to resolve the issue.
Account deletion
A deletion request immediately deactivates operational access and signs the account out. We first resolve active jobs, payouts, disputes, fraud reviews and legal holds. We then erase or irreversibly anonymise data within one month, except records we must retain for legal claims, contracts, tax, fraud prevention or safety. Social sign-in tokens, including Sign in with Apple authorisations where applicable, are revoked as part of deletion.
Security and children
We use access controls, encryption in transit, restricted private document storage, audit logs and data-minimisation measures. No internet service is risk-free; report suspected misuse promptly. Quartz Recovery is for adults aged 18 and over and is not directed to children.
Changes
We publish every version with an effective date and content hash. We notify affected users of material changes and request fresh acceptance where the change affects a contract. Earlier versions and acceptance evidence remain available for audit.