Back to Home
Privacy Policy
Last updated: 17th February 2026
1. Introduction
This privacy policy explains how Oarsman Software Ltd ("we", "us", "our") collects, uses, and protects your personal data when you use our EasyMileage tracking and HMRC claim generation service.
Oarsman Software Ltd is registered in England and Wales (Company Number: 16652196) with registered office at Unit 82a James Carter Road, Mildenhall, Bury St. Edmunds, England, IP28 7DE.
We are seriously committed to protecting your privacy and handling your data in an open and transparent manner. We are registered with the Information Commissioner's Office (ICO) as a data controller (Registration Reference: ZC089111).
2. Contact Information
If you have any questions about this privacy policy or how we handle your data, please contact us:
3. What Data We Collect
We collect and process the following personal data:
- Email address - to send you account notifications, year-end claim reminders, and essential service updates
- Name and employee reference number - to populate your HMRC mileage claim spreadsheets
- Journey data - dates, start/end locations (postcodes), distances, and purpose of journeys for mileage calculations
- Rota information - if you upload work rotas, we extract journey data from them
We also collect:
- Payment information - processed securely through our payment provider (Stripe)
- Usage data - how you interact with the service to improve functionality
We are not interested in and do not collect any other personal identification information beyond what is necessary to operate the mileage tracking service.
4. How We Use Your Data
We use your personal data for the following purposes:
- To track your business mileage and calculate your HMRC mileage allowance claims
- To generate HMRC-compliant spreadsheets for your tax relief claims
- To send you notifications about your account (e.g., when it's time to submit your year-end claim)
- To process your subscription payments
- To send essential service updates via email (such as changes to the service or these terms)
- To maintain, improve, and troubleshoot the service
5. Lawful Basis for Processing
We process your personal data on the following lawful bases:
- Contract performance - Processing is necessary to provide the mileage tracking service you've subscribed to
- Consent - You consent to us processing your journey data and generating claim spreadsheets
- Legitimate interests - To improve our service and prevent fraud
You have the right to withdraw your consent at any time by cancelling your subscription and requesting deletion of your data.
6. Who We Share Your Data With
We share your data with the following third-party service providers who act as data processors on our behalf:
- Stripe - processes your subscription payments. They process your payment card details and email address. Stripe may process data outside the UK with appropriate safeguards in place.
- Hetzner - provides cloud hosting services for our application and database. Your data is stored on secure servers in their data centres.
We have Data Processing Agreements in place with all third-party processors to ensure they handle your data securely and in compliance with UK data protection law.
We do not sell, rent, or share your personal data with ANY other third parties for ANY other reason. This includes your email, journey data, location information, and mileage records. We take data privacy very seriously.
7. International Data Transfers
Some of our service providers (particularly Stripe) may process your data outside the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses approved by the UK authorities
- The service provider's participation in recognized data protection frameworks
- Other lawful transfer mechanisms under UK GDPR
8. How Long We Keep Your Data
We retain your personal data as follows:
- Active subscription: We retain your data for as long as you maintain an active subscription to our service
- After cancellation: When you cancel your subscription, you can choose to either:
- Keep your account and historical data for future reference (dormant account)
- Request immediate deletion of all your data
- HMRC guidance: HMRC requires you to keep mileage records for at least 5 years. We recommend downloading your data before requesting deletion if you may need it for future tax queries
Third-party retention: Our service providers (Stripe, Hetzner) may retain minimal data (such as billing records) for their own legitimate business purposes, typically for accounting, legal compliance, and fraud prevention. We do not control their retention periods.
9. Your Rights
Under UK data protection law, you have the following rights:
- Right of access - You can request a copy of the personal data we hold about you
- Right to rectification - You can update your details at any time through your account settings
- Right to erasure - You can request deletion of your data at any time by cancelling your subscription and requesting account deletion
- Right to data portability - You can download all your journey data and generated spreadsheets in machine-readable formats
- Right to object - You can object to processing of your data, though this would require us to terminate your subscription as we cannot provide the service without processing your journey data
- Right to withdraw consent - You can withdraw consent at any time by cancelling your subscription
- Right to lodge a complaint - If you believe we have not handled your data properly, you can lodge a complaint with the Information Commissioner's Office (ICO):
To exercise any of these rights, please contact us using the details in Section 2.
10. Data Security
We take the security of your data seriously and implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.
These measures include:
- Encrypted data transmission (HTTPS/TLS)
- Secure data storage with access controls and encryption at rest
- Regular security assessments and updates
- Limiting access to personal data to authorized personnel only
- CSRF (Cross-Site Request Forgery) protection to prevent unauthorized actions on your account
- Regular backups stored securely
- Password hashing using industry-standard algorithms
11. Cookies and Tracking
Our website uses only essential cookies that are strictly necessary for the operation and security of the service:
- Session cookies - We use session cookies to keep you logged in to your account. These cookies are deleted when you close your browser or log out
- CSRF tokens - We use CSRF (Cross-Site Request Forgery) cookies to protect your account from unauthorized actions. These security cookies contain random tokens that verify legitimate requests come from you
We do not use:
- Analytics cookies or tracking technologies
- Advertising cookies
- Social media cookies
- Any cookies that track your behavior or preferences
By using our service, you consent to the use of these essential cookies. These cookies are necessary for the functionality and security of the service and cannot be disabled while using the site.
12. Automated Decision Making
We use automated systems to:
- Calculate mileage distances based on postcodes you enter
- Generate HMRC-compliant spreadsheets from your journey data
- Calculate your total claimable mileage allowance using HMRC rates
These automated processes do not make decisions that significantly affect you - they simply calculate data based on HMRC published rates and standard distance calculations. You remain in full control of what data you submit to HMRC.
13. Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. When we make changes, we will:
- Update the "Last updated" date at the top of this policy
- Notify you via email if the changes are significant
- For minor changes, post the updated policy on our website
Your continued use of the service after changes to this policy constitutes acceptance of the updated policy. If you do not agree with changes, you can cancel your subscription.
14. Third-Party Links
Our service may contain links to HMRC guidance, government websites, or other resources. We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies.
15. Children's Privacy
Our service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately so we can delete it.
16. Data Breach Notification
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:
- Notify the ICO within 72 hours of becoming aware of the breach
- Notify affected users without undue delay if the breach poses a high risk
- Provide information about the nature of the breach and steps taken to address it
17. Your Responsibilities
To help us keep your data secure, you should:
- Keep your password secure and not share it with others
- Log out after using the service on shared devices
- Keep your contact information up to date
- Review your journey data regularly for accuracy
- Only upload rotas and journey data that you're authorized to share
18. Business Transfers
If Oarsman Software Ltd is acquired by or merged with another company, your data may be transferred to the new owners. We will notify you of any such change and ensure the new owners continue to honor this privacy policy.