← Back to API Docs

Privacy Policy

Last updated: 5 March 2026

1. Who We Are

Airport Pickups London (APL Cars) is a licensed private hire operator based in London, UK. We operate the API and MCP services at mcp.airport-pickups-london.com.

Contact: [email protected] | +44 208 688 7744

2. What Data We Collect

When you use our API, MCP, or A2A services, we may collect:

• Quote requests: Origin, destination, passenger count, dates/times. Quotes are not stored permanently.
• Booking details: Passenger name, phone number, email address, flight number, pickup/dropoff addresses, and special requests. These are required to fulfil the transfer service.
• Agent registration: Agent name, contact email, and optional website URL.
• API keys: Generated and stored securely. Used for authentication only.
• Server logs: IP addresses, request timestamps, and request paths for security and rate limiting. Logs are retained for up to 30 days.

3. How We Use Your Data

• To process transfer quotes and bookings as requested
• To dispatch drivers and provide meet-and-greet services
• To send booking confirmations, driver tracking links, and manage-booking links via email
• To authenticate API requests and prevent abuse
• To comply with TfL (Transport for London) licensing requirements

4. Data Sharing

We share booking details with our dispatch partner to fulfil the transfer service. We do not sell personal data to third parties. Data may be shared with:

• Dispatch system: Booking details are sent to our dispatch partner (London Tech) to assign a driver and track the journey.
• Drivers: Passenger name, pickup location, and flight details are shared with the assigned driver.
• Payment processors: If you pay online, your payment is processed by Stripe. We do not store card details.

5. Data Retention

• Booking data: Retained for 3 years as required by TfL licensing regulations.
• Quote data: Temporary — not stored beyond the request lifecycle.
• Server logs: Retained for up to 30 days, then automatically deleted.
• Agent registrations: Retained while your account is active. Contact us to delete.

6. Security

All API traffic is encrypted via HTTPS/TLS. API keys are stored securely and can be rotated on request. Rate limiting and abuse detection are in place to protect the service.

7. AI and LLM Usage

Our services are designed to be used by AI assistants and language models (via MCP, A2A, and REST API). When an AI tool calls our API:

• We process the data in the same way as any API request
• We do not use your booking or personal data to train AI models
• Conversation history sent to our chat endpoint is processed in-memory and not stored

8. Your Rights

Under UK GDPR, you have the right to:

• Request a copy of your personal data
• Request correction of inaccurate data
• Request deletion of your data (subject to legal retention requirements)
• Withdraw consent at any time

To exercise these rights, email [email protected].

9. Cookies

The API does not use cookies. The documentation pages (/docs) do not set tracking cookies.

10. Changes to This Policy

We may update this policy from time to time. The "last updated" date at the top of this page indicates when the policy was last revised.