Privacy Policy
Sarivo Analytics
Last updated: 14 January 2026
This Privacy Policy explains how Sarivo Analytics ("Sarivo", "we", "us", "our") collects, uses, shares and protects personal data when you visit our website or use our web application, Sarivo Forecourt Co-Pilot (together, the "Service").
The Service is designed for business customers in the UK automotive retail sector. Where we say "you", we mean the individual user (for example a dealership owner, manager or staff member) using the Service on behalf of a business customer.
1. Who we are and how to contact us
Sarivo Analytics is the trading name of: Sarivo Analytics, company number: 16532422, registered office: Lifford Hall Lifford Lane, Kings Norton, Birmingham, United Kingdom, B30 3JN
Email: support@sarivoanalytics.co.uk
We have not appointed a Data Protection Officer (DPO). If you have questions or requests about this Privacy Policy, contact us using the details above.
2. What this policy covers
This Privacy Policy covers personal data we process when you:
- visit our website (including when you submit an enquiry);
- create an account and use Sarivo Forecourt Co-Pilot;
- communicate with us (for example by email or support ticket); and
- receive emails from us (including service messages and, where permitted, marketing).
Our Service may contain links to third-party websites (for example vehicle advert pages). We are not responsible for third-party privacy practices. Please check their policies.
3. Personal data we collect
We collect the following categories of personal data:
Account and contact details:
Name, email address, phone number (if provided), dealership/business name, job role, login details, and account preferences.
Billing and subscription details:
Billing contact details, billing address, VAT details (if provided), subscription plan and payment status. Card payments are processed by our payment provider and we do not store full card numbers or CVV.
Usage and technical data:
IP address, device and browser information, time zone settings, log-in and activity logs, feature usage, and diagnostic data (for example error logs).
Vehicle and dealership data you enter:
Vehicle registration mark (VRM), mileage, asking price, notes, stock status, dealership postcode, search radius and other configuration settings. A VRM may be personal data in some circumstances. You should only enter VRMs where you have a lawful reason to do so.
Communications:
Emails, support tickets, call notes (if any), and any information you choose to provide when contacting us.
Cookies and similar technologies:
We use cookies and similar technologies for essential site functionality and, with consent, analytics or marketing. See our Cookie Policy for details.
4. Where we get personal data from
We collect personal data:
- directly from you and other Authorised Users (for example when you create an account or add a vehicle);
- from our business customer (for example when a dealership admin invites a user);
- from service providers involved in operating the Service (for example payment and email providers); and
- from our licensed data suppliers where needed to perform vehicle lookups and market comparisons (for example to decode a VRM or retrieve comparable listings).
5. How we use personal data and our lawful bases
UK GDPR requires a lawful basis to process personal data. The main lawful bases we rely on are:
- Contract: processing is necessary to provide the Service you (or your business) requested.
- Legitimate interests: processing is necessary for our legitimate interests (for example security, fraud prevention, service improvement), provided your rights do not override those interests.
- Consent: where required (for example non-essential cookies and certain marketing). You can withdraw consent at any time.
- Legal obligation: where we must comply with a legal duty (for example tax and accounting).
The table below summarises the main purposes and lawful bases:
| Purpose | Examples | Lawful basis |
|---|---|---|
| Provide and operate the Service | Create accounts, authenticate users, process vehicle entries and lookups, show dashboards, send weekly action emails. | Contract |
| Billing and payments | Take subscription payments, manage invoices, prevent payment fraud, handle renewals/cancellations. | Contract; Legal obligation |
| Customer support | Respond to enquiries, troubleshoot issues, provide service communications. | Contract; Legitimate interests |
| Security and abuse prevention | Protect accounts, enforce plan limits, prevent misuse that could breach third-party licensing, detect suspicious activity. | Legitimate interests; Contract |
| Service analytics and improvement | Analyse usage patterns, debug errors, improve features and reliability. | Legitimate interests |
| Marketing (where permitted) | Send product updates, offers, and relevant communications. You can opt out at any time. | Legitimate interests (B2B soft opt-in where applicable) and/or Consent |
| Legal compliance and claims | Comply with legal obligations and defend legal claims. | Legal obligation; Legitimate interests |
6. Sharing personal data
We do not sell your personal data. We may share personal data with:
- Payment providers (for example Stripe) to take subscription payments.
- Cloud hosting and infrastructure providers (for example database and hosting services) to run the Service.
- Email and communications providers to send transactional and service emails (and marketing where permitted).
- Analytics, monitoring and security providers to help us understand performance and protect the Service.
- Licensed data providers used to deliver the Service (for example for VRM decoding and market comparables).
- Professional advisors (lawyers, accountants, insurers) where necessary.
- Authorities where required by law, court order, or to protect rights and safety.
- A buyer or successor if we sell or restructure our business (with appropriate safeguards).
We only share the minimum necessary information for the relevant purpose, and we put appropriate contractual safeguards in place with service providers.
7. International transfers
Some of our service providers may process personal data outside the UK. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, and risk assessments where required.
You can contact us to ask for more information about transfers and safeguards.
8. Data retention
We keep personal data only for as long as needed for the purposes described above, unless a longer period is required by law.
Typical retention periods are:
- Account data: for as long as the account is active, and then typically up to 24 months after closure (unless we need to retain it longer for legal reasons).
- Billing and transaction records: typically 6 years to meet HMRC and accounting requirements.
- Usage logs and security logs: typically 12 to 24 months, unless needed for investigating security incidents.
- Support communications: typically 2 years after the last interaction.
- Vehicle and lookup history: retained while your account is active to provide reporting and audit trails; certain derived metrics may be retained longer. We may cache third-party listing data for limited periods (for example up to 48 hours) for performance and licensing compliance.
- Cookie preferences: typically up to 12 months (see Cookie Policy).
9. Security
We use appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, monitoring, and least-privilege access. No online system is perfectly secure, but we continually work to reduce risk.
10. Your rights
You have rights under UK GDPR, including the right to:
- request access to your personal data;
- request correction of inaccurate data;
- request deletion of your personal data (in certain circumstances);
- request restriction of processing (in certain circumstances);
- object to processing based on legitimate interests (in certain circumstances);
- withdraw consent where we rely on consent; and
- lodge a complaint with the Information Commissioner's Office (ICO).
To exercise your rights, contact us using the details in section 1. We may need to verify your identity. We aim to respond within one month.
ICO contact details: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, UK. Telephone: 0303 123 1113.
11. Marketing preferences
You can opt out of marketing emails at any time by using the unsubscribe link in the email or by contacting us. We may still send important service messages (for example about account security or billing).
12. Automated decision-making
We do not make decisions about you based solely on automated processing that produce legal effects or similarly significant effects. We may use automated systems to generate summaries (for example the weekly action email), but your dealership remains responsible for pricing and purchasing decisions.
13. Children
The Service is not intended for children and we do not knowingly collect personal data from anyone under 16.
14. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. We will post the latest version on our website and update the "Last updated" date at the top.
15. Contact
If you have questions about this policy or how we handle personal data, contact: privacy@sarivoanalytics.co.uk
Legal note: This Privacy Policy is a robust draft for a UK B2B SaaS service. It does not constitute legal advice.