Privacy Policy

1. Introduction

Welcome to Car Mechanic. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our automotive assistance service.

This policy applies to all information collected through our web application and any related services (collectively, the "Service").

                Important: By using Car Mechanic, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.
            

2. Information We Collect

2.1 Personal Information

We collect the following personal information when you register and use our Service:

Account Information: Email address, name, and password (encrypted)
Payment Information: Processed securely through Stripe (we do not store full card details)
Subscription Data: Subscription tier, payment history, and renewal dates
Vehicle Information: Make, model, year, and engine type (if provided)

2.2 Usage Information

We automatically collect certain information when you use our Service:

Chat Messages: Questions and responses exchanged with our AI assistant
Usage Statistics: Message count, feature usage, and service access times
Technical Data: IP address, browser type, device information, and access logs
Performance Data: API response times and error logs for service improvement

2.3 Cookies and Tracking Technologies

We use cookies and similar technologies to maintain your session and improve your experience:

Session Cookies: To keep you logged in during your visit
Authentication Tokens: JWT tokens stored in your browser for secure authentication
Preference Cookies: To remember your vehicle selection and settings

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Service Delivery

Provide AI-powered automotive assistance tailored to your vehicle
Process and manage your subscription payments
Monitor usage quotas and enforce subscription limits
Maintain and improve Service functionality

3.2 Communication

Send account verification emails
Notify you of subscription changes or payment issues
Provide customer support and respond to inquiries
Send important service updates (with option to opt-out of marketing)

3.3 Analytics and Improvement

Analyse usage patterns to improve AI response quality
Monitor Service performance and identify technical issues
Develop new features based on user behaviour
Calculate operational costs and optimize resources

4. Data Sharing and Disclosure

4.1 Third-Party Service Providers

We share your information with trusted third-party providers who assist in operating our Service:

Anthropic (Claude AI): Processes your chat messages to provide automotive assistance
Stripe: Handles payment processing and subscription management
Supabase: Provides authentication services and database hosting

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

4.3 Business Transfers

If we are involved in a merger, acquisition, or asset sale, your personal information may be transferred. We will provide notice before your information is transferred and becomes subject to a different Privacy Policy.

5. Data Security

We implement appropriate technical and organisational security measures to protect your personal information:

Encryption: All data transmitted between your device and our servers is encrypted using HTTPS/TLS
Password Security: Passwords are hashed using bcrypt before storage
Access Controls: Restricted access to personal data on a need-to-know basis
Regular Security Audits: Ongoing monitoring for vulnerabilities and threats
Rate Limiting: Protection against brute force attacks and API abuse

                Important: No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
            

6. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes outlined in this Privacy Policy:

Active Accounts: Data retained while your account is active
Closed Accounts: Data retained for 90 days after account closure for billing/legal purposes
Chat History: Retained for 12 months for service improvement, then anonymised
Payment Records: Retained for 7 years to comply with UK tax and accounting requirements

7. Your Data Protection Rights (GDPR)

Under the General Data Protection Regulation (GDPR), if you are a resident of the European Economic Area (EEA) or UK, you have the following rights:

Right of Access: Request copies of your personal data
Right to Rectification: Request correction of inaccurate or incomplete data
Right to Erasure: Request deletion of your personal data
Right to Restrict Processing: Request limitation on how we use your data
Right to Data Portability: Request transfer of your data to another service
Right to Object: Object to processing of your data for specific purposes
Right to Withdraw Consent: Withdraw consent at any time where we rely on consent

To exercise any of these rights, please contact us at privacy@mymechanic.ai. We will respond within 30 days.

8. Children's Privacy

Our Service is not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, to protect your personal information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

Posting the new Privacy Policy on this page
Updating the "Last Updated" date at the top of this policy
Sending an email notification for material changes

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Car Mechanic
Email: privacy@mymechanic.ai
Support: support@mymechanic.ai

12. UK-Specific Information

For UK residents, additional information under the Data Protection Act 2018:

Data Controller: Car Mechanic is the data controller for your personal information
ICO Registration: We are registered with the Information Commissioner's Office (ICO)
Complaints: You have the right to lodge a complaint with the ICO at ico.org.uk

🚗 Car Mechanic