Data Protection & Privacy

Your Data Security

We take the security and privacy of your data seriously. Learn how we protect vehicle keeper information and maintain GDPR compliance.

GDPR Compliance
KADOE Finder acts as a data processor while you remain the data controller. We process data strictly according to your instructions and maintain full GDPR compliance.

7-Year Audit Trail

Complete audit logging of all keeper data access as required by law

Data Controller Rights

You maintain full control over how vehicle keeper data is used

Right to Erasure

Request early deletion of data at any time

Transparent Processing

Clear documentation of all data processing activities

What Data We Process

Enquiry Data
Information you provide when making KADOE queries
  • Vehicle Registration Mark (VRM)
  • Event Date and Time
  • Reason Code (e.g., Parking Enforcement)
  • Reference Numbers
  • User Identity (for audit trail)
Response Data
Information retrieved from DVLA KADOE API
  • Vehicle Keeper Name and Title
  • Vehicle Keeper Address
  • Vehicle Make, Model, and Colour
  • Tax Status Information
  • Original Enquiry Details

Personal Data Encryption

All vehicle keeper names and addresses are encrypted using AES-256 encryption at rest. Personal data is only decrypted when you access it through our secure interface.

How We Protect Your Data

UK Data Hosting

All data is hosted exclusively in secure UK data centers and never leaves the United Kingdom. Full compliance with UK GDPR and Data Protection Act 2018.

Encryption Everywhere

Multi-layer encryption protects data at every stage:

  • HTTPS/TLS for all connections
  • AES-256 encryption at rest
  • Encrypted database backups
Access Controls

Strict role-based access controls ensure only authorized personnel can access data:

  • Multi-factor authentication
  • IP address restrictions
  • Granular user permissions
Secure Infrastructure
  • Enterprise firewall protection
  • Regular security audits
  • Intrusion detection systems
  • 24/7 security monitoring
Secure Backups

Encrypted daily backups are stored in separate secure locations within the UK. Backup data is retained for 7-14 days for disaster recovery purposes.

Audit Logging

Complete audit trail of all data access, including user identity, timestamp, IP address, and actions performed. Audit logs retained for 7 years as required by GDPR.

Connection Methods Security
Every integration method uses industry-standard encryption

Web Portal

HTTPS/TLS 1.3 encryption for all web traffic. Session tokens expire automatically. No data stored in browser cache.

REST API

HTTPS connections with Bearer token authentication. Rate limiting and IP restrictions available.

C# SDK

Built-in encryption and secure credential management. Automatic retry with exponential backoff.

Webhook Callbacks

HTTPS-only webhook endpoints. Cryptographic signature verification for authenticity.

Data Retention & Disposal
We retain data only as long as necessary for legal and operational purposes

Standard Retention Period

Query data and responses are retained for 2 years by default. This period is configurable based on your specific requirements and can be extended or reduced.

Audit Log Retention

Audit logs documenting access to keeper data are retained for 7 years as required by GDPR for demonstrating compliance.

Backup Retention

Encrypted backups are retained for 7-14 days for disaster recovery purposes, then permanently deleted using secure erasure methods.

Early Deletion Requests

You can request early deletion of specific data at any time. We will process your request within 30 days and provide confirmation.

Secure Data Disposal: When data reaches the end of its retention period, it is permanently deleted from all systems including backups using cryptographic erasure methods that make recovery impossible.

Questions About Your Data?

Our team is here to answer any questions about how we handle and protect your data. We're committed to transparency and compliance.