Privacy Policy
Last updated: 16 June 2026
This policy explains how CarGuard AI (operated by [COMPANY NAME], [REGISTERED ADDRESS]) collects and processes your personal data under the EU GDPR and applicable laws. Data controller: [COMPANY NAME] — [CONTACT EMAIL].
1. Data we collect
Account data: email, name, phone, country, language, password (hashed by our auth provider).
Inspection data you provide: vehicle details (make, model, year, VIN, mileage, price), the 8 exterior photos, engine videos/photos, start-up audio, and the documents you photograph (registration, maintenance records, etc.).
Payment data: handled by Stripe. We never store your full card number; we keep payment status, amount, currency and a Stripe identifier.
Usage data: activity logs, device/browser information and technical logs needed to run and secure the service.
2. Purposes and legal bases
Provide the inspection and generate your report (performance of our contract).
Process payments and prevent fraud (contract + legal obligation).
Run AI analysis of your photos, audio and documents to produce the report (performance of our contract).
Improve and secure the service (our legitimate interest).
Send service emails (contract); marketing only with your consent.
3. AI processing and sub-processors
Your media and inspection inputs are sent to AI providers solely to produce your analysis. We use, among others: Supabase (hosting, database, storage, authentication), OpenAI (AI vision/audio analysis), Stripe (payments), and vehicle-data sources (e.g. NHTSA, and paid providers such as VinAudit/NMVTIS where you request a history report).
These providers act as our processors and only process data on our instructions.
4. International transfers
Some processors (e.g. OpenAI, Stripe) are located in the United States. Transfers are framed by appropriate safeguards such as the EU Standard Contractual Clauses.
5. Retention
Inspection media and reports are kept for the duration of your account, then deleted within a reasonable period after account closure. Accounting/payment records are kept for the legal retention period. You can delete your media and account at any time from Settings.
6. Your rights
You have the right to access, rectify, erase, restrict and port your data, and to object to certain processing. Exercise them at [DPO / PRIVACY EMAIL].
You can also lodge a complaint with your supervisory authority (in France, the CNIL — www.cnil.fr).
7. Security
Media is stored in private buckets accessed via signed URLs; access is restricted per user. We apply technical and organisational measures appropriate to the risk.
8. Cookies
We use only essential cookies (authentication and language preference). If we add analytics or marketing cookies, we will ask for your consent first.
9. Contact
Questions about this policy: [DPO / PRIVACY EMAIL] ([COMPANY NAME], [REGISTERED ADDRESS]).