Skip to main content
Hauly.beta
Hauly.beta
Get a quote

Legal

Privacy Policy

Last updated: June 2026

1. Who We Are

Hauly ("we", "our", "us") operates the platform at hauly.co.uk — a UK same-day courier marketplace that connects customers with independent, vetted courier drivers. We are the data controller for personal data collected through this website and our services.

For data protection enquiries, contact us at privacy@hauly.co.uk.

2. What Data We Collect

Customers (people booking a courier)

  • Full name
  • Email address
  • Phone number
  • Collection and delivery postcodes / addresses
  • Item type, weight, and urgency
  • Payment information (processed by Stripe — we do not store card details)
  • Job history and delivery status
  • Optional: delivery instructions and notes

Courier drivers (people applying to drive for Hauly)

  • Full name, email address, phone number
  • Date of birth
  • Base postcode and operating radius
  • Vehicle details (type, make, model, registration, year)
  • Driving licence number, expiry, and document scan
  • Goods-in-transit insurance details and document scan
  • Public liability insurance details and document scan
  • Hire and reward (H&R) motor insurance details
  • Real-time GPS location (only while actively using the Hauly driver app)
  • Stripe Connect account details (for payouts)
  • Job history, ratings, and completion statistics

Website visitors

  • IP address and approximate location
  • Browser type and device information
  • Pages visited and time on site (via Google Analytics GA4)
  • Referral source

3. Lawful Basis for Processing

We process personal data under the following lawful bases under UK GDPR:

  • Contract performance — to arrange and fulfil your courier booking, or to onboard and pay you as a driver.
  • Legitimate interests — to improve our platform, prevent fraud, dispatch jobs efficiently, and send service-related communications. We have conducted a legitimate interests assessment (LIA) and determined that these interests are not overridden by your rights.
  • Legal obligation — to retain financial and transaction records as required by HMRC and applicable law.
  • Consent — for marketing emails and SMS, where you have opted in. You may withdraw consent at any time.

4. How We Use Your Data

  • Processing and fulfilling courier bookings
  • Matching jobs to available drivers based on location and vehicle type
  • Sending job offer notifications via SMS or WhatsApp (drivers only)
  • Processing payments and driver payouts via Stripe
  • Verifying driver identity, vehicle, and insurance documents
  • Providing real-time delivery tracking to customers
  • Responding to support enquiries and complaints
  • Improving dispatch algorithms and platform performance
  • Preventing fraud and ensuring platform safety
  • Complying with legal and regulatory obligations
  • Sending transactional emails (booking confirmations, proof of delivery)

5. Third Parties We Share Data With

We share personal data with the following third parties only as necessary to provide our service:

  • Stripe (stripe.com) — payment processing and driver payouts via Stripe Connect. Stripe is PCI-DSS Level 1 certified. Stripe Privacy Policy.
  • Supabase (supabase.com) — database and backend infrastructure. Data is stored in the EU (Ireland). Supabase Privacy Policy.
  • Resend (resend.com) — transactional email delivery (booking confirmations, driver notifications).
  • Google Analytics 4 — anonymised website usage analytics. IP anonymisation is enabled. Google Privacy Policy.
  • TextBee / WhatsApp Business API — SMS and WhatsApp job offer notifications to drivers (opt-in only).
  • OpenRouter / AI providers — AI-generated job summaries. Only non-identifying delivery metadata (postcodes, item type) is processed.

We do not sell, rent, or trade your personal data to any third party for marketing purposes.

6. Driver Location Data

When you use the Hauly driver platform, we collect your real-time GPS location to enable accurate job dispatch and customer tracking. Location data is collected only when you are actively logged in and set to "online" within the driver portal. Location data is retained for 90 days for operational purposes, after which it is deleted. You can stop location sharing at any time by setting yourself offline or logging out.

7. Cookies

We use the following cookies:

  • Essential cookies — required for the platform to function (driver session cookie, security tokens). These cannot be disabled.
  • Analytics cookies — Google Analytics 4 cookies (_ga, _gid) to understand how visitors use the site. These are anonymised. You may opt out via your browser settings or Google's opt-out tool.

We do not use advertising, retargeting, or third-party tracking cookies.

8. Data Retention

  • Customer booking data — retained for 7 years to comply with HMRC requirements for financial records, then deleted.
  • Driver applications (rejected) — retained for 6 months, then deleted.
  • Driver records (active) — retained for the duration of the driver relationship plus 7 years for financial/legal compliance.
  • Driver location history — retained for 90 days, then deleted.
  • Contact form submissions — retained for 2 years, then deleted.
  • Analytics data — retained for 14 months in Google Analytics (default GA4 setting).

9. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access — request a copy of all personal data we hold about you.
  • Right to rectification — ask us to correct inaccurate data.
  • Right to erasure — request deletion of your data (subject to legal retention requirements).
  • Right to restrict processing — ask us to pause processing your data in certain circumstances.
  • Right to data portability — receive your data in a machine-readable format.
  • Right to object — object to processing based on legitimate interests, including profiling for dispatch ranking.
  • Right to withdraw consent — withdraw marketing consent at any time without affecting prior processing.

To exercise any of these rights, email privacy@hauly.co.uk. We will respond within 30 days. We may need to verify your identity before actioning a request.

10. Data Security

We implement industry-standard security measures including: encrypted data transmission (TLS), encrypted data storage, access controls limiting data to authorised personnel, HTTP security headers (CSP, HSTS, X-Frame-Options), and regular security reviews. Our database provider (Supabase) maintains SOC 2 Type II compliance.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay.

11. International Transfers

Your data is primarily stored and processed within the UK and EU. Where third-party services process data outside the UK/EU (e.g. some Stripe infrastructure in the US), appropriate safeguards are in place under UK GDPR Article 46 (standard contractual clauses or adequacy decisions).

12. Children's Privacy

Our services are not directed to persons under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe a minor has submitted data to us, contact us at privacy@hauly.co.uk and we will delete it promptly.

13. Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint or by calling 0303 123 1113. We ask that you contact us first so we have the opportunity to resolve your concern.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. Continued use of our services after a change constitutes acceptance of the updated policy.

15. Contact Us

For any privacy-related questions or to exercise your rights, contact: privacy@hauly.co.uk

Postal address: Hauly, United Kingdom.