YourADI Privacy Policy

1. Who we are (Data Controller)

YourADI Limited is a company registered in the Republic of Ireland.

• Company Number (CRO): 813121
• Registered Office: 20 The Meadows, Whitefield Manor, Bettystown, Co. Meath, A92 F8EX, Ireland
• Data Protection Contact: dpo@youradi.ie

For the purposes of the GDPR, YourADI acts as either a Data Controller or a Data Processor depending on your relationship with the platform, as explained in the next section.

2. Our role in processing your data

Driving Instructors (ADIs) and School Administrators

YourADI acts as a Data Controller for your account, billing, and business-related data. We determine the purposes and means of processing this information in order to provide you with the platform.

Students

YourADI acts as a Data Processor on behalf of your Driving Instructor, who is the Data Controller of your booking, training, and progress data. We process student data strictly in accordance with the instructor’s documented instructions and under an appropriate data processing agreement.

3. Information we collect

We collect data through three primary channels:

A. Information provided by Driving Instructors

When you create a YourADI account, we collect your name, email address, phone number, ADI number, business details, and payment/billing information.

B. Information provided by Students

When you book a lesson through an instructor’s YourADI storefront, we collect your name, contact details (email and phone), booking and appointment details, and payment information (processed securely via Stripe — we do not store full card details). We also store your driver training progress and appointment history as managed by your instructor.

C. Information from public sources (the RSA Register)

We collect and maintain professional data from the publicly available Road Safety Authority (RSA) Approved Driving Instructor register. We use this data to verify the professional credentials of instructors signing up for our platform and to ensure platform integrity.

4. Legal basis for processing

We only process personal data when we have a valid legal basis to do so under Article 6 of the GDPR:

• Contractual Necessity (Art. 6(1)(b)): To provide our core software services, process bookings, manage calendars, and facilitate payments between students and instructors.
• Legitimate Interests (Art. 6(1)(f)): To verify ADI credentials against the public RSA directory, prevent fraud, improve our platform, and conduct relevant B2B outreach to driving professionals in Ireland.
• Legal Obligation (Art. 6(1)(c)): To maintain accurate financial ledgers and tax records as required by Irish law.
• Consent (Art. 6(1)(a)): For the deployment of non-essential website tracking cookies (Google Analytics) and for optional marketing communications. You may withdraw consent at any time.

5. How we use your data

We use personal data to:

• Operate, maintain, and secure the platform
• Facilitate lesson bookings, scheduling, and payments between students and instructors
• Send booking confirmations, reminders, and transactional notifications
• Track driver training progress on behalf of instructors
• Provide customer support and respond to queries
• Improve platform performance, reliability, and usability
• Prevent fraud, detect abuse, and uphold the integrity of the platform
• Comply with our legal, tax, and regulatory obligations in Ireland

6. Third-party sub-processors

To provide a secure and reliable enterprise platform, we share specific data with vetted third-party service providers under contractual safeguards (including data processing agreements). We do not sell your data. Our sub-processors include:

• Supabase (PostgreSQL): Secure cloud database storage and user authentication.
• Vercel: Application hosting and frontend delivery.
• Stripe Connect: Payment processing and payout routing. YourADI does not directly store full credit card numbers.
• Vonage: Delivery of automated SMS and WhatsApp booking notifications.
• Resend: Delivery of transactional platform emails.
• Google Workspace: Internal company administration and customer support ticketing.
• Google Analytics: Anonymised website traffic and performance tracking (subject to your consent).
• HostingIreland.ie: Domain routing and DNS management.
• Revolut Business: Internal corporate banking operations.

7. International data transfers

We aim to process personal data within the European Economic Area (“EEA”). Some of our sub-processors may process data outside the EEA. Where this occurs, we ensure that appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission, and/or
• Reliance on an adequacy decision by the European Commission where one applies.

You may request further details of the safeguards applicable to specific transfers by emailing dpo@youradi.ie.

8. Data retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy:

• Active account data is retained for the duration of your use of the platform.
• On account closure, your active workspace is deactivated.
• Financial records, invoices, and transaction data are retained for 7 years to comply with Irish Revenue and statutory record-keeping requirements.
• After the relevant retention period, data is permanently and securely deleted.

9. Cookies and tracking technologies

YourADI uses cookies and similar technologies to ensure the platform functions securely and to understand how visitors interact with our public website.

Essential cookies

Strictly necessary for the application to function, including keeping you logged in securely (authentication tokens) and preventing malicious activity (CSRF tokens). The platform cannot function without these.

Analytics cookies

We use Google Analytics to measure website performance and user engagement. These cookies are optional and are only set with your consent, which you may withdraw at any time through our cookie banner or your browser settings.

Email delivery and engagement tracking

When we send you an email — whether a service message (booking confirmation, reminder, receipt) or a marketing email (early-access invite, outreach) — our email provider Resend records standard delivery events so we can see that the message reached you and diagnose issues when it doesn’t. These events include:

• Delivered / bounced / complained: whether the message reached your mailbox, was rejected by the receiving server, or was reported as spam. We rely on these signals to protect sender reputation and to meet Gmail’s and Yahoo’s February 2024 bulk-sender requirements.
• Opened: Resend sets a 1×1 tracking pixel on outgoing mail. When your mail client loads images, we record that the message was opened, along with a coarse device type and IP-derived country. We do not store your IP address.
• Clicked: links in our marketing and outreach emails are routed through a tracking domain so we can count clicks. Transactional links (e.g. booking confirmations, magic-link sign-ins) are not wrapped.

Our lawful basis for this processing is Article 6(1)(f) GDPR (legitimate interests): operating a reliable messaging service and complying with bulk-sender requirements. You can object at any time via the unsubscribe link in any marketing email, or by contacting us. You can also disable image loading in your mail client to prevent the open-pixel from firing.

Hard bounces and spam complaints automatically add your address to our internal suppression list so we stop contacting you.

10. Your rights under GDPR

Under the GDPR, you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Erase your personal data (subject to our 7-year legal retention requirements).
• Restrict or object to our processing of your data, including direct marketing.
• Data portability, allowing you to receive your data in a structured, machine-readable format.
• Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.

You also have the right to lodge a complaint with the Irish Data Protection Commission (“DPC”) at dataprotection.ie, or by post at 21 Fitzwilliam Square South, Dublin 2, D02 RD28.

Important note for Students: Because your Driving Instructor is the Data Controller of your booking and training records, requests regarding your student data should generally be directed to your instructor first. We will fully assist instructors in fulfilling these requests.

11. Data security

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful loss, destruction, alteration, or unauthorised access. These include:

• Secure cloud infrastructure hosted within the EEA
• Encryption in transit (TLS 1.2+) and at rest
• Row-level security on all database tables
• Role-based access controls limiting staff access on a need-to-know basis
• Continuous security monitoring, logging, and audit trails

No method of transmission or storage is completely secure. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the DPC within 72 hours and, where required, notify affected users without undue delay.

12. Children’s data

In Ireland, individuals must be at least 17 years old to hold a learner driving permit. Accordingly, the YourADI platform and services are strictly intended for individuals who are 17 years of age or older. We do not knowingly collect or process the personal data of children under the age of 17. If such data is identified, it will be deleted promptly.

13. Contact us

If you have any questions about this Privacy Policy, wish to file a Data Subject Access Request (DSAR), or want to exercise any of your GDPR rights, please contact our Data Protection Officer at:

Email: dpo@youradi.ie
Company: YourADI Limited (CRO 813121)
Registered Office: 20 The Meadows, Whitefield Manor, Bettystown, Co. Meath, A92 F8EX, Ireland