Table of Contents
1. Who We Are
LockRoute Pro ("we", "our", "us") is a UK-based software-as-a-service (SaaS) platform that provides smart scheduling, route optimisation, and job management tools for mobile auto locksmiths.
We are the data controller for the personal data we process through our platform, website, and related services. We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Data Controller: LockRoute Pro
Email: support@lockroutepro.com
2. Data We Collect
We collect and process the following categories of personal data:
2.1 Account Information
- Name — your full name, used to personalise your account and communications.
- Email address — used for account authentication, notifications, and support.
- Password — stored in a securely hashed format; we never store plain-text passwords.
2.2 Job & Business Data
- Job details — descriptions, types, statuses, and notes related to your locksmith appointments.
- Customer information — names, addresses, phone numbers, and vehicle registration details you enter for your jobs.
- Scheduling data — calendar entries, time blocks, and appointment times.
2.3 Location Data
- Job addresses — customer locations you enter for route planning and navigation.
- Home/base address — your starting location, used for route optimisation and travel time calculations.
- Geocoded coordinates — latitude and longitude derived from addresses to enable mapping and routing features.
2.4 Technical Data
- IP address and approximate location
- Browser type and version
- Device type and operating system
- Usage data such as pages visited and features used
- Session cookies and authentication tokens
3. How We Use Your Data
We use your personal data for the following purposes:
| Purpose | Data Used |
|---|---|
| Provide and operate the LockRoute Pro service | Account info, job data, location data |
| Route optimisation and map display | Addresses, geocoded coordinates |
| Calendar scheduling and time-block suggestions | Job data, scheduling data, location data |
| User authentication and session management | Email, password, session cookies |
| Customer support and communications | Name, email |
| Service improvement and analytics | Technical data, usage patterns |
| Legal compliance and fraud prevention | Account info, technical data |
4. Legal Basis for Processing
Under the UK GDPR, we process your personal data on the following legal bases:
- Performance of a contract (Article 6(1)(b)) — Processing is necessary to provide you with the LockRoute Pro service you have signed up for, including scheduling, routing, and job management.
- Legitimate interests (Article 6(1)(f)) — We process certain data for service improvement, analytics, security, and fraud prevention, where our interests do not override your rights and freedoms.
- Consent (Article 6(1)(a)) — Where required, such as for optional marketing communications or non-essential cookies, we rely on your explicit consent. You may withdraw consent at any time.
- Legal obligation (Article 6(1)(c)) — We may process data to comply with applicable laws, regulations, or legal proceedings.
5. Data Sharing & Third Parties
We do not sell your personal data. We share data only with the following trusted third-party service providers who process data on our behalf:
5.1 Supabase
We use Supabase as our database and authentication provider. Your account information, job data, and application data are stored securely on Supabase infrastructure. Supabase processes data in accordance with their privacy policy and provides enterprise-grade security including row-level security, encryption at rest, and encryption in transit.
5.2 Mapbox
We use Mapbox to provide mapping, geocoding, and route optimisation features. When you use routing or map features, address and location data is sent to Mapbox to generate maps, calculate routes, and convert addresses to coordinates. Mapbox processes this data in accordance with their privacy policy.
5.3 Other Disclosures
We may also disclose your data where required by law, regulation, or legal process, or to protect our rights, property, or safety, or the rights, property, or safety of others.
6. Cookies & Tracking
We use cookies and similar technologies to operate and improve our service. The cookies we use fall into the following categories:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Authentication, session management, security. These are strictly necessary for the service to function. | Session / up to 30 days |
| Functional | Remembering your preferences, such as map view settings and calendar layout. | Up to 1 year |
| Analytics | Understanding how users interact with our service to improve features and performance. | Up to 1 year |
You can manage your cookie preferences through your browser settings. Please note that disabling essential cookies may prevent you from using certain features of the service. For full details, please see our Cookie Policy.
7. Data Storage & Security
We take the security of your data seriously and implement appropriate technical and organisational measures to protect it, including:
- Encryption in transit — All data transmitted between your browser and our servers is encrypted using TLS/SSL.
- Encryption at rest — Data stored in our database is encrypted at rest using AES-256 encryption.
- Access controls — Row-level security policies ensure users can only access their own data.
- Secure authentication — Passwords are hashed using industry-standard algorithms (bcrypt). Session tokens are securely generated and managed.
- Regular backups — Automated database backups protect against data loss.
- Infrastructure security — Our infrastructure provider (Supabase) maintains SOC 2 Type II compliance and undergoes regular security audits.
While we implement robust security measures, no method of electronic storage or transmission is 100% secure. If you become aware of any security vulnerability, please contact us immediately at support@lockroutepro.com.
8. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:
- Active accounts — Your data is retained for the duration of your account and active use of the service.
- Closed accounts — Upon account deletion, we will delete or anonymise your personal data within 30 days, except where we are required by law to retain certain records.
- Financial records — Billing and transaction data may be retained for up to 7 years to comply with UK tax and accounting regulations.
- Technical logs — Server logs and security records are retained for up to 12 months for security and troubleshooting purposes.
9. Your Rights Under GDPR
Under the UK GDPR, you have the following rights regarding your personal data:
- Right of access (Article 15) — You have the right to request a copy of the personal data we hold about you.
- Right to rectification (Article 16) — You can request correction of inaccurate or incomplete personal data.
- Right to erasure (Article 17) — You can request deletion of your personal data (the "right to be forgotten"), subject to certain legal exceptions.
- Right to restrict processing (Article 18) — You can request that we limit how we use your data in certain circumstances.
- Right to data portability (Article 20) — You can request to receive your personal data in a structured, commonly used, machine-readable format.
- Right to object (Article 21) — You can object to processing based on legitimate interests or for direct marketing purposes.
- Right to withdraw consent — Where we rely on your consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at support@lockroutepro.com. We will respond to your request within one month, as required by law.
If you are not satisfied with how we handle your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection.
Website: ico.org.uk
Helpline: 0303 123 1113
10. International Data Transfers
Our primary data storage is located within the European Economic Area (EEA). However, some of our third-party service providers may process data outside the UK and EEA.
Where data is transferred internationally, we ensure appropriate safeguards are in place, including:
- Transfers to countries with an adequacy decision from the UK government.
- Standard Contractual Clauses (SCCs) approved by the relevant authorities.
- Binding corporate rules or other approved transfer mechanisms.
11. Children's Privacy
LockRoute Pro is a business tool designed for professional auto locksmiths. Our service is not directed at individuals under the age of 18, and we do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:
- Update the "Last updated" date at the top of this page.
- Notify you by email or through an in-app notification where appropriate.
- Where required by law, obtain your consent to any material changes.
We encourage you to review this policy periodically to stay informed about how we protect your data.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:
LockRoute Pro
Email: support@lockroutepro.com
We aim to respond to all enquiries within 48 hours.