Data Protection & Privacy
Last updated: 10 July 2026
1. Who we are
Quick & Steady Courier is the data controller for personal data collected through this site. We process your data in accordance with the UK GDPR and the Data Protection Act 2018.
2. Data we collect
- Account: name, email, phone number, password (hashed).
- Booking: pickup and dropoff addresses, parcel description, sender and recipient names and phone numbers.
- Payment: handled directly by Stripe; we never store your card details.
- Technical: IP address, browser type, and usage logs for security and reliability.
3. Why we use it (lawful basis)
- Contract — to fulfil your bookings and collect payment.
- Legitimate interests — to secure our service and improve it.
- Legal obligation — to retain invoicing and tax records.
4. Sharing
We share data only with processors that help us deliver the service: our hosting and database provider, Stripe (payments), and Google Maps (route calculation). We do not sell personal data and do not share it for marketing purposes.
5. Retention
Booking and invoice records are retained for 6 years to meet HMRC requirements. Account data is kept while your account is active and deleted on request unless we need to retain it for legal reasons.
6. Your rights
You have the right to access, correct, delete or export your personal data, and to object to or restrict processing. To exercise any of these rights, contact us via the address on our website. You may also complain to the Information Commissioner's Office (ico.org.uk).
7. Security
Data is transmitted over TLS and stored in encrypted databases with role-based access controls. We use row-level security to ensure customers can only access their own bookings.