Privacy Notice.

1. Who we are

ROAD is operated by ROAD CO. UK LIMITED, a company registered in England and Wales under company number 16903248.

Registered office:

ROAD CO. UK LIMITED
51 Nelson Road
Gorleston
Great Yarmouth
England
NR31 6AT

Website: https://www.roadco.uk
App: https://app.roadco.uk
Contact: contact@roadco.uk

For data protection purposes, ROAD CO. UK LIMITED is the data controller for personal data processed through the ROAD website, web app, mobile app, access request system, MARK system, user accounts, filings, public extracts, Teams features and related services.

2. What this notice covers

This notice applies when you:

• visit the ROAD website;
• create and access a ROAD account;
• request, receive or use a MARK;
• create or use a ROAD account;
• create a ROAD;
• file entries;
• upload or attach evidence;
• choose visibility settings such as Private, Withheld or Public;
• appear on public ROAD surfaces such as public extracts, Pulse, Discover or Teams pages;
• contact us;
• receive service emails or marketing emails from us;
• use any ROAD mobile application.

3. Personal data we collect

Access request and MARK data. When you submit an access request or interact with the MARK system, we may collect:

• email address;
• access request timestamp;
• session timestamp and arrival time;
• time spent on site;
• sections of the site reached;
• unique session MARK or issued MARK;
• confirmation that you acknowledged this Privacy Notice or related terms;
• approval, rejection, invitation or access status;
• administrative notes required to manage access.

Account and identity data. When you create or use an account, we may collect:

• email address;
• authentication identifiers;
• MARK;
• handle, username, display name or profile name;
• optional profile information that you choose to provide;
• public extract settings;
• social or contact links that you choose to add;
• account status;
• data-rights request history;
• account deletion request history.

ROAD and filing data. When you use the ROAD system, we may collect:

• ROAD title;
• ROAD type, classification, discipline or category;
• term, start date, day count and commitment metadata;
• entry text;
• filing status;
• timestamps;
• record history;
• visibility settings;
• correction, amendment, withholding or deletion-request records.

Evidence and supporting material. If you choose to upload or attach evidence, we may process:

• images or files you upload;
• external links you attach;
• YouTube or other supported proof links;
• proof descriptions;
• technical metadata generated during upload or compression;
• storage paths or signed access links required to display evidence where permitted.

You should not upload evidence unless you have the right to do so and are comfortable with that evidence being processed in line with this notice and your chosen visibility setting.

Location and device-related data. Where enabled by the user or required for operation, ROAD may process:

• approximate or specific location data that you choose to provide;
• browser type;
• device type;
• operating system;
• app version;
• IP address;
• server logs;
• security logs;
• diagnostic data;
• crash, error or performance data.

We do not use location data for behavioural advertising.

Teams and coach/member data. If you use ROAD Teams or related team features, we may process:

• team name;
• team profile information;
• coach, athlete, member or administrator role;
• invitations;
• team membership status;
• standards or assigned tasks;
• completion status;
• team filing activity;
• team visibility settings;
• public team activity where enabled.

Communications and support data. If you contact us, we may process messages you send to us, support requests, feedback, bug reports, app review communications and administrative notes needed to respond to your request.

Marketing data. Where you opt in, or where the law otherwise permits, we may process:

• email address;
• marketing consent status;
• date and source of consent;
• unsubscribe status;
• email delivery information;
• email open or click information where provided by our email service provider;
• preferences relating to ROAD updates, launch communications, product news, community announcements, Teams, paid plans or app availability.

4. How we use personal data

We use personal data to:

• receive, review, approve, reject and manage access requests;
• issue, verify and administer MARKs;
• create and maintain user accounts;
• operate the ROAD commitment ledger;
• allow users to create roads, file entries and attach supporting evidence;
• maintain record continuity, timestamps and visibility controls;
• display public content where the user has chosen public visibility;
• operate public surfaces such as public extracts, Pulse, Discover and Teams pages;
• provide customer support and respond to enquiries;
• process account deletion requests;
• process data access, correction, restriction, objection and erasure requests;
• protect ROAD against fraud, abuse, spam, security threats and misuse;
• send service emails, account emails, access emails, security emails, filing emails and administrative notices;
• send marketing emails where permitted;
• improve the reliability, safety and usability of ROAD;
• comply with legal obligations.

5. Marketing emails

ROAD may send marketing emails about ROAD updates, launch communications, product news, app availability, community announcements, Teams, paid plans and related ROAD services.

For individual users, we will send marketing emails only where:

• you have given a clear marketing opt-in;
• the soft opt-in applies under UK electronic marketing rules; or
• another lawful route applies.

Marketing consent is separate from accepting this Privacy Notice, separate from accepting the Terms of Use, and separate from creating an account. You do not have to agree to marketing to create an account or use ROAD.

Every marketing email will include an unsubscribe link or clear unsubscribe instruction. You can also opt out by contacting contact@roadco.uk.

If you unsubscribe, we may keep a suppression record so that we know not to send you further marketing emails.

Service emails are different from marketing emails. We may still send necessary service emails about your account, MARK, access, security, filings, deletion requests, policy changes or legal notices even if you unsubscribe from marketing.

6. Lawful bases

Depending on the activity, we rely on one or more lawful bases under UK data protection law.

Consent. We rely on consent for optional marketing emails, optional app permissions and certain optional user choices.

Contract. We rely on contract where processing is necessary to provide ROAD services requested by the user, including account access, MARK access, ROAD creation, filings, public extracts, Teams features and related account functionality.

Legitimate interests. We rely on legitimate interests where necessary to operate, secure and improve ROAD, prevent abuse, maintain operational logs, protect the integrity of records, respond to business communications and manage administrative records, provided those interests are not overridden by user rights.

