Privacy Policy
Last Updated: 7 December 2025
Effective Date: 29 November 2025
1. Introduction
Traffic Snitch is an experimental development project exploring affordable community-based traffic monitoring technology. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
IMPORTANT: Traffic Snitch is currently in beta/development phase. This service is provided for testing and evaluation purposes only. It is not intended for enforcement purposes and should not be relied upon for legal or regulatory compliance.
2. Data Controller
Name: Traffic Snitch Development Project
Contact Email: trafficsnitch.mailer@gmail.com
Correspondence Address: [To be added]
Website: https://www.trafficsnitch.co.uk
For all data protection enquiries, rights requests, or concerns, please contact us at: trafficsnitch.mailer@gmail.com
3. What Data We Collect
3.1 Account Data
When you register for an account, we collect:
- Email address (required for authentication)
- Password (stored as encrypted hash, never in plain text)
- Display name (optional)
- Account creation date
- Email verification status
- Consent records (when and what you consented to)
3.2 Device Data
If you register a traffic monitoring device:
- Device identifier (UUID)
- Device name (chosen by you)
- Location name (e.g., "Main Street", not precise GPS coordinates)
- API credentials (encrypted)
- Device configuration (detection thresholds, direction settings)
- Device status (active, inactive, last seen)
3.3 Traffic Detection Data
When your device monitors traffic:
- Detection readings (indicative measurements)
- Direction of travel (inbound/outbound/unknown)
- Timestamp (date and time of detection)
- Weather conditions (if configured)
- Device ID (linked to your device)
- NO vehicle registration numbers
- NO personally identifiable information about drivers
- Photos (optional, if camera enabled - see Section 3.4)
3.4 Photographic Data (If Camera Enabled)
If you enable the camera module:
- Event photos (triggered by detection threshold)
- Metadata (timestamp, detection data, location name)
- IMPORTANT: We do NOT process vehicle registration numbers or use ANPR technology
- Purpose: Visual documentation of speeding incidents and community awareness
- Photos are stored with limited retention (see Section 5)
Photography Approach (Privacy by Design):
- Cameras capture side-profile images of vehicles as they pass the monitoring point
- Side-profile positioning is designed to avoid capturing: driver faces, passenger faces, and registration plates
- Photos may be displayed on public leaderboards showing speeding incidents
- What photos show: Vehicle side profile, colour, general type (car, van, lorry, etc.)
- What photos avoid: Number plates, driver/passenger faces, identifying marks
- Legal basis: Legitimate interest in community road safety awareness (Article 6(1)(f))
- Photo removal: Contact trafficsnitch.mailer@gmail.com to request removal of any photo you believe contains your vehicle (processed within 30 days)
Note: While we take care to avoid capturing identifying information, distinctive or unusual vehicles may still be recognisable to local community members. If you have concerns about a specific photo, please contact us.
3.5 Usage Data
To improve the service:
- Login activity (timestamps, success/failure)
- Dashboard access (pages viewed, features used)
- API requests (device communications, timestamps)
- Error logs (to diagnose technical issues)
3.6 Technical Data
- IP addresses (for security and fraud prevention)
- Browser type and version (for compatibility)
- Session cookies (for authentication - see Cookie Policy)
- Device type (desktop, mobile, tablet)
- Screen resolution (width, height, pixel ratio)
- Colour depth (display capability)
- Timezone (offset from UTC)
- Browser language (preference setting)
Why we collect device characteristics: This technical data helps us distinguish different visitors from the same IP address (e.g., household members) for accurate site analytics. We do NOT use this to identify you personally or track you across other websites. We respect Do Not Track browser settings - if enabled, this data is not collected.
4. Legal Basis for Processing
We process your personal data under the following legal bases (UK GDPR Article 6):
| Data Type | Legal Basis | Purpose |
|---|---|---|
| Account data | Consent (Article 6(1)(a)) | You explicitly consent when registering |
| Device data | Consent (Article 6(1)(a)) | You provide when setting up devices |
| Traffic detection data | Legitimate interests (Article 6(1)(f)) | Community safety awareness and service delivery |
| Usage/Technical data | Legitimate interests (Article 6(1)(f)) | Security, fraud prevention, service improvement |
| Photos (if enabled) | Explicit consent (Article 6(1)(a) + Article 9(2)(a) if identifiable) | Optional feature requiring explicit opt-in |
You have the right to withdraw consent at any time. This will not affect the lawfulness of processing before withdrawal.
