Terms of Service
Last updated: 21 May 2026
These terms apply to use of SERMI Vault, a subscription software service for creating SERMI repair order records, managing evidence uploads, producing compliance exports and optionally uploading completed packages to a connected Google Drive account.
SERMI Vault is independent and is not affiliated with, endorsed by, approved by, or part of SERMI UK, SERMI EU, the Institute of the Motor Industry, the Independent Garage Association, or any organisation involved in governing, administering, approving, auditing or enforcing SERMI policy. The service exists to make repair record capture easier for independent workshops. It does not replace a workshop's responsibility to understand and follow applicable SERMI, legal, insurance or audit requirements.
Nature of the service
SERMI Vault is a record capture and export tool. It is not legal, regulatory, data protection or SERMI accreditation advice. We do not guarantee that a workshop's use of the service will satisfy every legal, insurance, audit or SERMI requirement. Workshops remain responsible for checking what records they must keep, how long they must keep them and whether a completed export is suitable for their own audit process.
Workshop responsibility
Users are responsible for entering accurate information, checking completed repair orders before use, retaining records according to their own legal and compliance obligations, ensuring they have authority to process customer information and ensuring downloaded exports or cloud-drive folders are stored securely.
Workshops are responsible for giving any required privacy notices to customers, having a lawful basis for collecting customer information, uploading identity or ownership evidence, connecting Google Drive and exporting compliance packages.
Subscriptions and billing
Access to live repair order creation and completion requires an active subscription. Optional Drive Auto Upload features may require an additional subscription. Payments, subscription renewals, invoices and payment method handling are processed by Stripe.
SERMI Vault does not store full payment card numbers, bank details or card security codes. We may store subscription status, plan information, billing email and Stripe identifiers so the application can unlock or restrict paid features. If payment fails or a subscription is cancelled, paid features may be suspended or limited.
Workshop data and evidence files
Workshop repair order form records belong to the workshop account that created them. SERMI Vault stores form data so the workshop can view, edit, complete and export records. Uploaded identity, ownership and evidence files are stored locally in the user's browser for local export use and are not stored in our application database as part of normal operation.
If Drive Auto Upload is used, evidence files and the generated PDF are transmitted through SERMI Vault only to upload the completed package to the workshop's connected Google Drive. We do not intentionally retain copies of those evidence files on our own storage.
Data processing terms
For repair order records, customer identity details and evidence handled through the service, the workshop is normally the controller and SERMI Vault acts as a processor. We process that data only to provide the service, follow the workshop's use of the product, maintain security, support the workshop, comply with law and operate necessary subprocessors.
We use appropriate technical and organisational measures designed to protect workshop data. We require service providers that process personal data for us to provide suitable protections. We may use subprocessors including Vercel, Supabase, Stripe, Google and GitHub for hosting, authentication, database, payment, cloud-drive and development operations.
We will assist workshops with reasonable data protection requests where the request relates to data we process for that workshop and where the product or support process reasonably allows it. Workshops remain responsible for responding to their own customers and for deciding whether any request should be fulfilled.
Access to records
We do not routinely view workshop repair orders, customer identity details or uploaded evidence. Access to production data is restricted and any exceptional access is limited to support requested by the workshop, security, legal compliance, abuse prevention, service maintenance or incident investigation.
Google Drive uploads
If Drive Auto Upload is enabled, the workshop authorises SERMI Vault to upload completed compliance packages to the connected Google Drive account. The workshop is responsible for ensuring the correct Drive account is connected and that its Drive storage, sharing, access and retention settings are suitable. Disconnecting Google Drive stops future uploads but does not delete files already uploaded to the workshop's Drive.
Advertising and sponsors
If sponsored placements or advertising are introduced, they will be general placements. Advertisers will not receive workshop repair orders, customer records, identity details, evidence files or account credentials, and SERMI Vault will not use repair order data to target adverts.
Acceptable use
Users must not upload unlawful content, misuse connected cloud storage, attempt to access another workshop's records, interfere with the security or availability of the service, share accounts with unauthorised users or use SERMI Vault in a way that could mislead customers or regulators.
Availability and exports
We aim to keep SERMI Vault available and reliable, but we do not guarantee uninterrupted service. Workshops should keep their own downloaded exports, Drive uploads or backups where required for their business, audit or legal retention needs.
Service changes
SERMI Vault may be updated to improve reliability, security, compliance workflows, pricing and integrations. Features may change as the product develops. If a change materially affects paid access, we will take reasonable steps to communicate it.
Termination
We may suspend or terminate access if a user breaches these terms, payment fails, the service is misused, security is at risk or we are required to do so by law. Workshops should export or retain any records they need before closing an account.
Limitation of liability
To the fullest extent permitted by law, SERMI Vault is provided as a software tool and we are not responsible for losses caused by inaccurate user-entered information, failure to retain required records, misuse of exports, incorrect Drive configuration, third-party service outages, loss of local browser evidence files, payment provider issues or a workshop's failure to follow applicable rules. Nothing in these terms limits liability that cannot legally be limited.
Contact
For terms or service questions, contact admin@yorkshirevwagretrofits.co.uk.