Privacy Policy

Ryda ("we", "our", "us") is a UK car insurance autofill service operated by Ryda Ltd. Our registered address is available on request. You can contact us at privacy@ryda.co.uk.

We are the data controller for the personal data you provide when using the Ryda website (ryda.co.uk) and the Ryda Chrome extension.

When you create a Ryda profile, we collect and store the following categories of personal data:

• Account data: email address, authentication provider (Google or magic link).
• Profile data: name, date of birth, gender, marital status, home address, phone number, employment status, occupation, and driving licence details.
• Vehicle data: vehicle registration number, make, model, year of manufacture, fuel type, estimated value, usage, and security features.
• Driving history: no-claims bonus years, whether you have claims or convictions in the last 5 years, and whether you have DVLA-notifiable medical conditions.
• Policy preferences: cover type, voluntary excess, and payment frequency.
• Usage data: anonymised analytics events (form fills, autofill completions) — no personally identifiable information is ever stored in analytics.

We use your personal data solely to provide the Ryda service:

• Autofill: your profile data is read by the Ryda Chrome extension to automatically fill fields on car insurance comparison and insurer websites you visit.
• Account management: your email address is used to authenticate you and send transactional emails (sign-in links, renewal reminders).
• Service improvement: anonymised, aggregated usage analytics help us improve autofill accuracy across supported sites.
• DVLA lookups: when you enter a vehicle registration, we query the DVLA Vehicle Enquiry API to retrieve vehicle details. Your registration number is sent to the DVLA API but is not retained beyond the immediate response.

We do not use your data for advertising, profiling, or any purpose beyond delivering the Ryda service.

We process your data on the following legal bases under UK GDPR:

• Contract performance (Art. 6(1)(b)): processing your profile data to provide the autofill service you have signed up for.
• Legitimate interests (Art. 6(1)(f)): anonymised analytics to improve the service. You can opt out in your account settings.
• Legal obligation (Art. 6(1)(c)): retaining certain records as required by UK law.

We do not sell, rent, or share your personal data with third parties for their own purposes.

Your data is shared only with:

• Supabase (our infrastructure provider): all data is stored in Supabase's EU West (London) region, keeping your data in the UK. Supabase processes data under a Data Processing Agreement compliant with UK GDPR.
• Google (authentication only): if you sign in with Google, Google processes your email address to authenticate you. Google's privacy policy applies to that interaction.
• DVLA (vehicle lookup only): your vehicle registration is sent to the DVLA Vehicle Enquiry Service API when you use the registration lookup feature. No other data is sent to the DVLA.

The Ryda extension reads your profile data locally and injects values into insurance form fields. No data is ever sent directly from the extension to insurers or comparison sites — the extension only fills in fields the way you would yourself.

All personal data is stored on Supabase infrastructure in the eu-west-2 (London) region. Data at rest is encrypted by Supabase. Data in transit uses TLS 1.2+.

Access to your profile data is protected by Row-Level Security (RLS) — only your authenticated account can read or modify your profiles. We use Supabase Auth with short-lived session tokens.

Your profile data is stored in the browser extension's local memory only while the extension is actively autofilling a form, and is cleared immediately after use.

We retain your personal data for as long as your account remains active. If you delete your account:

• All profile data is permanently deleted within 30 days.
• Anonymised analytics records (which contain no personal data) are retained for up to 2 years for aggregate reporting.

You can delete individual profiles at any time from your dashboard. You can delete your entire account by emailing privacy@ryda.co.uk.

You have the following rights regarding your personal data:

• Right of access: request a copy of the data we hold about you.
• Right to rectification: correct inaccurate data — you can do this directly in your dashboard.
• Right to erasure ("right to be forgotten"): request deletion of all your personal data.
• Right to portability: receive your data in a structured, machine-readable format.
• Right to restrict processing: request that we limit how we use your data.
• Right to object: object to processing based on legitimate interests (including analytics opt-out).

To exercise any of these rights, email privacy@ryda.co.uk. We will respond within 30 days.

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

The Ryda website uses only essential session cookies for authentication (managed by Supabase Auth). We do not use tracking cookies, advertising cookies, or third-party analytics scripts.

The Ryda service is intended for adults aged 17 and over (the minimum age to hold a UK driving licence). We do not knowingly collect data from individuals under the age of 17. If you believe a minor has provided us with personal data, contact us at privacy@ryda.co.uk.

We may update this Privacy Policy from time to time. Material changes will be notified by email. The "Last updated" date at the top of this page shows when the policy was last revised.

For any privacy-related questions, contact us at privacy@ryda.co.uk.