DriveOps DriveOps
  • Features
  • Crew
  • How it works
  • Get a Quote
  • Contact
  • Sign In

Legal

Privacy Policy

Last updated: 15 May 2026.

This is the authoritative privacy policy for the Crew service at crew.driveops.uk and the captain application at app.driveops.uk. The same policy is published at driveops.uk/privacy and crew.driveops.uk/privacy.

Contents

  1. Who we are
  2. What data we collect
  3. Why we collect it (lawful bases)
  4. Who we share it with
  5. International transfers
  6. How long we keep it
  7. Your rights
  8. How to exercise your rights
  9. Security
  10. Cookies and tracking
  11. Children
  12. Changes to this policy

1. Who we are

Crew is a service of Tolmon Ltd, a company registered in England and Wales (Companies House number 14468414), with its registered office in London. Tolmon Ltd is the data controller for all personal data processed through Crew.

You can contact us at info@tolmon.com for any privacy-related question. If you want to exercise one of your rights under UK GDPR, the section "How to exercise your rights" below tells you how.

2. What data we collect

The personal data we hold on a Crew member falls into the following categories:

  • Account data: name, email address, password hash, and account role (driver or captain).
  • Profile data: display name, short bio, location (city and postcode area), driving licence categories, languages spoken, hourly rate range, and a profile photo if you choose to upload one.
  • Verification documents: driving licence (DVLA), insurance, enhanced DBS where applicable, and vehicle MOT. You upload these yourself; they are stored in Amazon S3 in the eu-west-2 (London) region.
  • Availability data: the dates and windows you publish as available, unavailable, or tentative.
  • Messages: the content of messages you exchange with other Crew members through the in-app messaging service.
  • Ratings and reviews: the star ratings and free-text reviews you give and receive after working on a production.
  • Skills: the skill and certification tags you add to your profile from the canonical Crew taxonomy.
  • Invitation history: invitations you send (as a captain) or receive (as a driver), including the production context and the optional message attached.
  • Subscription and billing data: handled by Stripe. We store references (your Stripe customer ID and subscription ID) and a cached status; we never see or store card numbers, CVCs, or cardholder addresses on our servers.
  • Notification preferences: which transactional and digest emails you have opted into, and a server-side queue of pending or recently sent messages.

3. Why we collect it (lawful bases)

We rely on the following lawful bases under UK GDPR Article 6:

  • Contract performance. Crew is a paid service. We need account data, profile data, and the messaging and ratings infrastructure to provide it.
  • Consent. Cross-production visibility, where captains outside your current production can see your profile in search, is opt-in and recorded in the drivers_crew_consent table. You can withdraw this consent at any time from your settings without deleting your account.
  • Legitimate interests. We rely on legitimate interests for features like search ranking, abuse prevention, and the rating signals that other members use to decide whether to work with you.
  • Legal obligation. Subscription records held by Stripe and reconciled to our systems are kept as long as required by HMRC for tax purposes.

4. Who we share it with

We use the following processors:

  • Stripe (Stripe Payments UK Limited) for subscription management and payment processing. Card data is held by Stripe, not by us.
  • Resend (Resend, Inc.) for transactional and digest emails.
  • Amazon Web Services (AWS Europe Core S.A.R.L.) for storing verification documents in S3 (eu-west-2) and for general infrastructure.
  • Plausible Insights (Plausible Analytics B.V., EU-hosted) for privacy-first product analytics on crew.driveops.uk. Plausible is cookieless, aggregates page-view and event counts only, and does not transfer personal data outside the EU. Analytics is loaded only if you opt in through the cookie banner or the /cookie-preferences page.

We do not sell your personal data, and we do not share it with third parties for their own marketing.

Other Crew members will see the parts of your profile that you have published (display name, bio, skills, availability, public ratings). Captains who you message can see the messages you send them. Captains who invite you can see that you are listed in Crew search.

5. International transfers

The primary processing region is the United Kingdom, with European Union as the secondary location:

  • Verification documents are held in the AWS London region (eu-west-2).
  • Resend may process email content in the EU or the US under appropriate Standard Contractual Clauses.
  • Stripe may process transaction data in the EU or the US under appropriate Standard Contractual Clauses.

