MyHerroMyHerro

Last updated: March 2026

Privacy Policy

1. Introduction

MyHerro Ltd ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our platform and services. By using MyHerro, you consent to the practices described in this policy.

2. Data Controller

MyHerro Ltd is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us at privacy@myherro.com.

3. Data We Collect

We collect the following types of information:

Account Information

  • Name and contact details (email, phone number)
  • Account credentials (encrypted)
  • Profile information

Service Information

  • Vehicle details (make, model, registration)
  • Pickup and delivery addresses
  • Service preferences and history
  • Communication records

Payment Information

  • Payment card details (processed securely by Stripe)
  • Transaction history
  • Billing address

Technical Information

  • IP address and browser type
  • Device information
  • Usage data and analytics
  • Cookies and similar technologies

Partner-Specific Data

  • Business registration details
  • Insurance documentation
  • Licence information
  • Vehicle and equipment details

4. How We Use Your Data

We use your information to:

  • Provide and improve our services
  • Process bookings and payments
  • Connect customers with Partners
  • Communicate service updates and notifications
  • Verify Partner credentials and eligibility
  • Handle customer support enquiries
  • Prevent fraud and ensure platform security
  • Comply with legal obligations
  • Send marketing communications (with your consent)
  • Analyse and improve our platform

5. Legal Basis for Processing

We process your data based on:

  • Contract: To fulfil our service agreement with you
  • Legitimate Interests: To operate and improve our business
  • Consent: For marketing communications and cookies
  • Legal Obligation: To comply with applicable laws

6. Cookies

We use cookies and similar technologies to enhance your experience. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

7. Third-Party Services

We share data with the following types of third-party services:

  • Payment Processing: Stripe processes payments securely. Your payment details are handled directly by Stripe under their privacy policy.
  • Database Services: Supabase provides our database infrastructure with data stored securely in compliance with GDPR.
  • Email Services: We use email service providers to send transactional and marketing emails.
  • Analytics: We may use analytics services to understand how users interact with our platform.
  • Maps and Location: Google Maps services for address lookup and routing.

8. Data Sharing

We may share your data with:

  • Partners: Customer contact details and vehicle information are shared with Partners to complete booked services
  • Customers: Partner business details, ratings, and contact information are shared with customers for bookings
  • Service Providers: Third parties who help us operate the platform
  • Legal Authorities: When required by law or to protect our rights

We do not sell your personal data to third parties.

9. Data Retention

We retain your data for as long as necessary to provide our services and comply with legal obligations:

  • Active accounts: Data retained while account is active
  • Closed accounts: Core data retained for 7 years for legal/tax purposes
  • Booking records: Retained for 7 years
  • Marketing preferences: Retained until you unsubscribe
  • Technical logs: Typically retained for 12 months

10. Your Rights Under GDPR

Under the UK GDPR, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data (subject to legal retention requirements)
  • Right to Restrict Processing: Request limitation of data processing
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to certain types of processing
  • Right to Withdraw Consent: Withdraw consent for consent-based processing

To exercise any of these rights, contact us at privacy@myherro.com. We will respond within one month.

11. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption of data in transit and at rest
  • Secure password hashing
  • Access controls and authentication
  • Regular security assessments
  • Staff training on data protection

12. International Transfers

Your data may be processed by third-party services located outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

13. Children's Privacy

Our services are not directed at individuals under 18 years old. We do not knowingly collect data from children. If we become aware that we have collected data from a child, we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or through the Platform. The "Last updated" date at the top indicates when the policy was last revised.

15. Complaints

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Phone: 0303 123 1113

16. Contact Us

For privacy-related enquiries or to exercise your rights:

  • Email: privacy@myherro.com
  • General enquiries: support@myherro.com
  • Website: www.myherro.com