Privacy policy

Wayspost Ltd is the data controller for personal data processed via our platform. This policy explains what we collect, why, and how we protect it under the UK GDPR and Data Protection Act 2018.

What we collect

• Account: name, email, phone, postcode.
• Bookings: pickup/dropoff postcodes, item descriptions, contact phone, delivery photos.
• Drivers: licence number, vehicle details, DBS result, payout bank details.
• Technical: IP, device, cookies (see cookie policy).

Why we use it

• To match deliveries with drivers and process payments.
• To verify driver eligibility (legitimate interest).
• To prevent fraud and meet legal obligations.
• To send service emails (contractual necessity) and, with your consent, marketing.

Sharing

We share with: Stripe (payments), the matched Driver/Customer for the booking, our infrastructure providers, and authorities when legally required. We never sell personal data.

Retention

Account data is kept while your account is active. Booking records are retained for 7 years for tax compliance. Driver verification records: 5 years after termination.

Your rights

You can access, correct, delete, restrict or port your data. Request these from your account settings or by emailing privacy@wayspost.com. You can complain to the ICO (ico.org.uk) at any time.

International transfers

Our infrastructure is UK/EU-hosted. Where data is processed outside the UK we rely on Standard Contractual Clauses.

Security

Encryption in transit (TLS) and at rest, role-based access, MFA for staff. We will notify you and the ICO of any qualifying breach within 72 hours.

Contact

Data protection enquiries: privacy@wayspost.com.