Privacy Policy

Last updated: 6 January 2026

1. Introduction

Car Finance Refund Letter ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our document generation service.

2. Information We Collect

2.1 Personal Information

When you use our service, we collect the following personal information:

  • Full name and title
  • Current address and postcode
  • Email address and phone number
  • Previous name and postcode (if applicable)
  • Vehicle registration number
  • Finance agreement details (lender, agreement number, dates)
  • Payment information (processed securely through Stripe)

2.2 Automatically Collected Information

We may automatically collect certain information about your device, including:

  • IP address
  • Browser type and version
  • Operating system
  • Pages visited and time spent on our site

3. Legal Basis for Processing

Under the UK General Data Protection Regulation (UK GDPR), our lawful bases for processing your personal information are:

  • Contract: We need to process your personal data to fulfill our contract with you (i.e., to generate and deliver your complaint letter).
  • Consent: We rely on your consent for optional cookies and marketing communications. You may withdraw this consent at any time.
  • Legal Obligation: We may need to process your data to comply with legal requirements, such as tax and accounting laws.
  • Legitimate Interests: We may use your data for our legitimate business interests, such as improving our services and preventing fraud, provided these interests are not overridden by your rights.

4. How We Use Your Information

We use the information we collect to:

  • Generate your personalized complaint letter PDF
  • Process your payment through Stripe
  • Send you the generated document via email through Brevo
  • Provide customer support
  • Improve our service and user experience
  • Comply with legal obligations

5. Data Retention

We retain your personal information and generated documents for 90 days from the date of creation. After this period, all data is automatically deleted from our systems, including Firebase Storage and Firestore database.

Payment transaction records may be retained longer as required by financial regulations and tax laws.

6. Third-Party Services

We use the following third-party services to provide our service:

6.1 Stripe

We use Stripe for payment processing. Stripe collects and processes your payment information in accordance with their privacy policy. We do not store your full credit card details on our servers.

6.2 Brevo (formerly Sendinblue)

We use Brevo to send transactional emails containing your generated documents. Your email address and name are shared with Brevo for this purpose.

6.3 Google Firebase

We use Google Firebase for hosting, database storage (Firestore), and file storage. Your data is stored on Google's secure servers in accordance with their privacy policy.

6.4 Google Analytics

We may use Google Analytics to understand how visitors use our site. This service uses cookies to collect anonymous usage data.

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using SSL/TLS
  • Secure cloud storage with Google Firebase
  • Access controls and authentication
  • Regular security assessments

8. Your Rights Under GDPR and UK DPA

If you are located in the UK or EU, you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data before the 90-day retention period
  • Right to Restrict Processing: Request limitation of data processing
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing of your data
  • Right to Withdraw Consent: Withdraw consent at any time

9. Cookies

We use cookies to improve your experience on our website. For detailed information about the cookies we use, please see our Cookie Policy.

10. Children's Privacy

Our service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us.

Ready to generate your complaint letter?

Your data is protected and will be automatically deleted after 90 days.