Privacy Policy

1. Introduction

Welcome to The Garage ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our vehicle service history tracking application and website (collectively, the "Service").

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Email address, password (encrypted), and name
• Vehicle Information: Make, model, year, VIN, registration number, mileage, and photos
• Service Records: Service dates, types, providers, costs, mileage, notes, and uploaded receipts/photos
• Profile Settings: Preferences, notification settings, and customizations

2.2 Information Collected Automatically

• Usage Data: How you interact with the Service, features used, and time spent
• Device Information: Device type, operating system, browser type, IP address
• Location Data: Approximate location (only when using the service center locator feature, with your permission)
• Cookies and Similar Technologies: We use cookies to maintain your session and improve your experience

2.3 Information from Third Parties

• DVLA Data: When you enter a vehicle registration number, we may retrieve publicly available vehicle information from the UK DVLA database
• Authentication Providers: If you sign in with Google or other providers, we receive basic profile information

3. How We Use Your Information

We use your information to:

• Provide the Service: Create and manage your account, store vehicle records, send maintenance reminders
• Improve the Service: Analyze usage patterns, fix bugs, develop new features
• Communicate with You: Send service updates, maintenance reminders, support messages
• Security: Detect and prevent fraud, abuse, and security incidents
• Legal Compliance: Comply with legal obligations and enforce our Terms of Service

4. Data Sharing and Disclosure

4.1 With Your Consent

• Vehicle Transfer: When you transfer ownership of a vehicle, the service history is shared with the new owner (you control what information is shared)
• Shared Access: If you explicitly share a vehicle profile with another user

4.2 Service Providers

We may share data with trusted third-party service providers who help us operate the Service:

• Cloud Hosting: Firebase/Google Cloud (data storage)
• Authentication: Firebase Authentication (secure login)
• Image Processing: Google Cloud Vision API (receipt OCR)
• Analytics: Google Analytics (usage statistics, anonymized)
• Email Services: For transactional emails and notifications

All service providers are contractually obligated to protect your data and use it only for specified purposes.

4.3 Legal Requirements

We may disclose information if required by law, court order, or government request, or to protect our rights, property, or safety.

4.4 Business Transfers

If The Garage is acquired or merged with another company, your data may be transferred. We will notify you before your data is subject to a different privacy policy.

5. Data Storage and Security

5.1 Where We Store Data

• Data is stored on secure servers in the UK/EU (Google Cloud/Firebase)
• We use industry-standard encryption for data in transit (HTTPS/TLS) and at rest

5.2 Security Measures

• Encrypted passwords (never stored in plain text)
• Regular security audits and updates
• Access controls and authentication
• Secure backup systems

5.3 Data Retention

• Active Accounts: We retain your data as long as your account is active
• Deleted Accounts: Data is permanently deleted within 30 days of account deletion
• Legal Requirements: Some data may be retained longer if required by law

6. Your Rights and Choices

Under UK GDPR and Data Protection Act 2018, you have the following rights:

6.1 Access and Portability

• Right to Access: Request a copy of all personal data we hold about you
• Data Portability: Export your vehicle and service history data in a machine-readable format (PDF, CSV)

6.2 Correction and Deletion

• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Delete your account and all associated data (exceptions apply for legal obligations)

6.3 Control and Restriction

• Right to Object: Object to certain processing of your data
• Right to Restriction: Request we limit processing in certain circumstances
• Withdraw Consent: Withdraw consent for optional data processing (e.g., marketing emails)

6.4 How to Exercise Your Rights

Contact us at privacy@thegarage.app or use the account settings in the app. We will respond within 30 days.

7. Cookies and Tracking

We use the following types of cookies:

• Essential Cookies: Required for the Service to function (login sessions, security)
• Analytics Cookies: Help us understand how you use the Service (Google Analytics)
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings, but disabling essential cookies may affect functionality.

8. Children's Privacy

The Garage is not intended for users under 18 years old. We do not knowingly collect data from children. If we discover we have collected data from a child, we will delete it immediately.

9. International Data Transfers

If you access the Service from outside the UK/EU, your data may be transferred to and processed in the UK/EU. We ensure appropriate safeguards are in place for such transfers.

10. Changes to This Privacy Policy

We may update this policy periodically. We will notify you of significant changes via email or in-app notification. Continued use of the Service after changes constitutes acceptance.

11. Contact Us

For privacy-related questions or to exercise your rights:

For complaints about how we handle your data, you can contact the UK Information Commissioner's Office (ICO): https://ico.org.uk/