PitCRM ("we", "us", or "our") operates the PitCRM vehicle workshop management platform, available on the web at app.pitcrm.com and as a mobile application. This Privacy Policy explains how we collect, use, and protect your information.
Your data is stored using Supabase (PostgreSQL) hosted in the United Kingdom (AWS London region, eu-west-2). Files and media — including inspection photos and media received from your customers over WhatsApp — are stored using Cloudflare R2. Data is encrypted in transit and at rest, and is backed up regularly, with backups held securely and rotated on a rolling cycle. We take appropriate technical and organisational measures to protect your data against unauthorised access, loss, or disclosure.
We do not sell your data, and we do not use it to train any artificial intelligence or machine learning models. We share data only with the following third-party processors necessary to operate PitCRM:
Where you use PitCRM to message your own customers, the recipient's phone number and message content are shared with the relevant messaging provider (Twilio for SMS, Meta for WhatsApp) solely to deliver that message.
For personal data about your own customers that you enter into PitCRM, you are the data controller and we act as your data processor, processing that data on your instructions to provide the service. For your account and billing data, we are the controller. Our Data Processing Agreement, which forms part of our Terms, sets out these processor obligations in full.
Where the UK GDPR or other applicable data protection law applies, we process personal data: to perform our contract with you (providing the Service and processing payments); for our legitimate interests (securing the Service, preventing fraud and abuse, and understanding how the Service is used so we can improve it); to comply with legal obligations (such as keeping accounting records); and, where applicable, with your consent. Where we act as your processor for data about your own customers, you are responsible for the legal basis for that processing.
Authorised Gears and Motor Ltd personnel may access your account and the data within it where necessary to operate the Service — for example, to provide support, manage billing, investigate issues, or maintain the security and integrity of the platform. Such access is limited to authorised staff, controlled, and logged. We do not access your data for any other purpose, we do not sell it, and we do not use it to train any artificial intelligence or machine learning models.
Your data is stored in the United Kingdom. If you are located outside the United Kingdom, your data is transferred to and stored in the UK to provide the Service. Some of our sub-processors (for example, Stripe, Twilio, Resend, Meta and Vercel) operate outside the UK. Where personal data is transferred across borders, we rely on appropriate safeguards — such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, the EU Standard Contractual Clauses, or transfers to jurisdictions covered by applicable adequacy regulations.
We comply with the UK GDPR and, where it applies to your use of the Service, the EU GDPR and other applicable data protection laws. You have the right to access, correct, delete, or port your personal data, and to object to or restrict its processing. To exercise any of these rights, contact us at support@pitcrm.com. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) or with the data protection supervisory authority in your country.
We retain your data for as long as your account is active. When you delete your account, your data is removed from our active systems within 30 days; during that period the deletion can be reversed if you contact us. We may retain a limited set of records where the law requires it (for example, invoices for accounting and tax purposes), which are deleted once the legal retention period ends.
Media your customers send your business over WhatsApp (such as photos, voice notes, and documents) is automatically deleted 12 months after it is received. It is also deleted earlier where the relevant customer record, or your account, is deleted. For details of how to request deletion, see our Data Deletion page.
Within the PitCRM application (app.pitcrm.com), we use browser local storage and session storage for authentication and user preferences. These are essential to the operation of the Service, and the application does not set advertising or third-party tracking cookies.
Our public marketing website (pitcrm.com) uses Google Analytics to understand how visitors use the site so we can improve it. Google Analytics sets analytics cookies. These are not essential, so we ask for your consent before they are set: when you first visit the site you can accept or decline non-essential cookies, and you can change your choice at any time using the "Cookie settings" link in the site footer. If you decline, no analytics cookies are set. We do not use advertising cookies.
PitCRM is a business application not intended for anyone under the age of 18. We do not knowingly collect data from minors.
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or in-app notification.
Gears and Motor Ltd (company number 16220676)
1 Beauchamp Court, 10 Victors Way, Barnet, Hertfordshire, EN5 5TZ, United Kingdom
Email: support@pitcrm.com
Website: pitcrm.com
Terms & Conditions · Data Deletion · Data Processing Agreement