Privacy Policy

1. Scope and Application

This Policy applies to all users of the Services, including visitors and registered account holders, regardless of location. The Services are available globally. While the Website may be accessed from anywhere, certain features such as affiliate links to retailers may be region-specific.

This Policy does not apply to information collected by third-party sites or services linked to or integrated with our Services, such as Amazon, AutoZone, RockAuto, YouTube, or authentication providers, which have their own privacy practices.

2. Types of Personal Information We Collect

We collect various categories of personal information, including:

• Identifiers: Name, email address, and Account credentials (if you create an account)
• Vehicle Information: VIN, year, make, model, trim, and mileage you enter for repair guides
• Internet or Network Activity: Browsing history, IP address, device information, and interactions with AI features
• Geolocation Data: General location derived from your IP address or timezone for region-specific retailer prioritization
• Inferences: Maintenance preferences derived from your usage patterns
• Voluntarily Provided Information: Feedback, symptom descriptions, or other information you provide
• Payment Information: When you subscribe to premium features, our payment processor (Stripe) collects your payment card details. We receive and store limited payment information including: your email address, billing name, the last four digits of your card number, card expiration date, card brand (e.g., Visa, Mastercard), and billing address. We do not receive or store your full card number, CVV, or other sensitive payment credentials.
• Subscription Data: Subscription status, billing history, subscription start/end dates, and transaction IDs

3. Sources from Which We Collect Personal Information

We obtain personal information from multiple sources:

• Directly from you: When you create an Account, enter vehicle data, use AI symptom chat, or interact with repair guides
• Automatically: Through cookies, web beacons, and server logs as you navigate the Services
• From authentication providers: If you sign in using Google, GitHub, or other OAuth providers
• From public online sources: Used by our AI to provide vehicle maintenance information
• From service providers: Analytics providers assisting with usage statistics
• From our payment processor: Stripe provides us with limited payment and subscription information when you subscribe to premium features

4. Payment Information and Processing

4.1 Payment Processor

We use Stripe, Inc. ("Stripe") as our third-party payment processor for all subscription transactions. When you provide payment information to subscribe to our Services, that information is collected and processed directly by Stripe, not by us. Stripe is certified as a PCI Level 1 Service Provider, the most stringent level of certification available in the payment industry.

4.2 What Payment Data We Receive

While Stripe processes your full payment details, we only receive and store the following limited information:

• Your email address associated with the payment
• Billing name and address
• Last four digits of your payment card
• Card brand (e.g., Visa, Mastercard, American Express)
• Card expiration date
• Stripe customer ID and subscription ID
• Transaction history and invoice records
• Subscription status (active, canceled, past due)

We never receive, access, or store: Your full card number, CVV/security code, or PIN.

4.3 How Payment Data Is Used

We use the limited payment information we receive to:

• Verify and manage your subscription status
• Send payment receipts and billing notifications
• Process refunds when applicable
• Prevent fraud and unauthorized transactions
• Respond to billing inquiries and disputes
• Comply with tax and legal obligations

4.4 Stripe's Privacy Practices

Stripe's collection and use of your payment information is governed by Stripe's own privacy policy. We encourage you to review Stripe's privacy practices at https://stripe.com/privacy.

4.5 Payment Data Retention

We retain payment-related information for as long as you maintain an active subscription, plus an additional period as required by tax laws and financial regulations (typically seven years for transaction records). Upon your request to delete your account, we will anonymize or delete payment data except where retention is required by law.

5. Purposes for Collecting and Using Personal Information

We use your personal information to:

• Provide and improve the Services, including AI-powered repair guides, VIN decoding, and part search
• Generate accurate, vehicle-specific maintenance guidance
• Personalize your experience, such as prioritizing retailers based on your region
• Save your vehicle information and guide progress for future sessions
• Communicate with you regarding updates or service-related notices
• Analyze usage patterns to enhance functionality and security
• Comply with legal obligations
• Prevent fraud or enforce our Terms

We do not use your data for automated decision-making that produces legal effects without your consent.

Lawful Bases for EU/UK Users

Where GDPR applies, we process personal data on the following legal bases:

• Your consent (e.g., Account creation)
• Performance of a contract (e.g., providing the Services)
• Our legitimate interests (e.g., improving Services, preventing fraud)
• Compliance with legal obligations

6. Disclosure of Personal Information to Third Parties

We may disclose your personal information to:

• Payment processor: Stripe, Inc. processes all subscription payments. See Section 4 for details on payment data handling.
• Service providers: Analytics firms and hosting providers, bound by contractual obligations to protect your data
• Authentication providers: Google, GitHub, or other OAuth providers if you choose to sign in with them
• Legal authorities: If required by law, subpoena, or to protect our rights
• Successors: In the event of a merger, acquisition, or asset sale
• With your consent: For other purposes you explicitly agree to

We do not share data with unaffiliated third parties for their independent marketing without your explicit opt-in. When you click affiliate links to third-party retailers (Amazon, AutoZone, etc.), those retailers may collect information according to their own privacy policies.

