Beta Version — this website is under development
AutoSter
Sign in

Privacy Policy

Last updated: 18 May 2026

1. Who we are

AutoSter (“we”, “us”, “our”) operates the website at autoster.co.uk, a UK marketplace for private car buyers and sellers. We are the “controller” of personal data processed through the site for the purposes of the UK GDPR and the Data Protection Act 2018.

Contact: privacy@autoster.uk.

2. What data we collect

  • Account data: name, email, password hash, phone number (if you choose to verify it).
  • Listing data: vehicle details, photos, asking price, city/region.
  • Messages: messages exchanged between buyers and sellers via our inbox.
  • Usage data: IP address, device, browser, pages viewed, referrer.
  • Cookies: see our Cookie Policy.

3. Why we use it (lawful bases)

  • Contract (Art. 6(1)(b)): create your account, publish listings, deliver messages.
  • Legitimate interests (Art. 6(1)(f)): fraud prevention, service security, basic analytics.
  • Consent (Art. 6(1)(a)): non-essential cookies, marketing emails, SMS verification.
  • Legal obligation (Art. 6(1)(c)): responding to lawful requests from authorities.

4. Who we share data with

We do not sell your personal data. We share it only with:

  • Hosting and backend providers (Lovable Cloud / Supabase, Cloudflare).
  • Email and SMS providers used to send verification or service emails.
  • Analytics providers (Google Analytics) where you have given consent.
  • Law enforcement or regulators where legally required.

5. International transfers

Some providers process data outside the UK (for example, in the EEA or US). Where this happens we rely on UK adequacy regulations, the UK International Data Transfer Addendum to the EU Standard Contractual Clauses, or equivalent safeguards.

6. How long we keep data

  • Account data: while your account is open, plus up to 12 months after closure.
  • Listings: while live, plus 6 months after expiry or deletion (for dispute resolution).
  • Messages: 24 months from last activity.
  • Server logs: up to 90 days.

7. Your rights

Under UK GDPR you have the right to:

  • Access a copy of your personal data.
  • Have inaccurate data corrected or incomplete data completed.
  • Have your data erased (“right to be forgotten”) in certain circumstances.
  • Restrict or object to processing, including direct marketing.
  • Data portability — receive your data in a portable format.
  • Withdraw consent at any time where processing relies on consent.

To exercise any of these rights email privacy@autoster.uk. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

8. Security

We use TLS encryption in transit, encrypted storage at rest, hashed passwords, row-level access controls and regular backups. No system is 100% secure — please use a strong unique password.

9. Children

AutoSter is not directed at children under 16 and we do not knowingly collect their data.

10. Changes to this policy

We will post any changes on this page and update the “Last updated” date. Material changes will be notified by email or in-app banner.