Privacy Policy

Last updated: 5 June 2026

This policy explains how ShiftsPod handles personal data for our website and account holders. Where we process data on behalf of a customer (e.g. their drivers' location and proof-of-delivery records), the customer is the data controller and we act as their processor under our Data Processing Agreement.

Who we are
Controller vs processor
What we collect
Why we use it & legal basis
Who we share it with
How long we keep it
International transfers
Your rights
Security
Contact & complaints

1. Who we are

ShiftsPod is a fleet and driver-management platform operated by Dimva LTD, company no. 16068163, registered at 3 Broadway, Loughborough, LE11 2JD, United Kingdom. We are registered with the UK Information Commissioner's Office (ICO) under reference [ICO reg. number]. For privacy matters contact [email protected].

2. Controller vs processor

We are the controller for: visitors to our website, demo/sales enquiries, and the account administrators who sign up and manage a ShiftsPod company account.

We are a processor for the operational data our customers enter or generate inside the platform — including their drivers' details, GPS location during shifts, proof-of-delivery photos and signatures, and vehicle/trailer check records. The customer (the transport company) is the controller of that data and decides why and how it is used. See our Data Processing Agreement.

3. What we collect

Website & enquiries

Contact details you submit (name, company, email, fleet size, message).
Basic technical data (IP address, browser type) and essential cookies — see our Cookie Notice.

Account administrators

Username, email, hashed password, role, and login timestamps.
Billing data processed by our payment provider, Stripe (we do not store card numbers).

Operational data (as processor, on behalf of customers)

Driver name, username and assignment;
GPS location recorded while a driver is on an active shift;
Proof-of-delivery photos and signatures, delivery references and timestamps;
Vehicle and trailer inspection records and reported defects.

4. Why we use it & legal basis

Purpose	Lawful basis (UK GDPR Art. 6)
Providing and operating the service	Contract
Billing and subscription management	Contract
Responding to sales enquiries	Legitimate interests
Security, fraud prevention, audit logs	Legitimate interests / legal obligation
Service emails & operational alerts	Contract / legitimate interests

For operational data (drivers' location etc.) the lawful basis is determined by our customer as controller — typically their legitimate interests in managing deliveries and fleet safety, subject to informing their drivers.

We use a small number of trusted sub-processors to run the service:

Provider	Purpose	Location
Stripe	Payments & subscriptions	EU / US (SCCs)
Brevo (Sendinblue)	Transactional & alert emails	EU
Cloudflare	CDN, network & DDoS protection	Global edge
Contabo GmbH	Application & database hosting	EU (Germany)

We do not sell personal data or use it for advertising.

6. How long we keep it

Sales enquiries: up to 24 months, then deleted.
Account & operational data: for the life of the account; deleted or returned within 30 days of account closure (see DPA).
Audit logs: retained per the customer's configured retention period (default 90 days).
Billing records: retained for 6 years to meet UK tax/accounting law.

7. International transfers

Where data is transferred outside the UK (e.g. some Stripe processing), we rely on UK adequacy regulations or the International Data Transfer Agreement / EU Standard Contractual Clauses with appropriate safeguards.

8. Your rights

Under UK GDPR you have rights to access, rectify, erase, restrict, port and object to processing of your personal data. If you are a driver and your data is held on behalf of your employer, please contact your employer (the controller); we will assist them in fulfilling your request. Otherwise contact us at [email protected].

9. Security

We protect data with encryption in transit (TLS), hashed passwords (bcrypt), role-based access control, tenant isolation, audit logging, rate limiting and least-privilege access. No system is perfectly secure, but we take appropriate technical and organisational measures and notify customers of any breach affecting their data without undue delay.

10. Contact & complaints

Email [email protected]. You also have the right to complain to the ICO (ico.org.uk), though we'd appreciate the chance to resolve your concern first.