Corviz — Automated Customer Retention for MOT Garages

1. Who We Are

Corviz is a software-as-a-service platform operated by Corviz ("we", "us", "our"). We provide automated customer retention tools for independent UK garages. Our contact email is hello@getcorviz.com.

This Privacy Policy explains how we collect, use, and protect personal data in connection with the Corviz platform and website (getcorviz.com).

2. Data We Collect About You (Garage Owners)

When you register and use Corviz, we collect:

Account data: your name, email address, and password (hashed)
Garage information: garage name, address, phone number
Billing data: payment details processed and stored securely by Stripe — we do not store card numbers
Usage data: how you interact with the platform, automation logs, message delivery records

3. Customer Data You Upload

You may upload personal data about your customers (names, phone numbers, email addresses, vehicle details, and service history) to Corviz for the purpose of sending automated reminders.

In relation to this data:

You are the data controller — you determine the purpose and means of processing
We are the data processor — we process data only on your instructions to deliver the service
We do not use your customer data for any other purpose
We do not sell or share customer data with third parties except as necessary to deliver the service (e.g. SMS gateway providers)

You are responsible for ensuring you have a lawful basis to contact your customers under UK GDPR and UK PECR before using Corviz to send them messages.

4. How We Use Your Data

We use the data we collect to:

Provide and operate the Corviz platform
Process payments and manage your subscription
Send you service notifications and account-related emails
Respond to support requests
Improve the platform and fix issues

Our lawful basis for processing your data is the performance of a contract (your subscription) and our legitimate interests in operating and improving the service.

5. Third-Party Services

We use the following third-party services to operate Corviz:

Supabase — database and authentication (data stored in EU region)
Stripe — payment processing
Resend — transactional email delivery
Twilio / SMS provider — SMS delivery

Each provider has their own privacy policy and security standards. We only share data with these providers to the extent necessary to deliver the service.

6. Data Retention

We retain your account data for as long as your account is active. If you cancel your subscription and do not reactivate within 90 days, we may delete your account and associated data.

You can request deletion of your data at any time by emailing hello@getcorviz.com. We will action deletion requests within 30 days.

7. Your Rights

Under UK GDPR, you have the right to:

Access the personal data we hold about you
Correct inaccurate data
Request deletion of your data ("right to be forgotten")
Restrict or object to processing
Data portability — receive your data in a machine-readable format

To exercise any of these rights, contact us at hello@getcorviz.com.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

We use only essential cookies required for authentication and session management. We do not use tracking or advertising cookies.

9. Security

We take reasonable technical and organisational measures to protect your data, including encrypted connections (HTTPS), hashed passwords, and access controls. No system is completely secure — in the event of a data breach affecting your rights, we will notify you and the ICO as required by law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you by email at least 14 days before material changes take effect. Continued use of the service after that date constitutes acceptance of the updated policy.

11. Contact

For any privacy-related questions or requests, contact us at hello@getcorviz.com.