5. How We Use Your Data
We use your personal data for:
5.1 Service Delivery
- Authenticate your account and maintain your login session
- Store and display traffic detection data from your devices
- Generate reports and analytics dashboards
- Send automated email reports (if configured)
- Process device communications via API
5.2 Communications
- Send account verification emails
- Notify you of security alerts (suspicious login attempts)
- Provide service updates and maintenance notices
- Respond to your support requests
5.3 Service Improvement
- Analyse usage patterns to improve features
- Diagnose and fix technical issues
- Improve system performance and reliability
5.4 Legal and Security
- Prevent fraud, spam, and abuse
- Comply with legal obligations
- Enforce our Terms of Service
- Protect our systems from security threats
We do NOT:
- ❌ Sell or rent your personal data to third parties
- ❌ Use your data for marketing without consent
- ❌ Share traffic detection data with law enforcement (unless legally compelled)
- ❌ Process vehicle registration numbers or driver identities
- ❌ Use your data for purposes incompatible with those stated
6. Data Retention
We retain your personal data for the following periods:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account data | Until account deletion + 30 days | Legal obligations, backup recovery |
| Traffic detection data | 90 days (configurable per tier) | Service delivery, then automatic deletion |
| Photos | 30 days (or user-configured shorter) | Privacy protection, storage efficiency |
| Login logs | 12 months | Security investigation, fraud prevention |
| Audit logs | 12 months | Compliance, debugging |
| Deleted accounts | 30 days (soft delete) | Allow recovery if deleted by mistake |
Automatic Deletion: Traffic detection data and photos are automatically deleted when retention periods expire. You can also manually delete data at any time via your account settings.
After Deletion: Data is removed from live databases and will be purged from backups within 90 days.
7. Who We Share Your Data With
We share your personal data only in the following circumstances:
7.1 Service Providers
We use the following third-party services:
- Cloud hosting (servers, databases, storage)
- Email delivery (account verification, reports)
- Payment processing (if subscription tiers are implemented)
Data Processing Agreements: All service providers are bound by contracts ensuring UK GDPR compliance.
7.2 Legal Requirements
We may disclose your data if:
- Required by law (court order, search warrant)
- To protect our legal rights
- To prevent fraud or crime
- To protect the safety of users or the public
We will notify you of any such disclosure unless legally prohibited.
7.3 Business Transfers
If Traffic Snitch is acquired, merged, or sold, your data may be transferred to the new owner. You will be notified and given the option to delete your account.
We do NOT share your data with:
- ❌ Marketing companies or data brokers
- ❌ Social media platforms (no tracking pixels)
- ❌ Law enforcement (without legal compulsion)
- ❌ Third parties for their own purposes
8. International Data Transfers
Current Status: All data is stored on servers within the United Kingdom. We do not currently transfer data outside the UK.
If this changes: We will update this policy and notify you. Any international transfers will be protected by:
- UK GDPR adequacy decisions
- Standard Contractual Clauses (SCCs)
- Other appropriate safeguards
9. Your Data Protection Rights
Under UK GDPR, you have the following rights:
9.1 Right of Access (Article 15)
Request a copy of all personal data we hold about you.
How to exercise: Email trafficsnitch.mailer@gmail.com or use the "Download My Data" feature in account settings.
9.2 Right to Rectification (Article 16)
Correct inaccurate or incomplete data.
How to exercise: Update your account settings or contact trafficsnitch.mailer@gmail.com.
9.3 Right to Erasure / "Right to be Forgotten" (Article 17)
Request deletion of your personal data.
How to exercise: Use "Delete My Account" in settings or email trafficsnitch.mailer@gmail.com.
Note: Some data may be retained for legal obligations (e.g., financial records).
Vehicle Photo Removal (Non-Account Holders):
If your vehicle appears in a published photo on our public leaderboards and you wish to have it removed, you can exercise your Right to Erasure even without an account:
- Email trafficsnitch.mailer@gmail.com with subject: "Photo Removal Request"
- Provide: Date/time of detection (if known), device location, and brief vehicle description
- We will identify and remove the photo within 30 days (GDPR requirement)
- You will receive confirmation once removed
Note: Our side-profile photography approach avoids capturing number plates and faces, but you can request removal of any photo at any time.
9.4 Right to Restrict Processing (Article 18)
Limit how we use your data while a dispute is resolved.
How to exercise: Contact trafficsnitch.mailer@gmail.com.
9.5 Right to Data Portability (Article 20)
Receive your data in a machine-readable format (JSON, CSV).
How to exercise: Use "Export Data" feature or email trafficsnitch.mailer@gmail.com.
9.6 Right to Object (Article 21)
Object to processing based on legitimate interests.
How to exercise: Contact trafficsnitch.mailer@gmail.com. We will stop processing unless we have compelling legitimate grounds.
9.7 Right to Withdraw Consent (Article 7(3))
Withdraw consent for any consent-based processing.
How to exercise: Delete your account or contact trafficsnitch.mailer@gmail.com.
9.8 Right to Lodge a Complaint
Complain to the UK Information Commissioner's Office (ICO):
ICO Contact Details:
- Website: https://ico.org.uk/make-a-complaint/
- Phone: 0303 123 1113
- Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
10. Response Times
We will respond to rights requests within:
- 1 month (standard)
- Extended to 2 months if request is complex (we will notify you)
Free of charge for the first request in a 12-month period. Subsequent or manifestly unfounded requests may incur a reasonable administrative fee.
