LOA HEXtuning service
← Back to LOA HEX

Privacy Policy

What we collect, why we hold it, and what your rights are under UK GDPR.

LOA HEX is the trading name of Voodoo Motorworks. We’re the data controller for the personal data you share with us when you use loahex.app. We’re registered with the Information Commissioner’s Office under registration number [ICO REG NO. — to be added].

For anything to do with your data, email privacy@loahex.app. We aim to respond within seven working days, and we’re legally required to respond within one calendar month.

What we collect

To run the Service, we need a small amount of personal data. The full list:

Account email — handled by Clerk, our authentication provider. This is how we identify you and how we send you transactional email.

Vehicle details — registration plate, ECU identifier, year, engine, options. You give us this when you upload a file so we can match it correctly.

ECU files — the original binary you upload, plus the tuned file we produce in response.

Payment metadata — Stripe handles all card data on its own systems. We see and store the metadata Stripe gives us back: subscription status, invoice references, the last four digits of your card, billing country. We never see or store your full card number.

Support tickets — anything you send us through the support form, including attachments.

Technical logs — IP address, request timestamps, error traces. Needed to keep the platform secure, debug problems, and detect abuse.

We don’t run third-party analytics, ad pixels, or marketing trackers. We never have.

Why we hold it

We rely on two lawful bases under UK GDPR. The main one is performance of a contract — we can’t deliver tuned files without holding your account, your uploaded files, and your payment details.

The second is legitimate interest — for fraud detection, abuse prevention, security logging, and improving the matching library so future deliveries are faster.

How long we keep it

While your account is active, we keep your data for as long as you’re a customer.

For financial records — invoices, payment metadata — we’re required by HMRC to keep records for six years after the end of the tax year they relate to.

For ECU files specifically: your uploaded original is deleted 24 months after upload unless you delete it sooner. Tuned files are kept on your account for 24 months so you can re-download. A subset of tuned files is added to our internal matching library — see the next section.

The library

When we deliver a tuned file, we may store a copy in an internal matching library so that the next customer with the same ECU and options can be auto-delivered in minutes rather than waiting for a manual build. This is what makes our from-5-minutes auto-deliver turnaround possible.

The library indexes tuned files by ECU identifier, software version, and tune metadata only. It never includes your name, your registration plate, your account details, or anything that identifies you to other customers.

If you’d rather we didn’t add files from your account to the library, email privacy@loahex.app and we’ll exclude future uploads.

Sub-processors

A small set of third-party services support LOA HEX. Each is bound by their own data-protection terms, and we’ve reviewed each one’s UK GDPR posture before integrating.

Stripe — payments and card processing.

Clerk — authentication and account management.

Resend — transactional email delivery.

Cloudflare R2 — encrypted object storage for ECU files.

DVLA — vehicle plate lookup, so the upload form can pre-fill make and model from a registration number.

International transfers

Some of our sub-processors operate servers outside the UK. Where personal data leaves the UK, we rely on the UK Government’s Standard Contractual Clauses with the International Data Transfer Addendum, or on adequacy decisions where they apply. Your data is covered either way.

Your rights

Under UK GDPR you have the right to ask us for a copy of the personal data we hold about you, to correct anything inaccurate, to have your data erased (subject to our retention obligations), to restrict or object to certain processing, to receive your data in a portable format, and to withdraw any consent you’ve given where consent was the basis we relied on.

To exercise any of these, email privacy@loahex.app. We’ll respond as quickly as we can, and at the latest within one calendar month.

If you’re not happy with how we’ve handled a request, you can complain to the Information Commissioner’s Office at ico.org.uk or by phone on 0303 123 1113.

Cookies

We only set cookies that are strictly necessary to keep you signed in (handled by Clerk) and for basic security. We don’t set advertising or analytics cookies. If we ever add anything beyond strictly-necessary cookies in future, we’ll show a banner and ask first.

Changes to this policy

If we make a material change to how we handle your data, we’ll let you know by email or in the dashboard. Smaller editorial updates will just be reflected in the “Last updated” date below.

Last updated: 3 May 2026