Privacy Policy

SamuelTuned (“we”, “us”, “our”) is a UK-based remote ECU tuning service operated by Samuel. Trading address and contact details are listed on /contact. We are the data controller for the personal data you provide through this website.

We collect only the data we need to scope, deliver and support a tune:

• Identity & contact: name, email address, WhatsApp / phone number, country and (if applicable) state or region. Used to contact you, deliver the tune file by email, and apply geo-restrictions where required by law (e.g. California CARB).
• Vehicle data: chassis, engine, vehicle model, VIN, platform (Bootmod3 / MHD / MG Flasher), fuel grade, multimap selections, build details, hardware modifications. Used to calibrate the correct map for your specific car.
• Order & payment data: order metadata (chassis, stage, add-ons, amount, currency, Stripe session id). The card itself never touches our servers — Stripe processes payment on its own infrastructure (PCI scope kept off-domain).
• Communications: messages you send via the contact form, log-review form, fly-me-out form, partner form, ECU unlock form, or to Samuel directly via email or WhatsApp. Used to support the tune and reply to your enquiry.
• Technical data (only after cookie consent): anonymised analytics via Google Analytics 4 with Consent Mode v2 default-denied. We do not load any third-party scripts or set non-essential cookies until you accept the banner.

• Performance of a contract — to scope, calibrate and deliver your tune, handle refund / dispute correspondence, and provide support.
• Legal obligation — to comply with UK consumer-rights, tax (HMRC), fraud-prevention, and emissions-restriction obligations.
• Legitimate interest — to investigate security incidents, prevent fraud, and improve our service.
• Consent — for non-essential cookies and any optional marketing. You can withdraw at any time via the cookie banner control or by emailing us.

We use the following third-party processors. Each is GDPR-compliant:

• Stripe Payments Europe Ltd. — payment processing. stripe.com/privacy
• Supabase Inc. — database hosting (EU region). supabase.com/privacy
• Vercel Inc. — application hosting and CDN. vercel.com/legal/privacy-policy
• Resend — transactional email delivery (order confirmation, file delivery). resend.com/legal/privacy-policy
• Meta (WhatsApp Business Cloud API) — WhatsApp message delivery, if you choose that channel. whatsapp.com/legal/business-policy
• Cloudflare — DDoS protection, anti-bot (Turnstile). cloudflare.com/privacypolicy

We do not sell your data. We do not share data with advertisers. Marketing networks are not used.

Some processors (e.g. Stripe, Vercel) may process data outside the UK / EEA. Each is covered by Standard Contractual Clauses (SCCs) or equivalent transfer mechanism under UK GDPR. Database hosting (Supabase) is configured to an EU region.

• Order records: 6 years (HMRC tax retention requirement).
• Customer support correspondence: up to 3 years from last contact.
• Cookie / consent log: 12 months from grant or refusal.
• Technical logs: 30 days, then aggregated.

• Right of access — request a copy of the data we hold on you.
• Right to rectification — correct inaccurate data.
• Right to erasure — request deletion (subject to legal retention obligations).
• Right to restrict processing.
• Right to data portability.
• Right to object to processing based on legitimate interest.
• Right to withdraw consent for any consent-based processing.
• Right to lodge a complaint with the ICO at ico.org.uk.

To exercise any of these, email us via the contact form. We respond within 30 days.

We default-deny all non-essential cookies until you accept the cookie banner. Essential cookies (session, CSRF) are required for the site to function and do not require consent. Analytics, marketing pixels, and preference cookies are gated by Google Consent Mode v2 and only fire after explicit opt-in.

Our service is not directed at children under 16. We do not knowingly collect data from anyone under 16. ECU tuning purchases require a verified vehicle owner, which is functionally adult-gated.

We will post any material changes on this page and update the "Last updated" date at the top. For significant changes affecting how we use your data, we will email customers with active orders.

Privacy questions or rights requests: use the form at /contact or email Samuel directly. We aim to respond within 5 working days.