7. Sale or Sharing of Personal Information Under CCPA

In the past twelve (12) months, we have not "sold" personal information as defined under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

However, certain disclosures (e.g., to advertising partners or via cookies) may constitute "sharing" for cross-context behavioral advertising. You have the right to opt out of such sharing. We do not knowingly sell or share personal information of consumers under sixteen (16) years of age.

8. Local Storage and Data on Your Device

Most of your data stays on your device. We use browser localStorage to save:

• Your vehicle information (VIN, year, make, model)
• Guide progress and checked items
• Offline-saved guides

This data never leaves your device unless you explicitly sync or share it.

9. Data Security Measures

We implement reasonable administrative, technical, and physical safeguards to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These include secure servers, access controls, and regular security reviews. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your Account credentials.

10. Data Retention Practices

We retain your personal information only as long as necessary to fulfill the purposes outlined in this Policy, including for the duration of your Account, to comply with legal requirements, or resolve disputes. When no longer needed, we securely delete or anonymize data. Analytics data may be aggregated and retained indefinitely in anonymized form.

11. Cookies and Similar Tracking Technologies

We use cookies, pixels, local storage, and similar technologies to enhance functionality, analyze trends, and deliver targeted content. These include essential cookies for site operation and performance cookies for analytics.

Third parties like Google Analytics may place cookies on our behalf. You can manage preferences via browser settings or our Cookie Policy, but disabling cookies may limit Services.

California residents may exercise their "Do Not Sell or Share My Personal Information" rights through our designated link, where applicable.

12. Third-Party Services and Affiliate Links

The Services provide links to third-party websites including:

• Automotive parts retailers: Amazon, AutoZone, RockAuto, O'Reilly Auto Parts, Advance Auto Parts
• Video platforms: YouTube for tutorial and review videos
• Authentication providers: Google, GitHub (if you choose to sign in)

These third parties may collect your information independently, governed by their privacy policies. We are not responsible for their practices. Affiliate links may track referrals, and clicking them constitutes consent to such tracking. Review third-party policies before interacting.

13. Children's Privacy

The Services are not intended for children under thirteen (13) years of age, and we do not knowingly collect personal information from them. If you are under eighteen (18), you must have parental consent to use the Services. In compliance with the Children's Online Privacy Protection Act (COPPA), if we learn we have collected data from a child under thirteen (13) without verifiable parental consent, we will delete it promptly. Parents may contact us to review or delete such data.

14. International Users and Data Transfers

While the Services are designed for global use, individuals located in the European Union (EU), United Kingdom (UK), or other regions should be aware that their data may be transferred to and processed in the United States, which may have different data protection standards.

If an EU or UK resident creates an Account, submits personal information, or otherwise uses the Services, the processing of their personal data becomes subject to the General Data Protection Regulation (GDPR) or UK GDPR.

We rely on your consent and/or our legitimate interests (such as providing the Services) as lawful bases for processing EU/UK user data. By using the Services, you acknowledge and consent to cross-border data transfers.

15. Your Privacy Rights Under Applicable Laws

Depending on your location, you may have rights such as:

• Access to your personal information
• Correction of inaccuracies
• Deletion under certain circumstances
• Restriction of processing
• Data portability
• Objection to processing for marketing

California Residents (CCPA/CPRA)

California residents have additional rights, including knowing categories of data collected, opting out of sales/sharing, and limiting use of sensitive data.

EU and UK Users (GDPR)

Additional GDPR rights apply, including:

• The right to withdraw consent at any time
• The right to object to processing based on legitimate interests
• The right to request restriction of processing
• The right to lodge a complaint with your local data protection authority

16. How to Exercise Your Privacy Rights

To exercise rights, submit a verifiable request via email to dvoninvestllc@yahoo.com or through your Account settings. Include sufficient details to verify your identity (e.g., email associated with Account).

We will respond within forty-five (45) days (extendable by forty-five (45) days if needed). We do not discriminate against users exercising rights. For opt-outs (e.g., Do Not Sell/Share), use our designated link or Global Privacy Control signals.

17. Non-Discrimination for Exercising Rights

We will not discriminate against you for exercising privacy rights, including by denying Services, charging different prices, or providing lesser quality.

18. Changes to This Privacy Policy

We may update this Policy periodically to reflect changes in our practices or legal requirements. Revised versions will be posted on the Website with an updated Effective Date. Material changes will be notified via email or prominent notice. Your continued use constitutes acceptance. Review this Policy regularly.

19. Governing Law and Dispute Resolution

This Policy is governed by California law, without regard to conflicts principles. Disputes shall be resolved through binding arbitration in California under American Arbitration Association rules, except for small claims or injunctive relief. You waive class actions.

20. Contact Information

For privacy inquiries, requests, or complaints, contact:

We aim to respond within thirty (30) days. For CCPA agent authorization, provide written permission.