Privacy Policy
Last updated: 19 February 2026
1. Introduction
Zohti Ltd ("Zohti", "we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our fleet management platform, mobile application, and website (collectively, the "Service").
By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
2. Information We Collect
2.1 Information You Provide
- Account information: name, email address, company name, and job title when you register or submit an enquiry.
- Fleet data: vehicle details, inspection records, defect reports, checklists, and maintenance logs you enter into the platform.
- Payment information: billing details processed securely through our third-party payment provider. We do not store full card numbers.
- Communications: messages you send to us via the contact form, email, or support channels.
2.2 Information Collected Automatically
- Device & usage data: IP address, browser type, operating system, device identifiers, pages visited, and interaction patterns.
- Location data: GPS coordinates collected through the mobile app (with your consent) for inspection verification and geofencing.
- Log data: server logs including timestamps, API requests, and error reports.
3. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service.
- Process vehicle inspections, defect tracking, and compliance reporting.
- Send notifications about inspection results, defects, and compliance deadlines.
- Respond to enquiries and provide customer support.
- Improve and personalise the Service based on usage patterns.
- Comply with legal obligations, including DVSA and transport regulations.
- Detect and prevent fraud or security incidents.
4. Legal Basis for Processing (UK GDPR)
We process your personal data under the following lawful bases:
- Contract: processing necessary to provide the Service you have subscribed to.
- Legitimate interests: improving the Service, ensuring security, and communicating relevant updates.
- Legal obligation: complying with UK transport regulations, tax laws, and record-keeping requirements.
- Consent: where you have given explicit consent, such as for location tracking or marketing communications.
5. Data Sharing & Disclosure
We do not sell your personal data. We may share information with:
- Service providers: cloud hosting (Amazon Web Services), email delivery, and analytics providers who process data on our behalf under strict data processing agreements.
- Regulatory bodies: DVSA or other transport authorities when required by law or regulation.
- Business transfers: in connection with a merger, acquisition, or sale of assets, with appropriate safeguards.
- Legal requirements: when required by law, court order, or to protect our rights and safety.
6. Data Storage & Security
Your data is stored on secure servers hosted by Amazon Web Services (AWS) in the United Kingdom (eu-west-2 region). We implement industry-standard security measures including:
- Encryption in transit (TLS 1.2+) and at rest (AES-256).
- Role-based access controls and multi-factor authentication.
- Regular security audits and vulnerability assessments.
- Automated backups with point-in-time recovery.
7. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. Inspection and compliance records are retained in accordance with UK transport regulations (typically a minimum of 15 months for walk-around check records). After account deletion, we will remove or anonymise your data within 90 days, unless retention is required by law.
8. Your Rights
Under the UK GDPR, you have the right to:
- Access: request a copy of the personal data we hold about you.
- Rectification: request correction of inaccurate or incomplete data.
- Erasure: request deletion of your personal data ("right to be forgotten").
- Restriction: request that we limit how we process your data.
- Portability: receive your data in a structured, machine-readable format.
- Objection: object to processing based on legitimate interests or direct marketing.
- Withdraw consent: where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.
9. Cookies
We use essential cookies to maintain your session and preferences. We may also use analytics cookies (with your consent) to understand how the Service is used. You can manage cookie preferences through your browser settings.
10. International Transfers
Your data is primarily stored and processed within the United Kingdom. If any data is transferred outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the ICO.
11. Children's Privacy
The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.
13. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
- Email: [email protected]
- General enquiries: [email protected]
- Post: Zohti Ltd, London, United Kingdom
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.