Legal obligation. We rely on legal obligation where we must retain, disclose or process data to comply with applicable law.

Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect processing carried out before withdrawal.

7. Visibility and public disclosure

ROAD is built around user-controlled visibility.

Depending on the feature, users may be able to choose settings such as:

• Private — not publicly displayed;
• Withheld — the existence of a record may be visible, but the content is not displayed publicly;
• Public — visible to other users or the public, depending on the ROAD surface.

If you choose to make a ROAD, entry, profile field, team, extract or item of evidence public, that information may be visible to other users, public visitors, search engines and people outside ROAD.

Public content may be copied, screenshotted, indexed, shared or stored by others outside our control.

You should not make information public unless you are comfortable with that public disclosure.

8. Add-only records, corrections and deletion

ROAD is designed as a record-first system. Certain records may be add-only by design so that historical integrity is preserved. This means corrections may be appended rather than replacing the original record.

This design does not remove your legal rights.

You may still exercise rights of access, correction, deletion, restriction or objection where applicable. We will assess such requests in line with UK data protection law, the nature of the data, the visibility selected, and any legal or operational need to preserve a limited record.

Where account deletion is requested, we will explain what account data can be deleted, anonymised, restricted or retained where legally required or necessary to preserve a minimal integrity record.

9. Processors, hosting and suppliers

We use third-party service providers to operate ROAD. These may include:

• hosting providers;
• database and backend providers, including Supabase;
• email service providers, including Resend;
• security, diagnostic or error-monitoring providers, if introduced;
• app platform providers such as Apple and Google where ROAD is distributed through app stores.

These providers process personal data only where needed to provide services to us, subject to their terms, security controls and applicable data protection obligations.

10. International transfers

Some providers may process or store data outside the United Kingdom.

Where personal data is transferred internationally, we rely on appropriate safeguards where required, such as UK adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to EU Standard Contractual Clauses, or other lawful transfer mechanisms.

11. Cookies and similar technologies

The ROAD website and app are designed to avoid unnecessary tracking.

We may use strictly necessary cookies, local storage, session storage or similar technologies to:

• keep users signed in;
• maintain security;
• remember necessary preferences;
• operate core service functions;
• prevent abuse.

We do not use behavioural advertising cookies or third-party marketing pixels unless this notice is updated and any required consent is obtained.

12. App permissions

If ROAD is offered as a mobile app, it may request device permissions only where needed for app features.

These may include:

• camera or photo library access, if you choose to upload evidence;
• location access, if you choose to add location context to a filing;
• notification permission, if you choose to receive reminders or service notifications;
• file or media access, if required to attach supporting material.

You can manage permissions through your device settings. If you deny a permission, some features may not work.

13. Retention

We keep personal data only for as long as necessary for the purposes described in this notice.

General retention principles:

• access request records may be retained for up to twelve months unless a longer period is required or justified;
• account data is retained while the account remains active;
• ROAD records and filing data may be retained for as long as needed to maintain the continuity and integrity of the record, unless deletion, anonymisation or restriction is legally required or appropriate;
• evidence files may be deleted, restricted or made inaccessible where an account is deleted or where deletion is legally required;
• marketing consent records may be retained while marketing continues and for a reasonable period afterwards to evidence consent or suppression;
• unsubscribe records may be retained to ensure we do not send further marketing emails;
• security logs may be retained for a limited period necessary to protect the system;
• legal, tax, dispute or compliance records may be retained where required by law.

14. Security

We use technical and organisational measures appropriate to the risk, including HTTPS, access controls, database permissions, private storage rules and operational controls.

No internet service can be guaranteed to be completely secure. We work to reduce risk and protect the integrity of the system.

Users are responsible for keeping their login credentials secure and for choosing carefully what they make public.

15. Your rights

Under UK data protection law, you may have the right to:

• access your personal data;
• correct inaccurate data;
• request erasure in certain circumstances;
• restrict processing in certain circumstances;
• object to processing in certain circumstances;
• withdraw consent where processing is consent-based;
• request data portability in certain circumstances;
• complain to the Information Commissioner’s Office.

To exercise your rights, contact: contact@roadco.uk.

The UK supervisory authority is the Information Commissioner’s Office. You can find guidance and complaint options at https://ico.org.uk.

16. Children and age restrictions

ROAD is intended for users aged 18 and over at launch.

ROAD is not currently intended for children or users under the age of 18.

Users must not create an account or use ROAD if they are under 18.

ROAD does not currently provide a dedicated child-user pathway, under-18 pathway, school pathway, youth team pathway, parental account pathway or child-directed version of the service.

If we learn that we have collected personal data from a person under 18 in a way that is not permitted, we will take appropriate steps to delete, restrict, anonymise or otherwise address that data in line with our data protection processes.

Before ROAD introduces features aimed at younger users, youth teams, schools, clubs, education providers or under-18 users, Road Co. UK Limited will review its safeguarding, privacy, Online Safety Act, Children’s Code, moderation and age-appropriate design obligations.

17. Changes to this notice

We may update this Privacy Notice when ROAD changes, when legal requirements change, or when we introduce new features such as mobile apps, paid plans, Teams, notifications, analytics or integrations.

The effective date will be updated when changes are made.

Material changes may be notified in-app, by email or on the website where appropriate.

18. Contact

For privacy questions, account deletion requests, data-rights requests or concerns about how ROAD handles personal data, contact:

contact@roadco.uk

ROAD CO. UK LIMITED
51 Nelson Road
Gorleston
Great Yarmouth
England
NR31 6AT