Privacy Policy

Version 1.0.0
Effective 10 February 2026
Last updated 8 March 2026

Privacy Policy

Ducktail Garage

Effective Date: 10 February 2026

1. Introduction

Ducktail Digital Ltd ("we", "our", or "us") operates the Ducktail Garage mobile application and website (collectively, the "Service"). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the Service.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. By using the Service, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for your personal data is:

Ducktail Digital Ltd Email: privacy@ducktail.team

3. Data We Collect

3.1 Account Information

When you create an account, we collect your name and email address. This information is necessary to provide you with access to the Service and to manage your account.

3.2 Photos and Media

You may upload photographs and other media files to the Service. These files are stored on our behalf by our infrastructure provider and are used to deliver the core functionality of the platform, including sharing motorsport content with teams, car owners, and other users.

3.3 Payment and Billing Information

If you subscribe to a paid plan, we use Stripe to process payments. We do not store your full credit card details on our servers. Stripe acts as an independent data controller for payment data it processes. Please refer to Stripe's privacy policy for further details on how your payment information is handled.

3.4 Technical and Usage Data

We automatically collect certain technical data when you use the Service, including device information, operating system version, app version, and error/crash reports. This data is collected through Sentry, our error tracking provider, and is used solely for the purpose of identifying and resolving technical issues to improve the reliability of the Service.

4. How We Use Your Data

We use the personal data we collect for the following purposes:

  • To create and manage your account and authenticate your access to the Service.

  • To provide the core functionality of the platform, including storing, organising, and sharing photos and media.

  • To process payments and manage subscriptions through Stripe.

  • To send you push notifications related to your account activity, such as new uploads, team updates, and other relevant alerts.

  • To monitor, diagnose, and fix technical issues using error tracking and crash reporting.

  • To communicate with you about important changes to the Service or this Privacy Policy.

  • To comply with legal obligations applicable to us.

5. Legal Basis for Processing

Under UK GDPR, we rely on the following legal bases for processing your personal data:

  • Contract: Processing your account information, photos, and subscription data is necessary to perform our contract with you and deliver the Service.

  • Legitimate Interests: We process technical and usage data for error tracking and service improvement, which constitutes our legitimate interest in maintaining a reliable platform. We also rely on legitimate interests for sending you service-related push notifications.

  • Legal Obligation: We may process your data where required to comply with applicable laws or regulations.

  • Consent: Where we rely on your consent for any processing activity, you have the right to withdraw that consent at any time.

6. Third-Party Services

We share your data with the following third-party service providers, each of which acts as a data processor on our behalf unless otherwise stated:

6.1 Appwrite (Infrastructure)

Your account data, photos, and media are stored using Appwrite Cloud, hosted within the European Union. Appwrite processes your data on our behalf in accordance with our data processing agreement.

6.2 Stripe (Payments)

Stripe processes your payment information as an independent data controller. We share only the minimum data necessary to facilitate transactions. For more information, see Stripe's privacy policy.

6.3 Apple Push Notification Service (APNs) and Google Firebase Cloud Messaging (FCM)

We use APNs and FCM to deliver push notifications to your device. These services receive a device token associated with your device to deliver notifications. No personally identifiable information beyond the device token is shared with these services for the purpose of notification delivery.

6.4 Sentry (Error Tracking)

Sentry receives technical data including crash reports, device information, and app performance data. This data is used solely for the purpose of diagnosing and resolving technical issues. Sentry does not receive your name, email address, or photos.

6.5 Vercel (Web Hosting)

Our web application is hosted on Vercel. When you access the Service via a web browser, Vercel may process technical data such as your IP address, browser type, and request metadata as part of delivering the web application to you. Vercel acts as a data processor on our behalf. For more information, see Vercel's privacy policy.

7. International Data Transfers

Your primary data is stored within the European Union through Appwrite Cloud. Where data is transferred to third-party providers located outside the UK or the EU (for example, Stripe, Sentry, and Vercel, which are US-based companies), we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or the provider's participation in recognised data protection frameworks, to ensure your data is protected to a standard equivalent to UK GDPR.

8. Data Retention

We retain your personal data for as long as your account is active and as necessary to provide the Service to you.

If you choose to delete your account (which you can do directly within the app), your data will be retained for a period of 30 days following deletion. This grace period allows you to recover your account if you change your mind. After 30 days, all personal data associated with your account, including your photos and media, will be permanently and irreversibly deleted from our systems.

We may retain anonymised or aggregated data that can no longer be linked to you for analytical or statistical purposes beyond this retention period.

9. Cookies and Session Data

The Service uses cookies and similar technologies solely for authentication and session management purposes, as provided by our infrastructure platform (Appwrite). These cookies are strictly necessary for the operation of the Service and do not track your browsing activity across other websites. No third-party tracking or advertising cookies are used.

10. Your Rights Under UK GDPR

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of Access: You have the right to request a copy of the personal data we hold about you.

  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete data.

  • Right to Erasure: You have the right to request that we delete your personal data. You can delete your account directly within the app, or contact us at the address below.

  • Right to Restriction of Processing: You have the right to request that we restrict the processing of your data in certain circumstances.

  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

  • Right to Object: You have the right to object to the processing of your data where we rely on legitimate interests as the legal basis.

  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at privacy@ducktail.team. We will respond to your request within one month, as required by law.

11. Children's Privacy

The Service is not specifically directed at children. However, we do not impose a minimum age requirement for using the Service. If we become aware that we have collected personal data from a child under the age of 13 without verifiable parental consent, we will take steps to delete that information as soon as reasonably possible. If you believe a child under 13 has provided us with personal data, please contact us at privacy@ducktail.team.

12. Data Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include encrypted data transmission (TLS/SSL), secure authentication mechanisms, and access controls limiting who can access your data within our organisation.

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee the absolute security of your data.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable laws. We will notify you of any material changes by posting the updated policy within the app or by sending you a notification. The "Effective Date" at the top of this policy indicates when it was last revised. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Ducktail Digital Ltd Email: privacy@ducktail.team

If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection. You can contact the ICO at https://ico.org.uk or by calling 0303 123 1113.

Document ID: 698b8d9c002ea60803e3