Data Protection & Privacy

Last updated: 10 July 2026

1. Who we are

Quick & Steady Courier is the data controller for personal data collected through this site. We process your data in accordance with the UK GDPR and the Data Protection Act 2018.

2. Data we collect

  • Account: name, email, phone number, password (hashed).
  • Booking: pickup and dropoff addresses, parcel description, sender and recipient names and phone numbers.
  • Payment: handled directly by Stripe; we never store your card details.
  • Technical: IP address, browser type, and usage logs for security and reliability.

3. Why we use it (lawful basis)

  • Contract — to fulfil your bookings and collect payment.
  • Legitimate interests — to secure our service and improve it.
  • Legal obligation — to retain invoicing and tax records.

4. Sharing

We share data only with processors that help us deliver the service: our hosting and database provider, Stripe (payments), and Google Maps (route calculation). We do not sell personal data and do not share it for marketing purposes.

5. Retention

Booking and invoice records are retained for 6 years to meet HMRC requirements. Account data is kept while your account is active and deleted on request unless we need to retain it for legal reasons.

6. Your rights

You have the right to access, correct, delete or export your personal data, and to object to or restrict processing. To exercise any of these rights, contact us via the address on our website. You may also complain to the Information Commissioner's Office (ico.org.uk).

7. Security

Data is transmitted over TLS and stored in encrypted databases with role-based access controls. We use row-level security to ensure customers can only access their own bookings.