Scout The Auction Whisperer
← Back to Scout

Privacy Policy

Last updated: 11 March 2026  |  Effective: 11 March 2026

1. Who We Are

This Privacy Policy explains how MOT LOGS LTD, trading as Scout — The Auction Whisperer ("we", "us", "our"), collects, uses, and protects your personal data when you use our website and services at scout.motlogs.com (the "Service").

We are the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Our contact details are:

  • Email: Sales@MOTLogs.com
  • Postal address: 27 Old Gloucester Street, London, United Kingdom, WC1N 3AX
  • Data Protection Contact: Sales@MOTLogs.com

2. What Data We Collect

We collect and process the following categories of personal data:

2.1 Account Information

  • Mobile phone number (used for account verification via OTP)
  • Subscription and billing status (managed via Stripe; we do not store card details)

2.2 Usage Data

  • IP addresses and approximate geolocation derived from IP
  • Browser type, device type, and operating system
  • Pages visited, timestamps, and session duration

2.3 Search Queries

  • Vehicle registration numbers you search for
  • Free-text questions submitted to our AI assistant ("Ask Scout")

2.4 Payment Data

  • Payment processing is handled entirely by Stripe, Inc. We receive only a Stripe Customer ID, subscription status, and plan type. We never receive, process, or store your full card number, CVV, or bank account details.

3. How We Use Your Data (Purposes & Lawful Bases)

Under Articles 6 and 9 of the UK GDPR, we must have a lawful basis for each processing activity. The table below sets out our purposes and the corresponding legal grounds.

Purpose Lawful Basis (Art. 6)
Providing the Service (account creation, vehicle lookups, reports) Contract — necessary for the performance of our contract with you (Art. 6(1)(b))
Processing payments and managing subscriptions via Stripe Contract — Art. 6(1)(b)
Sending OTP verification codes to your mobile Contract — Art. 6(1)(b)
Fraud prevention, security monitoring, and abuse detection Legitimate Interest — protecting our Service and users (Art. 6(1)(f))
Analytics and service improvement (aggregated, anonymised usage patterns) Legitimate Interest — understanding how the Service is used (Art. 6(1)(f))
Complying with legal obligations (e.g. tax records, law enforcement requests) Legal Obligation — Art. 6(1)(c)

Where we rely on Legitimate Interest, we have conducted a Legitimate Interest Assessment (LIA) and concluded that our interests do not override your rights and freedoms. You may request a copy of the relevant LIA by contacting us at Sales@MOTLogs.com.

4. AI Processing & Embeddings

When you search for a vehicle registration or submit a question to our AI assistant, your query is processed by locally hosted AI embedding models (specifically, bge-small-en) to perform semantic search across our vehicle database.

Important clarifications:

  • Your search queries are not used to train any public or third-party AI models.
  • The embedding vectors generated from your queries are transient — they exist only for the duration of the search request and are not retained as personally identifiable vectors.
  • No personal data is transmitted to external AI providers. All AI processing occurs on our own infrastructure.
  • We may retain a log of the registration numbers you have searched (linked to your account) for the purpose of enforcing usage limits and providing your search history. This is processed under our contractual basis.

5. Cookies & Tracking Technologies

We use strictly necessary cookies to operate the Service (e.g. authentication, anti-forgery tokens, session management). We do not deploy non-essential cookies unless you provide active, opt-in consent via our cookie banner.

For full details on the cookies we use and how to manage your preferences, please see our Cookie Policy.

6. Who We Share Your Data With

We share personal data only with the following categories of recipients:

  • Stripe, Inc. — Payment processing. Stripe acts as an independent data controller for payment data. See Stripe's Privacy Policy.
  • Hetzner Online GmbH — Infrastructure hosting (servers located in the EU/EEA). Hetzner acts as a data processor under a Data Processing Agreement (DPA).
  • Law enforcement or regulators — Where required by law or to protect our legal rights.

We do not sell your personal data to any third party.

7. International Transfers

Your data is primarily stored on servers in the EU/EEA (Hetzner, Finland). Where data is transferred outside the UK (for example, to Stripe's US-based infrastructure), such transfers are protected by:

  • UK International Data Transfer Agreements (IDTAs), or
  • Standard Contractual Clauses (SCCs) approved by the ICO, or
  • An adequacy decision by the UK Secretary of State.

8. How Long We Keep Your Data

Data Category Retention Period
Account information Duration of your account + 12 months after deletion request
Search / check history Duration of your account + 6 months
Payment records 6 years (HMRC legal obligation)
Server access logs (IP, user agent) 90 days
AI query logs 30 days (then permanently deleted)

9. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

  1. Right of Access (Art. 15) — Request a copy of the personal data we hold about you.
  2. Right to Rectification (Art. 16) — Request correction of inaccurate or incomplete data.
  3. Right to Erasure (Art. 17) — Request deletion of your personal data ("right to be forgotten").
  4. Right to Restrict Processing (Art. 18) — Request that we limit how we use your data.
  5. Right to Data Portability (Art. 20) — Receive your data in a structured, machine-readable format.
  6. Right to Object (Art. 21) — Object to processing based on legitimate interest or direct marketing.
  7. Rights Related to Automated Decision-Making (Art. 22) — You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. Our risk scores are informational aids only and do not constitute automated decision-making with legal effect.
  8. Right to Withdraw Consent (Art. 7(3)) — Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

How to Exercise Your Rights

To make a Subject Access Request (SAR) or exercise any of the above rights, please email us at Sales@MOTLogs.com with the subject line "Data Rights Request".

We will respond to all valid requests within 30 calendar days. If your request is complex or we receive a high volume of requests, we may extend this by a further 60 days and will notify you accordingly.

We may ask you to verify your identity before processing your request to protect your data from unauthorised access.

10. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encrypted data in transit (TLS/HTTPS where applicable)
  • Access controls and authentication for all administrative systems
  • Regular security reviews and patching of server infrastructure
  • Minimisation of data collection to what is strictly necessary

While we take all reasonable precautions, no method of transmission over the Internet is 100% secure. In the event of a personal data breach, we will notify the ICO within 72 hours (where required) and affected individuals without undue delay.

11. Children's Privacy

Our Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at Sales@MOTLogs.com and we will delete it promptly.

12. Your Right to Complain

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent supervisory authority for data protection:

  • Website: ico.org.uk/make-a-complaint
  • Helpline: 0303 123 1113
  • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first at Sales@MOTLogs.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via a prominent notice on our website. The "Last updated" date at the top of this page indicates when this policy was most recently revised.

Your continued use of the Service after any changes constitutes acceptance of the updated policy.

Rejoining the server...

Rejoin failed... trying again in seconds.

Failed to rejoin.
Please retry or reload the page.

The session has been paused by the server.

Failed to resume the session.
Please retry or reload the page.