6. How long we keep it

  • Account and profile data: while your account is active, plus a 30-day soft-delete window in which an accidental deletion can be reversed by support.
  • Messages: kept while either participant has an account. When one participant deletes their Crew profile, their messages stay in the other participant's conversation history with the body replaced by "[message deleted]" and the sender attribution removed.
  • Ratings: the rating row is kept indefinitely as part of the Crew trust signal. When a subject deletes their profile, their name is severed from the row and the free-text review and reply are blanked.
  • Verification documents: kept until the verified status expires or until you delete your Crew profile, whichever is sooner. Deletion of the underlying S3 object is queued asynchronously after the database write commits.
  • Subscription records: kept for as long as required by UK tax law (currently 7 years from the end of the relevant accounting period).
  • Notification queue: pending and recently sent rows are purged after 90 days.

7. Your rights

Under UK GDPR you have the following rights in relation to your personal data:

  • Right of access: request a copy of your data.
  • Right to rectification: correct inaccurate or incomplete data.
  • Right to erasure: delete your Crew profile or your full account.
  • Right to object or restrict processing for certain purposes.
  • Right to data portability: receive your data in a portable format.
  • Right to withdraw consent: in particular, cross-production visibility can be turned off in your settings without deleting your account.
  • Right to complain to the Information Commissioner's Office at https://ico.org.uk if you believe your rights have not been respected.

8. How to exercise your rights

For most rights you can act yourself from inside the app:

  • Cross-production visibility: toggle in /settings.
  • Verification documents: remove from /verifications.
  • Crew profile deletion: POST to /api/crew/me/delete via the in-app deletion flow. This removes all Crew-specific data (profile, messages you sent are redacted, ratings about you are anonymised, verification documents are erased) but leaves any DriveOps captain or driver account you may also hold intact.
  • Full account deletion: DELETE on /api/auth/me via the same flow. This soft-deletes the underlying user record in addition to the Crew scrub above.

For everything else, including data access and portability requests, email info@tolmon.com with enough detail to identify your account. We respond within 30 days; complex requests may be extended once by a further 60 days, and we will tell you if that applies.

9. Security

We apply the following controls:

  • TLS for all data in transit.
  • Encryption at rest for verification documents in S3.
  • Bcrypt with a current cost factor of 12 for password hashes.
  • Short-lived JWTs for session access, paired with rotating refresh tokens that can be revoked centrally on logout, password reset, or suspected compromise.
  • Card data is held only by Stripe under PCI DSS; we never receive a card number on our servers.

10. Cookies and tracking

  • app.driveops.uk: a small set of first-party httpOnly cookies for session management.
  • crew.driveops.uk: session tokens are held in browser local storage rather than cookies.
  • We do not use third-party tracking cookies and we do not place advertising cookies.
  • Plausible Analytics: on crew.driveops.uk we use Plausible, a cookieless and privacy-first analytics tool, only after you accept it through the cookie banner or enable it on /cookie-preferences. Plausible does not set cookies and does not track you across sites. Your choice is stored locally in your browser under crew:cookie_consent; clear that key (or your site data) to be asked again. You can change your mind at any time from /cookie-preferences, linked from the site footer.

11. Children

Crew is not directed at people under the age of 18 and we do not knowingly collect data about anyone under 18. If you believe a child has signed up to Crew, please contact info@tolmon.com and we will delete the account.

12. Changes to this policy

We may update this policy from time to time. Material changes will be notified to all current Crew members by email at least 30 days before they take effect. Non-material changes (clarifying wording, fixing typos) take effect on publication.

Tolmon Ltd, Companies House number 14468414. Questions about this policy: info@tolmon.com.

DriveOps DriveOps

Fleet management purpose-built for film and TV.

Product

  • Features
  • Get a Quote

Legal

  • Privacy Policy
  • Terms of Service
  • Delete account
  • Cookie preferences

Company

  • Contact
  • Sign In

© 2026 DriveOps. All rights reserved.

A Tolmon product.