Privacy Policy

1. Introduction

CarMate ("we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our car listing analysis service.

We are registered in the United Kingdom and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

Company Name: Moose Technologies Ltd

Registered in: England and Wales

Contact Email: privacy@carmate.co.uk

Location: United Kingdom

3. Information We Collect

3.1 Personal Information

• Email Address: When you create an account or make a purchase
• Payment Information: Processed securely through Stripe (we never store full card details)
• IP Address: For security and fraud prevention

3.2 Usage Data

• Car listings you analyse (URLs, manually entered details, and extracted data)
• Analysis results and reports generated
• Audit credit balance and usage history
• Feedback and support communications

3.3 Screenshot Uploads

If you use the screenshot upload feature, your image is transmitted to our processing provider for text extraction. We do not store your screenshot images. Only the structured data extracted from them (make, model, price, etc.) is retained as part of your audit report. Images are processed in transit and are not retained by our provider beyond the duration of the request.

3.4 Technical Data

• Browser type and version
• Device information
• Timestamps of activities
• Cookies and similar technologies (see Cookie Policy)

4. Legal Basis for Processing

We process your personal data under the following lawful bases:

• Contract Performance: To provide our services that you've paid for
• Legitimate Interests: To improve our service, prevent fraud, and ensure security
• Consent: For marketing communications (which you can opt out of at any time)
• Legal Obligation: To comply with legal requirements such as tax and accounting

5. How We Use Your Information

• To provide and maintain our car analysis service
• To process payments and manage your audit credits
• To send you analysis reports and service updates
• To respond to your support requests and feedback
• To improve our analysis accuracy
• To prevent fraud and ensure platform security
• To comply with legal obligations

6. Data Sharing and Third Parties

6.1 Service Providers

We share data with trusted third-party providers who help us operate our service:

• Stripe: Payment processing (PCI DSS compliant)
• Supabase: Database and authentication services (EU/UK servers)
• Google Gemini AI: Car listing image analysis
• Railway: Backend hosting infrastructure
• Vercel: Frontend hosting

6.2 Legal Requirements

We may disclose your information if required by law, court order, or to:

• Comply with legal obligations
• Protect our rights and property
• Prevent fraud or security threats
• Protect user safety

6.3 No Selling of Data

We never sell your personal data to third parties.

7. Data Retention

• Account Data: Retained while your account is active and for 12 months after deletion
• Analysis Reports: Retained for 24 months or until you delete them
• Payment Records: Retained for 7 years for tax and accounting purposes
• Support Communications: Retained for 3 years

You can request earlier deletion of your data at any time (subject to legal requirements).

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

To exercise any of these rights, contact us at privacy@carmate.co.uk. We will respond within one month.

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit (HTTPS/TLS) and at rest
• Secure authentication (passwordless OTP system)
• Regular security audits and updates
• Access controls and staff training
• Secure payment processing via Stripe

While we strive to protect your data, no internet transmission is 100% secure. We cannot guarantee absolute security.

10. International Data Transfers

Your data may be processed in countries outside the UK. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) with service providers
• Adequacy decisions by the UK government
• Privacy Shield Framework (where applicable)

11. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Cookies and Tracking

We use cookies and similar technologies to provide and improve our service. For detailed information, see our Cookie Policy.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a prominent notice on our website. Continued use of our service after changes indicates acceptance.

14. Data Protection Officer

As a small business, Moose Technologies Ltd is not required to appoint a Data Protection Officer (DPO) under UK GDPR Article 37. All data protection enquiries are handled directly by our team. You can reach us at privacy@carmate.co.uk.

15. Contact Us

For any questions, concerns, or requests regarding your privacy:

16. Complaints

If you're not satisfied with how we handle your data, you have the right to lodge a complaint with the UK's supervisory authority: