Privacy Policy
National Supply Chain Networks UK Ltd, trading as Antdel ("Antdel", "we", "our", "us"), operates the Antdel Driver mobile application (the "App") for drivers working with Antdel. This policy explains what personal data we collect through the App, why we collect it, how long we keep it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
If anything here is unclear, email support@antdel.com.
- Who is the data controller?
- What personal data the App collects
- Lisa AI Assistant
- Why we use it (and the legal basis)
- Automated decision-making
- Who we share with
- Where we store data
- How long we keep data
- Your rights
- How we secure your data
- Children
- Changes to this policy
- Contact us
- Appendix — Apple / Google Play data types
1. Who is the data controller?
National Supply Chain Networks UK Ltd (trading as Antdel), a company registered in England and Wales.
- Company number: 05842600
- Registered office: 2nd Floor Cathay Building, 86 Holloway Head, Birmingham, United Kingdom, B1 1ND
- ICO registration: 00012520964
Data Protection Contact: support@antdel.com
2. What personal data the App collects
We collect only what we need to operate the App and meet our legal and contractual duties.
a) Account & identity
- Driver ID, name, company name, vehicle registration
- Mobile phone number (work), work email address
- PIN — stored hashed, never plain text — plus a device fingerprint for login rate-limit tracking
b) Location
- Real-time GPS while the App is in use and while you are actively driving a job (foreground + limited background)
- Trip history — start/end coordinates, distance, duration
- Speed samples (for driving-time classification and cruise-control detection)
- You can revoke location permission any time in your phone's OS settings; doing so disables navigation, ETAs, job matching, and some safety features.
c) Driving hours and rest records (GB Domestic rules)
- Driving-start / driving-stop events, total driving time per shift
- Rest gap between shifts, reduced-rest counter per working week, last qualifying 24-hour off-duty period
- Retained 12 months live + 12 months cold archive to meet DVSA / GB Domestic record-keeping rules — legal obligation.
d) Front-camera data (driver alertness only)
- The front camera runs only while you are in an active en-route job.
- Face-landmark data (eye-open probability, head angle, mouth open ratio) is computed on-device by Google ML Kit or Apple Vision.
- No video or photo from the front camera ever leaves your device. We receive only numeric alertness metrics used to trigger coaching nudges and — above a threshold — to notify ops for a welfare call.
e) Photo uploads
- Proof-of-delivery (POD) photos, seal photos, vehicle-check photos, compliance documents (driving licence, insurance etc.) — you take and upload these deliberately.
- Stored in our secure cloud storage (see §6).
f) Job and operational data
- Collection/delivery addresses, times, notes, load information
- Seal numbers, signatures, arrival/departure timestamps
- Job acceptance/rejection history
g) Voice interactions with operations or our AI assistant ("Lisa")
- If ops or Lisa calls your work number, the call is recorded and transcribed for operational quality and safety. You'll be informed at the start of each call.
h) Device and diagnostic data
- Device model, OS version, App version, push-notification token
- Crash and error logs (scrubbed of personal data before storage)
- Phone thermal state (to throttle camera processing in hot conditions)
i) Biometrics
- If you enable Face ID / fingerprint unlock, the biometric template never leaves your device. The App only receives a yes/no answer from the operating system.
j) What we do not collect
- No contacts, no photo library beyond photos you deliberately upload, no data from other apps.
- No advertising identifiers, no cross-app tracking.
- We never sell personal data.
Lisa AI Assistant
Lisa is an AI assistant feature in the Antdel Driver app. It is provided entirely by National Supply Chain Networks UK Ltd ("we"). No third-party AI service is used. Lisa runs on our own UK-hosted GPU servers using open-weight language models.
Data sent to Lisa when you open a chat message
- The message text you type
- Your driver ID
- Up to the last 10 turns of conversation history
- Your current job context (pickup/delivery postcodes, ETA, current phase)
Processor: National Supply Chain Networks UK Ltd (the same data controller you contract with). No processor in another country, no third party.
Storage: Chat history is stored in our UK-hosted Supabase instance in the chat_history table, linked to your driver ID, for up to 90 days.
Lawful basis: Legitimate interests (Art. 6(1)(f) UK GDPR) — providing operational support.
Consent: We ask you to agree to these terms the first time you open Lisa in the app. You can revoke consent from app Settings at any time. Revoking does not delete past chat history; to request deletion email support@antdel.com.
Opt-out: You can use the Antdel Driver app without ever opening Lisa.
3. Why we use this data (and the legal basis)
| Purpose | Data used | Legal basis |
|---|---|---|
| Assign jobs, route you, track ETAs, pay you correctly | Location, job data, driver ID | Contract |
| Comply with GB Domestic drivers' hours rules + DVSA record keeping | Driving hours, rest gaps | Legal obligation |
| Prevent fatigue-related incidents (drowsiness nudges + welfare calls) | Front-camera alertness metrics, driving time | Legitimate interests (road safety) + vital interests if imminent risk |
| Invoice customers + pay drivers | Job/POD data | Contract + legal obligation (HMRC) |
| Resolve incidents, investigate complaints, defend legal claims | All of the above | Legitimate interests |
| Protect your account (PIN lockout, biometric re-auth) | PIN hash, device fingerprint, lockout counter | Legitimate interests (security) |
| Send you job offers, messages, route alerts, compliance reminders | Push token, phone number | Contract |
Where we rely on legitimate interests, we have balanced those against your rights and determined the processing is proportionate. You may object at any time — see §8.
4. Automated decision-making
We do not make purely automated decisions about you that produce legal or similarly significant effects. The drowsiness scoring triggers coaching messages and, above a threshold, alerts a human operations planner who makes the call whether to phone you. Payment, disciplinary and hiring decisions are always made by people.
5. Who we share your data with
- Supabase Inc. — our cloud database and file-storage processor. Servers in the EU (London / Dublin region). Bound by a UK-GDPR-compliant data processing agreement.
- Google LLC — only when you use navigation (Google Maps / Navigation SDK). Google receives location data to provide routing. Google's privacy policy.
- Apple Inc. / Google LLC — push notifications. Your device token is used for delivery; message body isn't shared.
- HMRC / DVSA / police — if required by law (e.g. DVSA infringement or accident investigation).
- Our accountants and auditors — under confidentiality, for financial audit.
We never sell your data. We do not use your data for advertising.
6. Where we store your data
- Primary storage: Supabase cloud, EU region (London)
- Backups: encrypted daily, 30-day retention
- A copy of recent job data is stored on your device (encrypted with SQLCipher AES-256) so the App works offline. Wiped on logout.
- International transfers — if data is ever transferred outside the UK/EEA we use the UK International Data Transfer Agreement or EU Standard Contractual Clauses with the UK addendum.
7. How long we keep data
| Category | Retention |
|---|---|
| Active account (driver ID, contact, PIN hash) | Duration of contract + 6 years after |
| Job records, POD / seal photos | 6 years |
| Driving-hours / rest records | 12 months live + 12 months archive = 24 months (DVSA) |
| Compliance documents (licence, insurance) | Duration of contract + 4 years |
| Call recordings and transcripts | 90 days |
| App telemetry / crash logs | 90 days |
| Location history (beyond what's in a job record) | 90 days |
| Biometric consent timestamp | Until changed / account deleted |
After retention expires, data is deleted or anonymised.
8. Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you (Subject Access Request; free; response within one month)
- Rectify inaccurate data
- Erasure ("right to be forgotten") — subject to our legal obligations to retain driving-hours and tax records
- Portability — machine-readable export of data you provided
- Restriction — ask us to stop processing while a dispute is resolved
- Object — to processing based on legitimate interests
- Withdraw consent for anything we do based on consent (e.g. biometric login); prior processing stays lawful
To exercise any right: email support@antdel.com. You can also get your Weekly Record Sheet PDF in-app (More → Weekly Record).
9. How we secure your data
- In transit: TLS 1.2+ for every request between device and server.
- On device: offline job cache encrypted with SQLCipher (AES-256). Key stored in iOS Keychain / Android Keystore.
- At rest on our servers: Supabase encrypts disk with AES-256.
- Access controls: only authorised Antdel operations staff see driver-level data. Service-role credentials rotated and audited.
- Authentication: 6-digit PIN (new enrolments) with escalating lockouts after 5 wrong attempts (30 s → up to 1 hour + ops alert). Optional Face ID / fingerprint. Sensitive actions (change PIN, upload compliance, view bank details, sign agreements) require biometric re-auth.
- No front-camera frames ever leave your device — only numeric alertness metrics.
- No advertising or analytics SDKs in the App.
10. Children
The App is a tool for professional drivers. It is not intended for people under 18, and we do not knowingly collect data from anyone under 18.
11. Changes to this policy
We'll post material updates here and — for changes that materially affect what we do with your data — notify you in-app or by email at least 14 days in advance. The "Last updated" date at the top reflects the most recent change.
12. How to contact us
- All enquiries (data protection & general support): support@antdel.com
- Post: National Supply Chain Networks UK Ltd, 2nd Floor Cathay Building, 86 Holloway Head, Birmingham, B1 1ND, United Kingdom
- Company number: 05842600 · ICO registration: 00012520964
Appendix — Apple & Google Play "data type" cross-reference
This summary maps this policy to the platform disclosure forms.
Apple App Store — data types
- Location: precise + coarse — App Functionality. Linked to identity.
- Contact Info: name, phone number, email — App Functionality. Linked.
- User Content: photos (POD, seal, compliance), audio (call recordings when Ops calls). Linked.
- Identifiers: driver ID, device fingerprint. Linked.
- Usage Data: product interaction (job acceptance, app navigation). Linked.
- Diagnostics: crash data, performance. Linked.
- Sensitive Info: none.
- Tracking: we do not track across other companies' apps or websites.
Google Play Data Safety — data types
- Location: precise + approximate, collected + shared (with Google Maps as processor).
- Personal info: name, email, phone number, user ID.
- Photos and videos: POD, seal, compliance uploads.
- Audio: call recordings (only when Ops calls the driver).
- App activity: app interactions (not cross-app).
- App info and performance: crash logs, diagnostics.
- Device or other IDs: device fingerprint (hashed).
- Security practices: data encrypted in transit, at rest, and users can request deletion.
- We do not share data with third parties for advertising or analytics.