Skip to content
Back to home

Privacy Policy

Effective date: 4 June 2026

1. Who we are

Motlyze (“we”, “us”) provides a UK vehicle MOT history and decision-support service. This policy explains how we process personal data when you use Motlyze (the “Service”), including when you browse without an account and when you register, subscribe, or save vehicles to your dashboard.

2. Data we collect

  • Account data: If you register, we process your email address, authentication identifiers, and optional profile name via Supabase Auth.
  • Vehicle lookups: Registration plates you search are sent to the DVSA MOT History API and, where configured, the DVLA Vehicle Enquiry Service to retrieve official records.
  • Saved shortlist: Signed-in users may save registrations, make/model labels, and last MOT status to their dashboard (stored in Supabase Postgres with row-level security).
  • Billing & credits: Subscription tier, Stripe customer/subscription IDs, and credit usage ledger entries are stored in our application database.
  • Motlyze reports: When you generate a paid Motlyze report, MOT summary data is sent to our AI provider (Groq and/or OpenRouter) to produce narrative guidance. We do not send your email to AI providers.
  • Technical data: IP address, request logs, cookies for authentication, and theme preference (local storage) may be processed to operate and secure the Service.

3. Legal bases (UK GDPR)

  • Contract: To provide MOT lookups, accounts, subscriptions, and features you request.
  • Legitimate interests: Security, fraud prevention, rate limiting, and service improvement.
  • Consent: Where we rely on consent (for example optional communications), you may withdraw it at any time.

4. Processors & transfers

We use trusted providers including:

  • Supabase (authentication and database hosting)
  • Stripe (payments)
  • Vercel (hosting)
  • DVSA / DVLA (official vehicle data APIs)
  • Groq / OpenRouter (AI narratives, when enabled)
  • Upstash (rate limiting, when configured)
  • Sentry (error monitoring, when configured)

Some providers may process data outside the UK. We rely on appropriate safeguards where required.

5. Retention

  • Account and billing records are kept while your account is active and for a reasonable period thereafter for legal and accounting purposes.
  • Saved shortlist entries persist until you delete them or delete your account.
  • Credit ledger entries are retained as an audit trail and are not routinely deleted.
  • Server logs are retained according to our hosting provider’s policies (typically limited duration).

6. Your rights

Under UK data protection law you may have rights to access, rectify, erase, restrict, or object to processing, and to data portability where applicable.

Signed-in users can export their data via Account → Export my data or GET /api/account. You may delete your account from the Account page or DELETE /api/account, which removes saved searches and billing records associated with your user ID and cancels active Stripe subscriptions where possible.

Contact hello@motlyze.app for other requests. We aim to respond within 30 days.

7. Cookies and local storage

We use essential cookies for Supabase authentication when you sign in. Theme preference may be stored in your browser (local storage). We do not use marketing or third-party analytics cookies on the Service.

8. Security

We apply technical and organisational measures including HTTPS, row-level security, rate limiting, and access controls. No system is completely secure.

9. Changes

We may update this policy. Material changes will be posted on this page with a new effective date.

10. Contact

Questions: hello@motlyze.app