Privacy Policy
Last updated: 13 May 2026
SERMI Vault is a compliance workspace for automotive workshops. It helps workshops create repair order records, attach evidence documents, export compliance packages and, where enabled, upload completed packages to the workshop's own Google Drive.
SERMI Vault is an independent entity. We are not affiliated with, endorsed by, or part of SERMI UK, SERMI EU, the Institute of the Motor Industry, the Independent Garage Association, or any organisation involved in governing, administering, approving, auditing or enforcing SERMI policy. The sole purpose of the service is to help independent workshops capture repair records and evidence in a way that supports their own SERMI compliance processes.
Our role
For workshop account, subscription, security and service administration data, we act as the data controller. For repair order records, customer identity details and evidence uploaded by a workshop, the workshop is normally the controller and SERMI Vault acts as a processor providing the software service on the workshop's instructions.
Information we process
We may process account information, workshop details, subscription status, repair order information, vehicle details, customer identity record details, uploaded evidence files, Google Drive connection status, export records and audit log activity generated inside the service.
How information is used
Information is used to provide the SERMI Vault service, keep repair order records available to the workshop, create PDF/ZIP exports, support subscription billing, maintain security and record audit activity.
Access to workshop records
SERMI Vault is designed so workshop records are separated by account and are not browsed by us during normal operation. We do not sell workshop data and we do not use repair order records or uploaded evidence for advertising. Access to production systems is restricted and any exceptional access to workshop information is limited to what is necessary for support requested by the workshop, security, abuse prevention, legal obligations, service maintenance or incident investigation.
Payment information
We do not collect or store full payment card numbers, bank details or card security codes. Payments, subscriptions and invoices are processed by Stripe. SERMI Vault stores only the limited billing information needed to operate the subscription, such as subscription status, Stripe customer or subscription identifiers, plan details and billing email.
Google Drive
If a workshop connects Google Drive, SERMI Vault uses the Google Drive file permission granted by the user to create and upload compliance package files to that workshop's Drive. The app is designed to use access only for files it creates or files the user chooses to use with the app.
Service providers
We use trusted service providers to operate the service, including hosting, database, authentication, payment processing and cloud-drive integrations. These providers process information only as needed to deliver their services to us or to the workshop.
International processing
Some service providers may process information outside the United Kingdom or European Economic Area. Where this happens, we rely on the safeguards offered by those providers, such as adequacy decisions, standard contractual clauses or equivalent lawful transfer mechanisms.
Security
We use account authentication, row-level access controls, restricted administrative access and audit logging to help protect workshop data. No internet service can guarantee perfect security, so workshops should use strong passwords, keep account access limited and download or store exports in a secure location.
Retention and control
Workshops are responsible for the repair order data they enter and the evidence they upload. Users can download local exports and can disconnect Google Drive from the settings area. Account and subscription records may be retained where needed for legal, billing, security or audit reasons. Repair order retention is controlled by the workshop's use of the service and any deletion/export tools made available inside the product.
Your rights
Depending on the context and applicable law, individuals may have rights to access, correct, delete, restrict or object to processing of their personal data. Where a request relates to a workshop's customer or repair order record, we may direct the individual to the relevant workshop because that workshop controls the record.
Contact
For privacy questions, contact admin@yorkshirevwagretrofits.co.uk.