Superhero Panda Ltd — Last Updated: 22 June 2026
Welcome to BIB. We are committed to protecting your privacy and handling your personal data transparently and securely.
This Privacy Policy explains how Superhero Panda Ltd ("we", "us", "our") collects, uses, stores, and protects your personal information when you use BIB - our vehicle history and intelligence service (the "Service").
For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Superhero Panda Ltd is the Data Controller.
DVSA MOT History API: When you search for a vehicle, we retrieve that vehicle's MOT test history from the Driver and Vehicle Standards Agency (DVSA) via their official API. This data includes the vehicle's make, model, colour, engine size, recorded mileage at each test, and test results including any defects or advisories noted by the examiner. This data is sourced from official government records and is retrieved at the point of your search. We do not access DVLA registered keeper records - BIB does not know who owns or has owned a vehicle.
Consent: When you explicitly agree to processing activities (e.g., marketing communications).
Contractual Necessity: To provide you with the Service - for example, processing a BIB lookup when you spend a credit.
Legitimate Interests: To improve our Service, conduct analytics, prevent fraud, and ensure security.
Legal Obligation: To comply with legal and regulatory requirements including tax and financial record-keeping.
BIB uses automated analysis to generate vehicle intelligence from MOT history data. This includes classifying advisory items, identifying patterns across test history, scoring reliability, and comparing a vehicle against peer-group benchmarks. This analysis is performed entirely on data retrieved from DVSA records and does not involve profiling of individual users.
You have the right to be informed when automated processing is used and to request human review of any decision that significantly affects you.
Vehicle lookup results generated for your account are not shared with other users or third parties. Your lookup history is visible only to you and to authorised Superhero Panda staff for support and fraud prevention purposes.
We share data with trusted third-party service providers who assist us in operating the Service:
All service providers are contractually bound to protect your data and use it only for specified purposes.
We may disclose your information when required by law, regulation, legal process, or governmental request, or to enforce our Terms of Service, protect our rights or safety, or prevent fraud.
If Superhero Panda is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
Your data is primarily stored and processed within the United Kingdom and the European Economic Area. Firebase and Vercel infrastructure may process data in other regions. Where data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place including Standard Contractual Clauses approved by the ICO.
You can request deletion of your data at any time (subject to legal obligations). See Section 9 for your rights.
Right to Access - request a copy of the personal data we hold about you
Right to Rectification - correct inaccurate or incomplete data
Right to Erasure - request deletion of your personal data in certain circumstances
Right to Restrict Processing - limit how we use your data in certain circumstances
Right to Data Portability - receive your data in a structured, machine-readable format
Right to Object - object to processing based on legitimate interests or for direct marketing
Right to Withdraw Consent - withdraw consent at any time without affecting prior processing
Right to Lodge a Complaint - complain to the ICO if you believe your rights have been violated
We will respond within one month. In complex cases we may extend this by two months and will inform you of any delay.
Essential cookies - required for the Service to function (authentication, security, session management)
Performance cookies - help us understand how you use the Service (analytics, error reporting)
Functional cookies - remember your preferences and settings
You can control cookies through your browser settings. Disabling certain cookies may affect functionality.
We implement industry-standard security measures including encryption in transit (TLS/SSL) and at rest, secure authentication and access controls, regular security audits, and incident response procedures.
If you suspect a security breach, contact us immediately at security@superheropanda.com.
If we experience a data breach posing a risk to your rights and freedoms, we will notify the ICO within 72 hours, notify affected individuals without undue delay, and take immediate steps to contain and remedy the breach.
BIB is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, contact us at privacy@superheropanda.com.
A VRM identifies a vehicle. BIB does not access DVLA registered keeper records and does not store or display keeper identity information. VRMs you enter are processed solely to retrieve publicly available MOT history from the DVSA API.
MOT history data is sourced from the DVSA MOT History API - official government data. Superhero Panda Ltd does not create or control this data; we retrieve and present it. The accuracy and completeness of MOT history data depends on DVSA records.
BIB records which vehicles you have previously looked up so that you can re-access results without spending additional credits. This lookup history is associated with your account and is not shared with other users or third parties.
Bib credit purchases are processed by Stripe. Stripe handles payment card data directly - Superhero Panda Ltd does not store card numbers, CVV codes, or full payment credentials. We retain records of transactions (amount, date, credits purchased) for 7 years for accounting purposes.
We may update this Privacy Policy to reflect changes in our data practices or legal requirements. When we make significant changes, we will update the "Last Updated" date and notify you via email or prominent notice. Continued use after changes constitutes acceptance.