Privacy Policy

How we collect, use, and protect your information at steerly.

Last updated: August 9, 2025

Steerly ("we", "us", or "our") is a driving school management platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, progressive web app (PWA), and related services (collectively, the "Services").

Information We Collect

Account Information: name, email, phone number, role (admin, school, instructor, student), and authentication identifiers.
Profile and School Data: school details, lesson preferences, availability, locations, pricing, and communication settings.
Booking and Lesson Data: bookings, schedules, progress notes, assessments, and messages related to driving lessons.
Payment Information: when applicable, payment method details and transaction metadata are processed by our payment processors (e.g., Stripe). We do not store full card numbers on our servers.
Device and Usage Data: IP address, device type, browser, pages viewed, referring pages, app version, and cookies or similar technologies.
Push Notifications: device tokens and delivery metadata if you opt in to notifications (e.g., via Firebase Cloud Messaging).

How We Use Your Information

Provide, operate, and maintain the Services.
Authenticate users and enforce role-based permissions.
Facilitate bookings, scheduling, payments, and lesson management.
Send transactional messages and push notifications you opt into.
Monitor performance, troubleshoot issues, and improve features.
Comply with legal obligations and enforce our terms and policies.

Legal Bases for Processing

If you are in the EEA/UK, we process your data under one or more of the following legal bases: performance of a contract, legitimate interests, consent (where obtained), and compliance with legal obligations.

Sharing of Information

We may share information with trusted service providers who assist in operating the Services, such as cloud hosting, authentication, analytics, and payment processing. Examples include Supabase (data hosting and authentication), Stripe (payments), and Firebase Cloud Messaging (notifications). These providers process data on our behalf under appropriate contracts. We may also share information to comply with applicable laws, respond to lawful requests, or protect the rights, property, or safety of steerly, our users, or others. We do not sell personal information.

Data Retention

We retain personal information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type and context.

Your Rights and Choices

Access, Update, Correct: You may view and update certain account and profile details within the app or by contacting us.
Delete: You can request deletion of your account and associated personal data, subject to legal or legitimate business requirements.
Opt-Out: You can opt out of non-essential communications. Push notifications can be disabled in your device or browser settings.
EEA/UK: You may have additional rights under GDPR, including data portability and the right to object or restrict processing in certain circumstances.

Cookies and Similar Technologies

We use cookies and similar technologies to keep you signed in, remember preferences, enable PWA features, measure usage, and improve the Services. You can control cookies through your browser or device settings, but some features may not function properly without them.

Analytics

We may use privacy-respecting analytics to understand feature usage and improve performance. Where required, we will obtain consent before setting analytics cookies or running similar tracking.

Payments

Payments, where enabled, are processed by third-party providers such as Stripe. Your payment information is handled according to the provider’s policies. We receive limited information necessary to confirm a payment (e.g., status, last four digits, and expiration month/year), but we do not store full card numbers.

Data Security

We implement reasonable technical and organizational measures designed to protect personal information. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

International Data Transfers

We may process and store information in countries other than your own. Where required, we use appropriate safeguards for cross-border transfers, such as standard contractual clauses.

Children’s Privacy

Our Services are not directed to children under the age where parental consent is required by applicable law. If we learn that we have collected personal information from a child without appropriate consent, we will take steps to delete that information.

Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date indicates when it was most recently revised. Material changes will be communicated through the Services or by other appropriate means.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us at[email protected].