11. Data Security
We implement appropriate technical and organisational measures to protect your data:
11.1 Technical Measures
- ✅ HTTPS/TLS encryption for all data in transit
- ✅ Bcrypt password hashing (industry-standard)
- ✅ Database encryption for sensitive data (API tokens, OAuth tokens)
- ✅ Secure session management (Redis-backed, CSRF protection)
- ✅ Regular security updates and patching
- ✅ Automated backups (encrypted, access-controlled)
11.2 Organisational Measures
- ✅ Access controls (least privilege principle)
- ✅ Audit logging (who accessed what, when)
- ✅ Security monitoring (intrusion detection)
- ✅ Incident response procedures (breach notification)
- ✅ Regular security reviews
No system is 100% secure. While we implement strong protections, we cannot guarantee absolute security. You are responsible for keeping your password confidential.
12. Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms:
12.1 To the ICO
We will notify the ICO within 72 hours of becoming aware of the breach (UK GDPR Article 33).
12.2 To You
We will notify you without undue delay if the breach poses a high risk to you (UK GDPR Article 34).
Notification will include:
- Nature of the breach (what happened)
- Likely consequences
- Measures taken to mitigate harm
- Contact point for further information
13. Children's Privacy
Traffic Snitch is not intended for use by children under 13 years of age. We do not knowingly collect personal data from children.
If you are under 13: Please do not register for an account or provide any personal data.
If we discover we have collected data from a child under 13, we will delete it immediately.
Parental controls: If you are a parent/guardian and believe your child has provided us with personal data, please contact trafficsnitch.mailer@gmail.com.
14. Automated Decision-Making and Profiling
We do NOT use:
- ❌ Automated decision-making (Article 22)
- ❌ Profiling that produces legal or similarly significant effects
- ❌ Machine learning for user profiling
- ❌ ANPR or facial recognition
What we do: Basic data aggregation and statistical analysis for traffic pattern insights (non-invasive).
15. Cookies and Tracking
See our separate Cookie Policy for detailed information.
Summary:
- ✅ We use essential cookies only (session authentication, security)
- ❌ We do NOT use advertising cookies or third-party trackers
- ❌ We do NOT use analytics cookies (Google Analytics, etc.)
16. Third-Party Links
Our website may contain links to third-party websites (e.g., ICO, GitHub, documentation).
We are not responsible for the privacy practices of these websites. We recommend reading their privacy policies before providing any personal data.
17. Changes to This Privacy Policy
We may update this Privacy Policy to reflect:
- Changes in law or regulation
- New features or services
- Improvements to our data practices
How you'll be notified:
- Email notification if changes are significant
- Website banner for 30 days after update
- "Last Updated" date at the top of this document
Your continued use of Traffic Snitch after changes constitutes acceptance. If you disagree with changes, you may delete your account.
18. Beta/Development Status Disclaimer
IMPORTANT: Traffic Snitch is an experimental development project currently in beta phase.
This means:
- ⚠️ Features may change or be removed without notice
- ⚠️ Service availability is not guaranteed
- ⚠️ Data processing practices are subject to evolution
- ⚠️ We may discontinue the service at any time with 30 days' notice
Despite beta status, we are committed to GDPR compliance and protecting your privacy. All protections in this policy remain in effect.
19. Contact Us
For any questions, concerns, or rights requests:
Email: trafficsnitch.mailer@gmail.com
Subject Line: "Data Protection Enquiry" or "GDPR Rights Request"
We will respond within:
- 1 business day for urgent security matters
- 5 business days for general enquiries
- 1 month for formal rights requests (as per GDPR)
For ICO complaints:
- https://ico.org.uk/make-a-complaint/
- 0303 123 1113
20. Legal Framework
This Privacy Policy is governed by:
- UK General Data Protection Regulation (UK GDPR)
- Data Protection Act 2018
- Privacy and Electronic Communications Regulations (PECR) 2003
- Surveillance Camera Code of Practice (where applicable)
Jurisdiction: This policy and any disputes will be governed by the laws of England and Wales.
Document Version: 1.2
Last Reviewed: 7 December 2025
Next Review: 29 May 2026 (or sooner if material changes occur)
Quick Reference: How to Exercise Your Rights
| Right | How to Do It | Response Time |
|---|---|---|
| Access my data | Settings → "Download My Data" OR email trafficsnitch.mailer@gmail.com | 1 month |
| Correct my data | Settings → Edit Account OR email trafficsnitch.mailer@gmail.com | 1 month |
| Delete my data | Settings → "Delete My Account" OR email trafficsnitch.mailer@gmail.com | 1 month |
| Export my data | Settings → "Export Data" (JSON/CSV) | Instant / 1 month |
| Stop processing | Email trafficsnitch.mailer@gmail.com with "Restrict Processing Request" | 1 month |
| Object to processing | Email trafficsnitch.mailer@gmail.com with "Objection Notice" | 1 month |
| Complain | https://ico.org.uk/make-a-complaint/ OR 0303 123 1113 | N/A |
END OF PRIVACY POLICY