Consumer App Privacy Notice
Provider: RSMT Limited trading as Driver Codes
Version: v1.1 — April 14th 2026
Audience: Individual drivers using the Driver Codes mobile app for personal driving information
Published location: driver.codes/legal/app-privacy
This notice explains how Driver Codes uses your personal data when you create a personal account and use the Driver Codes mobile app as a driver utility — outside any company invitation workflow.
It does not cover:
- visiting the driver.codes website (marketing pages, contact forms, blog) — see the Website Privacy Policy;
- being invited by a company to complete a driving licence check — see the Driver Checks Privacy Notice.
If you use the Driver Codes app for both personal use and a company-check workflow, both notices apply to their respective parts.
1. Who we are
RSMT Limited (trading as Driver Codes), company number 11744436, registered at 19A Queens Road, Hale, WA15 9HF. We are the data controller for the processing in this notice. We are registered with the Information Commission under number ZA788385.
The internal lead for data protection matters is the Owner of RSMT Limited, contactable via privacy@driver.codes.
2. Personal data we collect
| Category | Examples | Source |
|---|---|---|
| Account and identity data | name, email address, login credentials, app account identifiers | provided by you |
| Driving-access data | driving licence number, postcode, National Insurance number and other details needed to access linked government services | provided by you |
| Vehicle and reminder data | vehicle registration details, reminder preferences, related service settings | provided by you and linked service responses |
| Device and usage data | IP address, device type, operating system, app version, crash logs, security events, feature use | collected automatically when you use the app |
| Support and communications | messages, enquiries, complaints and support history | provided by you |
| Payment and subscription data (if you take a paid feature) | billing contact details, payment identifiers (not card numbers — handled by our payment processor) | provided by you or our payment processor |
If you accept a company invitation through the app, separate processing applies under the Driver Checks Privacy Notice. That includes the criminal offence data on your DVLA record (endorsements and disqualifications). It does not happen in the consumer flow.
3. How we use your data and our lawful bases
| Purpose | Lawful basis under Article 6 UK GDPR |
|---|---|
| Create and operate your account and provide requested app features | Article 6(1)(b) contract |
| Store credentials securely and access linked licence or vehicle information at your request | Article 6(1)(b) contract |
| Send service notices, security alerts and operational communications | Article 6(1)(b) contract; Article 6(1)(f) legitimate interests |
| Operate support, investigate issues, and handle complaints or claims | Article 6(1)(f) legitimate interests; Article 6(1)(c) legal obligation where applicable |
| Protect the service against fraud, abuse, and unauthorised access | Article 6(1)(f) legitimate interests |
| Run analytics, service monitoring and product improvement | Article 6(1)(f) legitimate interests |
| Send optional marketing or feature updates where you have opted in | Article 6(1)(a) consent |
| Carry out billing, tax, and accounting for paid features | Article 6(1)(b) contract; Article 6(1)(c) legal obligation |
4. Sharing of personal data
We share your data with:
- our sub-processors — hosting, email delivery, push notification, error monitoring, support, analytics, and payment providers, under written data processing contracts. The current list is at app.driver.codes/documents/subprocessors;
- government services you ask us to interact with on your behalf (including DVLA and DVSA where relevant);
- professional advisers, regulators, courts, or law enforcement where required by law, regulation, court order, or where reasonably necessary to protect rights, safety, or service security;
- a successor entity in the event of a sale, merger, or reorganisation of our business (your rights under this notice would continue to apply).
We do not sell your personal data, and we do not share it for the purpose of anyone else's direct marketing.
5. Where your data is stored and international transfers
Your personal data is stored in the United Kingdom. We use Amazon Web Services in the London region (eu-west-2) for production hosting.
Some of our sub-processors are based outside the United Kingdom. Where this is the case, the country and the transfer mechanism (the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses) is identified in the Sub-processor List, supported by a Transfer Risk Assessment.
6. How long we keep your data
| Category | Retention period |
|---|---|
| Active account data | While your account is active |
| Dormant accounts (no login for 24 months) | 24 months after last login, then deleted unless you've asked us to keep it |
| Closed accounts | Core account record deleted within 30 days of closure, save for the exceptions below |
| Support tickets | 3 years from closure of the ticket |
| Security and access logs | Up to 12 months |
| Backups | Up to 60 days from backup date |
| Billing, contract, and payment records | 6 years plus the current financial year (HMRC retention) |
| Marketing preferences and suppression lists | Until you withdraw, then retained in a suppression list to honour your preference |
We may keep information longer where the law requires, where there is a live dispute, or where we need to establish, exercise, or defend legal claims.
7. Your rights
Under UK data protection law, you have the right to:
- request access to your personal data;
- ask for inaccurate information to be corrected;
- ask for deletion or restriction of processing, where the conditions are met;
- object to processing based on legitimate interests, where you have particular reasons relating to your situation;
- receive a portable copy of certain information (data portability), where the conditions apply;
- withdraw consent at any time where processing is based on your consent;
- not be subject to solely automated decisions producing legal or similarly significant effects.
To exercise a right, contact privacy@driver.codes. We will respond within one calendar month of receiving a valid request, and will let you know if we need an extension in complex cases.
8. Complaints
If you think we have handled your data incorrectly, please contact us first at privacy@driver.codes. We will acknowledge your complaint promptly and aim to provide a substantive response within one calendar month.
If you are not satisfied with our response, you have the right to complain to the Information Commission, the UK's data protection regulator. Their website is ico.org.uk.
9. Cookies, push notifications and app technologies
The Driver Codes mobile app uses the following categories of technologies:
- crash and performance reporting via our error monitoring sub-processor, to detect and fix issues;
- push notifications delivered through our push notification sub-processor (you can disable in your device settings);
- authentication and session tokens stored securely on your device;
- analytics events where you have granted the relevant app permission and consented in-app.
You can control mobile app permissions through your device settings, and your push notification preferences inside the app.
For website cookies (driver.codes), see the Website Privacy Policy.
10. Marketing
We send marketing only where you have opted in, or where the "soft opt-in" rules of the Privacy and Electronic Communications Regulations 2003 apply. Every marketing email contains an unsubscribe link, and you can manage preferences inside the app or by contacting privacy@driver.codes.
11. Children
The Driver Codes service is intended for people aged 17 or over (the UK minimum driving licence age). We do not knowingly collect personal data from children under 13.
The Data (Use and Access) Act 2025 introduced "children's higher protection matters" that apply to services likely to be accessed by children. The Driver Codes app is not designed for or directed at children, but we keep the design and operation of the service under review in light of this framework.
12. Automated decision-making
We do not make solely automated decisions about you that produce legal or similarly significant effects.
13. Security
We maintain a documented information security programme summarised in our Security Summary at app.driver.codes/documents/security. Controls include access control with multi-factor authentication for administrative access, encryption in transit and at rest, continuous 24x7 automated security monitoring, daily encrypted backups, documented incident response, and UK-hosted core production services. Limited personal data may be processed outside the UK by ancillary providers listed in our Sub-processor List under UK-recognised transfer safeguards.
14. Changes to this notice
We may update this notice from time to time. Material changes will be notified to active account holders through the app or by email, and the updated notice will be published at /legal/app-privacy with a revised version date.
15. Contact
Privacy: privacy@driver.codes
General: hello@driver.codes
RSMT Limited: 19A Queens Road, Hale, WA15 9HF
Company number: 11744436
Information Commission registration: ZA788385