VANLOG

Privacy Policy

Last updated: June 2026

1. What Personal Data We Collect

When you use VanLog, we collect:

  • Account Information: Name, email address, password (hashed), company name
  • Job Data: Client names, job addresses, quoted prices, job dates, job descriptions
  • Materials Data: Materials you log, quantities, costs, suppliers
  • Expense Data: Labour costs, subcontractor expenses, skip hire, parking, delivery costs
  • Mileage Data: Journey start/end locations, distances, dates, which jobs trips relate to
  • Supplier Information: Merchant names, phone numbers, emails, addresses, account numbers
  • Photos: Images you upload (job site photos, receipt photos)
  • Usage Data: How you use the app (features accessed, time spent, errors encountered)
  • Device Data: Device type, browser type, IP address, operating system
  • Location Data: Approximate location (for regional tax/mileage rate detection)
  • Payment Data: Billing address, payment method (processed by Stripe, not stored by us)

2. How We Use Your Data

We use your data to:

  • Provide and improve VanLog services
  • Send you service-related emails (signup confirmation, password reset, billing notifications)
  • Analyze app performance and fix bugs
  • Detect and prevent fraud or abuse
  • Comply with legal obligations
  • Respond to your support requests

We DO NOT:

  • ❌ Sell your data to third parties
  • ❌ Use your data to train AI models
  • ❌ Share your job or financial data with anyone
  • ❌ Use your location data for marketing
  • ❌ Store full credit card numbers

3. Receipt Scanner & Gemini API

When you use VanLog Pro's receipt scanner:

  • Your receipt image is sent to Google Gemini API over HTTPS (encrypted)
  • Gemini extracts text (items, costs, supplier details)
  • The image is not stored by Google
  • The image is not used to train AI models
  • The image is deleted after processing
  • Only extracted data is saved to your VanLog account

For details on Google's privacy practices: https://policies.google.com/privacy

4. Where Your Data Is Stored

Your data is stored on Google Cloud in the europe-west2 region (London, UK). This means:

  • All data is encrypted in transit (HTTPS) and at rest (Google Cloud encryption)
  • Google Cloud complies with GDPR, Privacy Act (AU/NZ), and PIPEDA (Canada)
  • Daily automated backups are maintained
  • Only you can access your data (Firebase security rules enforce this)

If you're in Australia, New Zealand, or Canada: By using VanLog, you consent to your data being stored and processed outside your country on Google Cloud servers in the UK.

5. Data Retention & Deletion

While your account is active: We keep your data as long as you use VanLog.

After you delete your account:

  • Personal info (name, email) deleted within 30 days
  • All job data, materials, expenses, mileage deleted within 30 days
  • Backup copies retained for 90 days then deleted
  • Anonymized analytics data kept indefinitely (no personally identifying info)

You can:

  • Export all your data as CSV anytime (Account Settings > Data & Privacy)
  • Request deletion of specific data by emailing hello@vanlog.io
  • Request full data export in machine-readable format

6. Third Parties Who Access Your Data

Third PartyPurposeYour Data
Google FirebaseData storage, authentication, hostingAll data (encrypted)
Google Gemini APIReceipt image processing (Pro feature)Receipt images (deleted after processing)
StripePayment processingName, email, billing address (PCI compliant)
Firebase AnalyticsUsage analyticsAnonymized usage data (no personal info)

None of these third parties use your data for their own marketing or AI training.

7. Your Privacy Rights

Depending on where you live, you have the right to:

  • Access: See all data we hold about you
  • Export: Get your data in machine-readable format (CSV, JSON)
  • Delete: Request deletion of your data (except legally required records)
  • Correct: Update inaccurate data
  • Restrict: Limit how we use your data
  • Object: Opt out of analytics or non-essential processing

To exercise any of these rights, email privacy@vanlog.io and we will respond within 30 days.

8. Cookies & Tracking

VanLog uses:

  • Essential cookies: Required for login and session management (no consent needed)
  • Analytics cookies: Firebase Analytics to understand how you use VanLog (requires consent)

You can disable analytics cookies in Account Settings > Privacy without affecting service functionality.

9. Security

We protect your data with:

  • HTTPS encryption for all data in transit
  • Google Cloud encryption for all data at rest
  • One-way password hashing (bcrypt, never stored in plaintext)
  • Firestore security rules (you only see your own data)
  • 24/7 intrusion detection monitoring
  • Regular security audits
  • Daily automated backups

No method of transmission over the Internet is 100% secure. While we use industry-standard security, we cannot guarantee absolute security.

10. Data Breach Notification

If we discover unauthorized access to your data, we will:

  • Investigate immediately
  • Notify you within 72 hours (GDPR requirement)
  • Explain what happened and what we're doing
  • Provide guidance on protecting yourself

11. Children's Privacy

VanLog is not intended for children under 13. We do not knowingly collect data from children. If we become aware of data from a child under 13, we will delete it immediately.

12. Contact Us

For privacy questions or to exercise your rights:

UK: Information Commissioner's Office (ICO) — ico.org.uk
Australia: Office of the Australian Information Commissioner (OAIC) — oaic.gov.au
New Zealand: Office of the Privacy Commissioner — privacy.org.nz
Canada: Office of the Privacy Commissioner — priv.gc.ca
Ireland: Data Protection Commission — dataprotection.ie

Terms of ServiceBack to Home