Privacy Policy

1. Introduction

Vroomly ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your information when you use our AI-powered car diagnostics and maintenance services.

This policy complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

2. Data Controller Information

3. Information We Collect

3.1 Personal Information You Provide

• Account Information: Name, email address, password (encrypted)
• Profile Information: Vehicle details (make, model, year, VIN)
• Payment Information: Processed securely through Stripe (we don't store card details)
• Communication Data: Messages you send us, support tickets, feedback
• Diagnostic Data: Vehicle symptoms, maintenance history, repair preferences

3.2 Information We Collect Automatically

• Usage Data: Features used, diagnoses performed, time spent on pages
• Device Information: IP address, browser type, operating system, device identifiers
• Location Data: Approximate location (with consent) for local mechanic recommendations
• Cookies and Tracking: See our Cookie Policy

3.3 Special Category Data

We do not intentionally collect special category data (health, race, religion, etc.). However, if you include such information in diagnostic descriptions or support messages, we will handle it with extra care and delete it when no longer needed.

4. Legal Basis for Processing

We process your personal data under the following legal bases:

5. How We Use Your Information

• Provide AI-powered vehicle diagnostics and maintenance recommendations
• Process transactions and manage subscriptions
• Send service updates, maintenance reminders, and important notices
• Improve our AI models and service quality
• Provide customer support and respond to inquiries
• Detect and prevent fraud, abuse, and security issues
• Comply with legal obligations
• Send marketing communications (with your consent)

6. How We Share Your Information

We do not sell your personal data. We may share your information with:

• Service Providers: Supabase (database), Stripe (payments), OpenRouter (AI processing)
• Professional Advisors: Lawyers, accountants, auditors under confidentiality obligations
• Business Transfers: In case of merger, sale, or acquisition
• Legal Requirements: When required by law or to protect rights and safety
• With Your Consent: When you explicitly agree to specific sharing

7. International Data Transfers

Your data may be transferred to and processed in countries outside the UK/EEA. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) with service providers
• Adequacy decisions where applicable
• Your explicit consent for specific transfers

8. Data Retention

We retain your data only as long as necessary:

9. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

To exercise any of these rights, contact us at info@vroomly.ai. We will respond within one month.

10. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit (TLS/SSL) and at rest
• Regular security assessments and penetration testing
• Access controls and authentication measures
• Employee training on data protection
• Incident response procedures
• Regular backups and disaster recovery plans

11. Children's Privacy

Our services are not directed to children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Marketing Communications

We may send you marketing communications if you have consented or if we have a legitimate interest (for existing customers). You can opt-out at any time by:

• Clicking "unsubscribe" in any marketing email
• Updating your preferences in your account settings
• Contacting us at info@vroomly.ai

13. Third-Party Links

Our service may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies before providing any personal information.

14. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or prominent notice on our service. Your continued use after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this privacy policy or how we handle your data:

16. Supervisory Authority

If you're not satisfied with our response, you have the right to lodge a complaint with: