Privacy Policy

Your Privacy Matters

LokOut ("we", "us", "our") operates as an emergency locksmith dispatch service. We take your privacy seriously and are committed to protecting your personal information in accordance with UK GDPR and the Data Protection Act 2018.

1. Information We Collect

1.1 Information You Provide Directly

When you request emergency locksmith services, we collect:

Personal Details: Your name, email address, phone number, and postcode
Issue Description: Optional details about your lockout situation
Job Reference: A unique reference code generated for your booking

1.2 Payment Information

Payment card details are collected and processed by our payment provider, Stripe. We never store your full card details on our servers. Stripe is PCI-DSS Level 1 certified and compliant with UK and EU data protection laws.

1.3 Technical Information

For security and fraud prevention, we automatically collect:

IP address and geographic location
Browser type and version
Device information
Time and date of access
Form submission timing (to detect automated bots)

2. How We Use Your Information

2.1 Primary Purposes (Legitimate Interest & Contract Performance)

Service Delivery: To dispatch an independent locksmith to your location
Payment Processing: To charge the £25 dispatch fee and process refunds where applicable
Communication: To contact you about your booking, provide updates, send confirmation emails, and confirm details
Service Coordination: To share necessary details (name, email, phone, postcode, issue) with the assigned locksmith

2.2 Security & Legal Obligations

Prevent fraud, spam, and abuse of our service
Comply with legal obligations and law enforcement requests
Enforce our Terms of Service
Protect the safety and security of our users and locksmiths

2.3 Service Improvement

Analyze usage patterns to improve our platform
Monitor response times and service quality
Identify and fix technical issues

3. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

Contract Performance: Processing is necessary to fulfill our contract with you (dispatching a locksmith)
Legitimate Interest: Fraud prevention, security, and service improvement
Legal Obligation: Compliance with UK laws and regulations
Consent: Where applicable, such as marketing communications (you can withdraw consent at any time)

4. Data Sharing and Third Parties

4.1 Essential Service Providers

We share your information with the following categories of recipients:

Independent Locksmiths

We share your name, email address, phone number, postcode, and issue description with the locksmith assigned to your job. This is essential for service delivery. All locksmiths are independent contractors and DBS-checked.

Stripe (Payment Processing)

Payment card information and your email address are collected and processed by Stripe, Inc. for payment processing and receipts. Stripe's privacy policy is available at stripe.com/privacy.

Infrastructure Providers

We use the following services to operate our platform:

Vercel: Website hosting (based in USA, GDPR compliant)
Supabase: Database services (data stored in EU)
Cloudflare: Security and bot protection (GDPR compliant)

4.2 What We Don't Do

✓ We never sell your personal information
✓ We never share your data with advertisers
✓ We never use your data for marketing without consent
✓ We don't share data with third parties except as stated above

5. Data Retention

We retain your personal information as follows:

Active Jobs: For the duration of your service and up to 90 days after completion for customer support purposes
Completed Jobs: Job records are retained for 12 months for accounting, legal, and dispute resolution purposes
Payment Records: Retained for 7 years as required by UK tax law
Security Logs: IP addresses and security-related data retained for 90 days

After these periods, personal data is securely deleted or anonymized.

6. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right to Access

Request a copy of the personal data we hold about you.

Right to Rectification

Correct any inaccurate or incomplete personal data.

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data (subject to legal obligations).

Right to Restrict Processing

Request that we limit how we use your data.

Right to Data Portability

Receive your data in a machine-readable format.

Right to Object

Object to processing based on legitimate interests.

Right to Withdraw Consent

Withdraw consent for processing at any time (where consent is the legal basis).

To exercise any of these rights, please contact us using the details in Section 11. We will respond within one month of your request.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

Encryption: All data transmitted over the internet is encrypted using HTTPS/TLS
Secure Storage: Data is stored in secure, access-controlled databases
Access Controls: Limited access to personal data on a need-to-know basis
Bot Protection: Cloudflare Turnstile, rate limiting, and honeypot fields
Regular Security Audits: Ongoing monitoring and security reviews

Despite our best efforts, no method of transmission over the internet is 100% secure. If you have reason to believe your data has been compromised, please contact us immediately.

8. Cookies and Tracking

We use minimal cookies and tracking technologies:

8.1 Essential Cookies

We use strictly necessary cookies for:

Admin session management (login state)
Security and fraud prevention

These cookies are essential for the service to function and do not require consent.

8.2 Third-Party Cookies

Stripe: Sets cookies for payment processing
Cloudflare: Sets cookies for bot detection and security

8.3 What We Don't Use

We do not use analytics cookies, advertising cookies, or social media tracking pixels.

9. International Data Transfers

Your data may be transferred to and processed in countries outside the UK/EEA:

Stripe (USA): Covered by Standard Contractual Clauses (SCCs) and adequacy decisions
Vercel (USA): GDPR-compliant data processing agreement in place

We ensure all international transfers comply with UK GDPR requirements and appropriate safeguards are in place.

10. Children's Privacy

Our service is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately and we will delete it.

11. Contact Us & Data Protection Officer

For privacy-related questions, to exercise your rights, or to lodge a complaint:

LokOut Data Protection

Email: privacy@dispatchlock.co.uk

Address: [Your Registered Business Address]

Company Number: [Your Company Number]

We aim to respond to all requests within one month. If your request is complex, we may extend this by a further two months and will inform you.

Right to Complain

If you're unhappy with how we've handled your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Information Commissioner's Office (ICO)

Website: ico.org.uk

Phone: 0303 123 1113

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

12. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by updating the "Last Updated" date at the top of this policy. For significant changes, we may provide additional notice (such as email notification). We encourage you to review this policy periodically.

13. Legal Basis Summary

Purpose	Legal Basis
Dispatch locksmith service	Contract Performance
Payment processing	Contract Performance
Email confirmations and updates	Contract Performance
Fraud prevention & security	Legitimate Interest
Service improvement	Legitimate Interest
Tax & accounting records	Legal Obligation