Legal & data protection

Low Loader Logistics (“the Service”) is operated by Sam Edgington, trading as Low Loader Logistics (“we”, “us”). This policy explains what personal data we process and why. We act as a data processor for the operational data your organisation enters, and as a data controller for account and billing data.

What we collect

• Account data — your email address and role (planner or driver).
• Operational data — drivers, vehicles, machines, plans, moves, addresses and what3words references, run sheets, and proof-of-delivery (names of recipients, signatures, photos, notes).
• Location data — a driver’s live position and breadcrumb trail, only while the driver opts in by tapping “Share my location”.
• Usage & technical data — standard server logs (IP, timestamps) needed to run and secure the Service.

Lawful basis

We process operational data on the basis of legitimate interests (running a haulage operation) and contract (providing the Service). Driver location is processed on the basis of the driver’s consent, which they can withdraw at any time by stopping sharing.

How we use it

Solely to provide the Service: planning days, checking loads, routing, dispatch, tracking and proof of delivery. We do not sell data or use it for advertising. There is no AI/LLM processing of your data at runtime.

Your rights (UK GDPR)

You may request access, correction, deletion, restriction, or a copy (portability) of personal data, and you may object to processing. Most data is editable or deletable directly in the app by your organisation’s planner. For anything else, contact us (below).

Retention

Operational data is kept while your account is active and for a reasonable period afterwards for audit, then deleted on request or on account closure. Driver location trails are short-lived operational records.

The Service

Low Loader Logistics is a planning and dispatch tool for low-loader plant haulage. It helps you build a day, check loads, route HGVs, dispatch run sheets, track drivers and capture proof of delivery.

Planning aid — your responsibility

The Service is a planning aid only. Overweight checks, mileage, ETAs, drivers’-hours estimates, emissions and cost figures are estimates, not legal determinations or tachograph records. You remain fully responsible for verifying every load against the trailer plate, axle weights, gross combination weight, and the operator’s licence, and for compliance with drivers’ hours and all applicable law. We accept no liability for operational decisions made using the Service.

Acceptable use

• Use the Service only for your own lawful haulage operations.
• Keep sign-in codes confidential; you are responsible for activity under your account.
• Do not attempt to access another organisation’s data or circumvent security.

Availability

We aim for high availability but the Service is provided “as is” without warranty of uninterrupted operation. Planned maintenance and third-party outages (hosting, mapping, email) may affect availability.

Fees & termination

Where a subscription applies, fees are billed per active driver (planner seats are free; see Billing in the app). Annual billing is available at a discount. You may cancel at any time; access continues to the end of the paid period. Adding drivers or upgrading prorates immediately; removing drivers or downgrading applies at renewal. We may suspend accounts for non-payment or breach of these terms.

Tenant isolation (the headline control)

The Service is multi-tenant with strict isolation. Every record carries an organisation id, and database row-level security enforces that each request can only ever read or write its own organisation’s data — enforced in the database, not just the app. A driver additionally only sees their own moves.

Authentication

Sign-in is passwordless via a one-time emailed code (OTP). Access is role-based — planner (full office access), fitter (maintenance & compliance) and driver (own moves only). Role and tenant are checked on every server request.

Encryption & secrets

All traffic is encrypted in transit (HTTPS/TLS). Data at rest is encrypted by our hosting providers. Third-party API keys (mapping, email, billing) are held server-side onlyand never exposed to the browser.

Hosting & residency

The app is hosted on Vercel; the database and authentication on Supabase (PostgreSQL). Both are reputable providers with their own security and compliance programmes. Backups and point-in-time recovery are handled by the database provider.

Breach response

In the event of a personal-data breach likely to result in a risk to individuals, we will notify affected organisations without undue delay and, where required, the ICO within 72 hours.

Data Processing Agreement

A DPA is available on request for organisations that require one for their own compliance.

We use a small number of trusted providers to deliver the Service:

• Vercel — application hosting and delivery.
• Supabase — database, authentication and realtime.
• HERE Technologies — HGV routing, geocoding and traffic (addresses are sent for routing).
• what3words — three-word address lookups.
• Resend — transactional email (sign-in codes, dispatch confirmations), where enabled.
• Stripe — payment processing, where self-serve billing is enabled. We never store card details.

We will keep this list current and give notice of material changes.

We use only essential cookies needed to keep you signed in (your authentication session). We do not use advertising or third-party tracking cookies. Display preferences (theme, zoom, cost rate) are stored locally in your browser, not in cookies.

For privacy requests, a DPA, or any data-protection question, email privacy@lowloaderlogistics.co.uk. Data-subject requests are actioned in line with UK GDPR timescales.

Operator & registered address:
Sam Edgington, trading as Low Loader Logistics
20 New Quay Court, Old Maltings Approach
Woodbridge, Suffolk, IP12 1AN
United Kingdom

This page is provided for transparency and is not legal advice. Organisations should satisfy themselves that their own use of the Service meets their compliance obligations.