Moving Manes — Privacy Policy
Last updated: 7 September 2025
Who we are. Moving Manes is operated by Data Forage Limited (“we”, “us”, “our”), a company registered in England and Wales (company no. 12944938). This Privacy Policy explains how we collect and use your personal data when you use movingmanes.com and related services (the “Services”). It is incorporated into and forms part of our Terms and Conditions.
We collect account details you provide (e.g., name and email), listing contact details you choose to publish (e.g., phone and postcode), limited payment information via Stripe, and usage data via cookies (Google Analytics, Microsoft Clarity, and Meta Pixel). We use this to run the platform, publish your listings, relay initial enquiries, prevent fraud, improve the Service (including AI-powered features), and - if you opt in - send you marketing. You can contact us any time at [email protected] to exercise your UK GDPR rights.
1. Data controller & contact
Data controller: Data Forage Limited (operator of Moving Manes). For any privacy query or request, email [email protected].
2. The personal data we collect
2.1 Account registration
When you register, we collect: first name, last name, email, password (authentication via Supabase), and the following optional fields: telephone, postcode, business name, and your marketing preference. We may store some account information (not your password) in our own database.
2.2 Listings (public adverts)
When you create a listing, we collect first name, last name, telephone (optional) and postcode to display on the listing page so buyers can contact you and gauge location. By supplying a telephone number, you consent to its publication on a public page that may be indexed by search engines. You remain responsible for any personal data you include in listing text or images.
2.3 Messaging relay
Our basic messaging tool relays an initial buyer enquiry from our platform to the recipient’s account email address. Subsequent replies typically occur directly between the parties by email (off-platform). We may retain the initial message and related metadata for a limited period for fraud prevention, abuse handling and audit, and we may apply automated spam/phishing filtering and rate limiting.
2.4 Payments
Payments are processed by Stripe. We do not store full card details. We keep payment confirmations and transaction references for accounting and fraud prevention.
2.5 Usage data, cookies & similar tech
We use cookies and similar technologies to operate and improve the Service. Third-party tools include Google Analytics (site analytics), Microsoft Clarity (UX analytics), and the Meta Pixel (advertising measurement). See the separate Cookies Policy for details and choices.
2.6 Vehicle history (public data, non-personal)
To show MOT status/history for vehicles, we retrieve public information from the UK Government’s Driver and Vehicle Standards Agency (DVSA) MOT database via its API. This information does not contain personal data and is reused under the Open Government Licence v3.0 (see our Terms & Conditions for attribution and disclaimers).
3. Purposes & lawful bases
| Purpose | Examples | Lawful basis |
|---|---|---|
| Provide and operate the Service | Account creation/login; publishing listings; initial message relay; showing approximate location from postcode | Contract (to provide requested services) |
| Process payments | Charge listing fees; confirmations; fraud checks via Stripe | Contract; Legal obligation (tax/accounting) |
| Security & fraud prevention | Abuse/spam filtering; rate-limiting; investigating suspicious activity | Legitimate interests (secure, reliable service) |
| Analytics & product improvement | Google Analytics; Microsoft Clarity; A/B testing; UX metrics | Legitimate interests (improve service) and/or Consent (for non-essential cookies) |
| Advertising measurement | Meta Pixel for reach and conversion measurement | Consent (marketing cookies) |
| Marketing communications | Newsletters, offers from Moving Manes | Consent (opt-in; withdraw any time) |
| AI/ML features | Develop, train, and operate models for search, categorisation, fraud prevention, auto-populate and translation | Legitimate interests (service improvement). Where personal data is involved, rights (e.g., object) apply. |
| Legal & compliance | Tax records; responding to lawful requests; enforcing Terms | Legal obligation; Legitimate interests |
4. Sharing your data
- Service providers (processors): e.g., Supabase (auth/database), Stripe (payments), analytics (Google, Microsoft), and advertising measurement (Meta Pixel). We share only what’s necessary under contracts with appropriate safeguards.
- Public listings & other users: Your listing contact details (name, phone if provided, postcode) are public on the listing page and may be copied or indexed. Buyer enquiries sent through our form are relayed to the seller’s email.
- Third-party data for auto-populate (optional): If you use the auto-populate feature (e.g., by providing a vehicle registration mark), we may share that identifier with trusted data providers to pre-fill fields. You must review and confirm any pre-filled data before publishing.
- Legal/compliance: We may disclose data where required by law or to protect rights, safety, and security.
- Business transfers: If we undergo a merger or sale, personal data may transfer subject to equivalent protections.
5. International transfers
Where data is transferred outside the UK/EEA (for example, to service providers in the USA), we implement appropriate safeguards such as UK-approved Standard Contractual Clauses or other lawful transfer mechanisms. We aim to store user data in the UK/EEA where feasible.
6. Data retention
- Account data: Held while your account is active, then deleted or anonymised. Limited data may be retained for a period to comply with legal, accounting or fraud-prevention obligations (typically up to 6 years for financial/tax records).
- Listings: Public while live; removed from public view when expired/removed. We may retain copies internally for a short period (e.g., a few months) for re-listing support, dispute handling, or fraud checks, then delete or anonymise.
- Payments: Transaction records kept as required by law (usually up to 6 years). We do not store full card details.
- Messaging: Initial relayed messages and metadata may be stored briefly for abuse prevention and audit.
- Analytics: Stored per provider settings; we primarily use aggregated/anonymised data for trend analysis.
7. Your rights (UK GDPR)
You have rights to access, correct, delete, and restrict or object to processing of your personal data, and to data portability. You also have the right to withdraw consent (e.g., for marketing or cookies) at any time. To exercise your rights or raise a concern, email [email protected]. You can also complain to the UK Information Commissioner’s Office (ICO). We would appreciate the chance to address your concerns first.
8. Children
Our Services are for users aged 18+. We do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us and we will delete it.
9. Security
We use appropriate technical and organisational measures (e.g., HTTPS/TLS, access controls, hashing passwords; Stripe for payments) to protect your data. No system is 100% secure; please keep your password confidential and contact us promptly if you suspect unauthorised access.
10. Changes to this Policy
We may update this Privacy Policy from time to time. We will post the updated Policy with a new “last updated” date and, where appropriate, notify you. Continued use of the Services after changes take effect constitutes acceptance.
11. Contact us
Email: [email protected]