Privacy Policy

1. Introduction

Auto AI Buddy ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered automotive repair assistant service (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: When you sign in with Google OAuth, we collect your name, email address, and profile picture from your Google account.
• Vehicle Information: Year, make, model, trim, engine, and transmission details you provide for your vehicles.
• Conversation Data: Questions you ask, images you upload, and your interactions with the AI assistant.
• Feedback: Ratings (thumbs up/down) and bug reports you submit.
• Payment Information: When you subscribe to Premium, payment details are processed securely by Stripe. We do not store your credit card information.

2.2 Information Collected Automatically

• Usage Data: IP address, browser type, device information, operating system, and access times.
• Analytics: We use Vercel Analytics to track page views and user behavior patterns.
• Cookies and Similar Technologies: We use cookies to maintain your session and remember your preferences.
• Rate Limiting Data: We track API usage to enforce rate limits and prevent abuse.

2.3 Third-Party Data

• Google OAuth: We receive basic profile information from Google when you sign in.
• Anthropic Claude API: Your questions and images are sent to Anthropic's Claude AI for processing.
• Stripe: Payment processing and subscription management data.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process your AI queries and generate responses
• Personalize your experience based on your vehicle information
• Manage your account and subscription
• Process payments and prevent fraud
• Send you service-related notifications (if you provide an email)
• Respond to your bug reports and support requests
• Analyze usage patterns to improve our AI responses
• Enforce our Terms of Service and prevent abuse
• Comply with legal obligations

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

• Anthropic: Your questions and uploaded images are sent to Anthropic's Claude API to generate AI responses. See Anthropic's Privacy Policy.
• Supabase: Our database and authentication provider. See Supabase Privacy Policy.
• Stripe: Payment processing for Premium subscriptions. See Stripe Privacy Policy.
• Vercel: Hosting and analytics provider. See Vercel Privacy Policy.
• Upstash: Redis provider for rate limiting. See Upstash Privacy Policy.

4.2 Legal Compliance

We may disclose your information if required by law or in response to valid legal requests, such as subpoenas, court orders, or government regulations.

4.3 Business Transfers

If Auto AI Buddy is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Data Retention

We retain your information for as long as necessary to:

• Provide the Service to you
• Comply with legal obligations (e.g., tax records, transaction history)
• Resolve disputes and enforce agreements

Conversation History: Stored until you delete them or close your account.
Account Data: Retained until you request deletion.
Analytics Data: Aggregated and anonymized data may be retained indefinitely.

6. Your Privacy Rights

Depending on your location, you may have the following rights:

6.1 Access and Portability

You can access your conversation history and vehicle information through your account settings.

6.2 Correction

You can update your vehicle information and profile details at any time through the Settings page.

6.3 Deletion

You can delete individual conversations or your entire account. To delete your account and all associated data, please submit a request through our bug report feature.

6.4 Opt-Out

You can opt out of analytics tracking by enabling "Do Not Track" in your browser settings.

6.5 GDPR Rights (EU Users)

If you are located in the European Union, you have additional rights:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent at any time

6.6 CCPA Rights (California Users)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and disclose
• Request deletion of your personal information
• Opt out of the sale of personal information (we do not sell your data)
• Non-discrimination for exercising your rights

7. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data transmitted between your device and our servers is encrypted using HTTPS/TLS protocols.
• Database Security: Row Level Security (RLS) policies ensure you can only access your own data.
• Authentication: Secure OAuth authentication through Google.
• Payment Security: Payment data is processed by PCI-compliant Stripe; we never store credit card information.
• Rate Limiting: Protection against brute force attacks and abuse.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete that information immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. By using the Service, you consent to the transfer of your information to the United States and other countries where our service providers operate.

10. Cookies and Tracking Technologies

We use the following types of cookies:

• Essential Cookies: Required for authentication and basic Service functionality. These cannot be disabled.
• Analytics Cookies: Help us understand how users interact with the Service (Vercel Analytics).
• Preference Cookies: Remember your settings and preferences.

You can control cookies through your browser settings, but disabling certain cookies may affect Service functionality.

11. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending a notification if you have provided an email address (for material changes)

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us through:

• The bug report feature in the application
• The contact information provided on our website

We will respond to your request within 30 days.

14. Data Processing Summary