1Overview
Tricivo ("we," "our," or "us") operates the Tricivo operations platform, accessible at tricivo.com and associated mobile applications (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
This policy applies to all users including business owners, operators, administrators, drivers, and any personnel who access the system. By using the Service, you consent to the practices described in this Privacy Policy.
Who controls your data: Tricivo acts as a data controller in respect of user personal data. Where you use Tricivo to process data about your own customers, employees, or drivers, you act as data controller and Tricivo acts as data processor on your behalf.
Tricivo is committed to complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and where applicable, the EU GDPR.
2Data We Collect
We collect information you provide directly, data generated through use of the Service, and in some cases data from third-party sources.
Account & Business Information
- Business name, address, and contact details
- Owner/administrator name and email address
- Account login credentials (passwords stored as cryptographic hashes only)
- Billing information (processed by third-party payment processors; we do not store card details)
- Subscription tier and plan details
Operational Data (Input by You or Your Team)
- Customer names, addresses, phone numbers, and email addresses
- Customer ID documents and compliance records
- Booking details, job histories, and scheduling information
- Vehicle information including make, model, registration, and condition
- Driver profiles, contact details, attendance, and availability records
- Receipt data, payment records, and financial transaction information
- Skip and bin inventory details and tracking information
- Photographs uploaded through the driver mobile application
- Customer signatures captured via the mobile application
Automatically Collected Data
- IP addresses and browser or device identifiers
- Log data including pages visited, timestamps, and access records
- Usage patterns and feature interaction data
- Mobile device information (device type, operating system, app version)
- Location data from the driver mobile app (only when permission is explicitly granted)
Email & File Ingestion Data
Where you use Tricivo's booking automation features, we may process data from email content fetched from connected inboxes, files uploaded for data extraction (CSV, Excel, PDF), and third-party booking platforms connected via API. This data is processed solely to create bookings on your behalf.
3How We Use Your Data
We use the information we collect for the following purposes:
| Purpose | Details |
|---|---|
| Service Delivery | Providing, operating, and maintaining the Tricivo platform and its features including booking management, driver coordination, and receipt generation. |
| Automated Workflows | Processing bookings, generating receipts, sending automated SMS and email notifications to customers and drivers, and managing compliance workflows. |
| Third-Party Sync | Transmitting financial records and transaction data to connected accounting platforms (e.g. QuickBooks) where you have authorised the integration. |
| Customer Support | Responding to support requests, technical issues, and feature requests submitted through the support portal or by phone. |
| Platform Improvement | Analysing anonymised usage data to improve platform performance, functionality, and user experience. |
| Security & Fraud Prevention | Monitoring for unauthorised access, suspicious activity, and protecting the integrity of the platform and user data. |
| Legal & Compliance | Fulfilling legal obligations, maintaining audit trails, and supporting regulatory compliance requirements applicable to your operations. |
| Billing & Payments | Processing subscription payments, managing invoices, and handling financial transactions for platform access. |
4Legal Basis for Processing (UK GDPR)
Under UK GDPR, we rely on the following legal bases for processing personal data:
- Contract performance — Processing necessary to deliver the services you have contracted us for, including operating your account and providing platform features.
- Legitimate interests — Processing for legitimate business interests such as improving the platform, preventing fraud, and ensuring security, where not overridden by your rights.
- Legal obligation — Processing necessary to comply with applicable laws and regulations, including statutory data retention requirements.
- Consent — Where you have provided specific consent, such as for marketing communications. You may withdraw consent at any time by contacting us.
5Data Sharing & Disclosure
We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:
Service Providers & Processors
We engage trusted third-party service providers who process data on our behalf under strict data processing agreements. These include hosting providers, SMS gateway services, email delivery services, and payment processors.
Integration Partners (User-Authorised)
Where you explicitly authorise an integration (such as connecting QuickBooks), we transmit the relevant data to that platform. You control which integrations are active and may disconnect them at any time via your account settings.
Legal Requirements
We may disclose data where required by law, court order, or regulatory authority, or to protect the rights, property, or safety of Tricivo, our users, or the public.
Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will provide advance notice and ensure the same standards of privacy protection continue to apply.
✓ We never sell your data. Your operational and personal data is never shared with advertisers, data brokers, or marketing platforms for commercial purposes.
6Third-Party Integrations
Tricivo integrates with third-party platforms to extend functionality. Below describes each integration and data flows involved.
QuickBooks (Intuit Inc.)
When you enable the QuickBooks integration, Tricivo transmits transaction data to your QuickBooks account via Intuit's authorised API. This enables automatic synchronisation of financial records including PDF receipt attachments where applicable.
- Data transferred: transaction amounts, dates, customer references, job identifiers, and payment method details
- PDF receipts may be attached to transactions as supporting documents
- Data processed by Intuit is governed by Intuit's Privacy Statement (available at intuit.com)
- You may disconnect the QuickBooks integration at any time via account settings
- Tricivo does not retain QuickBooks credentials; authentication is managed via OAuth 2.0
SMS Gateway Providers
Customer mobile numbers and message content are transmitted to our SMS gateway provider solely to deliver booking confirmation, reminder, and update notifications on your behalf.
Email Delivery Services
Email addresses and message content are processed by our email delivery provider to send automated notifications, receipts, and communications on your behalf.
⚠ Note: When data is shared with third-party platforms at your direction, those platforms' own privacy policies govern how they handle that data. We recommend reviewing the relevant privacy policies of any integrated services you enable.
7Data Security
We implement appropriate technical and organisational security measures to protect your data against unauthorised access, alteration, disclosure, or destruction.
Technical Safeguards
- All data in transit is encrypted using TLS 1.2 or higher (HTTPS enforced)
- Sensitive data stored at rest is encrypted using industry-standard algorithms
- Passwords are stored only as cryptographic hashes; they are never stored in plain text
- Access controls restrict data access to authorised personnel and users only
- Regular security assessments and vulnerability monitoring procedures
- Secure backup systems including batch download capabilities for receipts and documents
Organisational Safeguards
- Driver app accounts are restricted to data relevant to each driver's assigned jobs only
- Administrator role controls over user access levels and permissions
- Offline mode in the driver app holds data encrypted locally until sync is completed
- Incident response procedures for data breach detection and regulatory notification
Data Breach Notification
In the event of a personal data breach posing risk to your rights and freedoms, we will notify the ICO within 72 hours and, where high risk exists, notify affected individuals without undue delay, as required by UK GDPR Article 33 and 34.
8Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.
| Data Type | Retention Period | Reason |
|---|---|---|
| Account & business data | Duration of subscription + 7 years | Contractual records and legal obligation |
| Financial & transaction records | 7 years from transaction date | HMRC and accounting regulations |
| Booking & job histories | 6 years from job completion | Operational records and dispute resolution |
| Customer records | 6 years from last interaction | Compliance and operational continuity |
| Driver records | Duration of employment + 6 years | Employment law requirements |
| Support communications | 3 years from resolution | Service quality and dispute resolution |
| System and access logs | 12 months | Security monitoring |
Upon account termination, personal data will be deleted or anonymised within a reasonable period, subject to mandatory legal retention periods. You may request a data export prior to account closure.
9Your Rights Under UK GDPR
As a data subject under UK GDPR, you have the following rights:
- Right of Access — Request a copy of the personal data we hold about you (Subject Access Request).
- Right to Rectification — Request correction of inaccurate or incomplete personal data.
- Right to Erasure — Request deletion of your personal data where there is no compelling reason for continued processing, subject to legal retention obligations.
- Right to Restrict Processing — Request that we limit how we use your data in certain circumstances.
- Right to Data Portability — Request a copy of your data in a structured, machine-readable format.
- Right to Object — Object to processing based on legitimate interests or for direct marketing.
- Rights Related to Automated Decision-Making — The right not to be subject to solely automated decisions with significant effects without your explicit consent.
To exercise any of these rights, contact us at privacy@tricivo.com. We will respond within 30 days. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.
10Cookies & Tracking Technologies
We use cookies and similar technologies to maintain your login session, remember your preferences, and improve platform performance. We do not use third-party advertising cookies.
- Essential cookies — Required for platform operation (session management, authentication). These cannot be disabled.
- Functional cookies — Remember your preferences and settings to improve your experience.
- Analytics cookies — Anonymised usage data to understand how the platform is used and where improvements can be made.
You can manage non-essential cookies through your browser settings. Disabling certain cookies may impact platform functionality.
11Children's Privacy
The Tricivo platform is designed exclusively for business use by adults. We do not knowingly collect personal data from anyone under the age of 18. If you believe a minor has provided personal data through our platform, please contact us immediately and we will take prompt steps to remove such information.
12International Data Transfers
Tricivo primarily stores and processes data within the UK and EEA. Where data is transferred outside these regions — for example, when using integrations such as QuickBooks whose servers may be located in the United States — we ensure appropriate safeguards are in place including Standard Contractual Clauses (SCCs), adequacy decisions, or other approved transfer mechanisms as required by UK GDPR Chapter V.
By enabling third-party integrations, you acknowledge that data may be transferred internationally as necessary to deliver the integrated service, and that such transfers will be subject to appropriate protections.
13Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the Effective Date at the top of this page, notify registered users via email or in-platform notification, and where legally required, obtain your consent. Your continued use of the Service after changes constitutes acceptance of the updated policy.
14Contact Us
For questions, concerns, or requests relating to this Privacy Policy or how we handle your personal data, please reach us through the following: