Privacy Policy

Last updated: May 31, 2026

Plain-language summary: We collect only the information needed to run your repair shop's workflow and to keep vehicle owners informed about their vehicle. We do not sell or rent personal data. You can ask for a copy of your data, ask us to delete it, or opt out of SMS at any time.

1. Who we are

AutoDiag (the "Service") is operated by Viktor Pyrkov, Sole Proprietor, located at 3601 NE 207th Street, Suite 1310, Aventura, FL 33180, USA ("AutoDiag", "we", "us", or "our"). You can reach us at [email protected] or +1 (561) 843-1993.

This Privacy Policy explains what personal information we collect through the AutoDiag Pro platform (used by repair shops) and the AutoDiag Owner App (used by vehicle owners), how we use it, with whom we share it, and the rights you have over your data.

2. Information we collect

From shop staff (Pro platform users):

Account info: name, email, role (owner, advisor, technician), phone number
Activity logs: repair orders created, estimates sent, payments recorded, inspections completed
Time-clock data: clock-in and clock-out timestamps, hours worked (if the shop uses time-clock features)
Device + session info: browser, IP address, login timestamps, two-factor authentication tokens

From vehicle owners (Owner App users and shop customers):

Contact info: name, email, mobile phone number (only if you provide it for SMS or email notifications)
Vehicle info: VIN, year, make, model, mileage, license plate, service history
Communication preferences: SMS opt-in status, email opt-in status, language preference
Photos and notes attached to inspections (e.g. a photo of a worn brake pad uploaded by your technician)
Payment info: handled directly by Stripe; AutoDiag does not store full card numbers, only the last 4 digits and a reference token returned by Stripe

3. How we use this information

To deliver the core service: create repair orders, send estimates, process payments, schedule appointments
To send transactional SMS and email notifications you have opted in to (see SMS Consent)
To improve AutoDiag features, troubleshoot bugs, and prevent abuse
To produce reports for your own shop (technician productivity, revenue trends) — never for external sharing without your consent
To comply with legal obligations (tax records, court orders, recall notifications)

We do not use your data to train external AI models. AI features inside AutoDiag (photo analysis, voice transcription, estimate drafting) send the relevant input to our AI providers (Anthropic, OpenAI) for processing only; those providers are bound by data-processing agreements not to retain or train on AutoDiag inputs.

4. With whom we share information

We share data only with the following categories of third parties, and only as needed to deliver the service:

Your repair shop: if you are a vehicle owner, your shop sees your contact info, vehicle history, and any messages you've exchanged. We do not share your data across shops.
Infrastructure providers: Supabase (database + auth), Cloudflare (hosting + DNS), Stripe (payments), Twilio (SMS), Resend (email), Anthropic and OpenAI (AI processing). Each is bound by their own data-processing terms; we use them as data processors, not data brokers.
Vehicle data sources: NHTSA vPIC (for VIN decoding), NHTSA Recalls (for recall notifications), CARFAX (for vehicle history, only if the shop has subscribed) — these receive only the VIN or vehicle identifiers needed to look up public information.
Legal obligations: we may disclose data when required by valid legal process (subpoena, court order, government request) or to protect our rights, safety, or property.

We do not sell, rent, or trade personal data to advertisers, data brokers, or marketing platforms.

5. How long we keep your data

Active shop and vehicle owner accounts: retained as long as the account is active
Repair orders, invoices, and payment records: retained 7 years for tax and warranty purposes
SMS opt-in records: retained for at least 4 years to comply with TCPA recordkeeping
Audit logs (security): retained 12 months
Deleted accounts: anonymized within 30 days of deletion request; backups purged within 90 days

6. Your rights

You may at any time:

Request a copy of the personal data we hold about you
Ask us to correct inaccurate data
Ask us to delete your data (subject to legal retention obligations described above)
Opt out of SMS by replying STOP to any message, or out of email by clicking the unsubscribe link
Request that we stop using your data for any non-essential purpose

To exercise these rights, email [email protected] with the request and the email or phone number associated with your account. We will respond within 30 days.

7. Security

We use industry-standard practices: data encrypted in transit (TLS 1.2+) and at rest (AES-256 on Supabase), row-level access control so each shop sees only its own data, two-factor authentication available on all accounts, and audit logging on sensitive actions. No system is perfectly secure; if we discover a breach affecting your data we will notify you within 72 hours as required by applicable law.

8. Children

AutoDiag is not directed at children under 16 and we do not knowingly collect data from them. If you believe a child has provided us with personal data, email [email protected] and we will delete it promptly.

9. International users

AutoDiag is operated from the United States. If you access the Service from outside the US, your data will be transferred to and processed in the US. We rely on standard contractual clauses where required by EU/UK data protection law.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or by notice in the Owner App at least 30 days before taking effect.

11. Contact

Questions about this policy or your data:

Email: [email protected]
Phone: +1 (561) 843-1993
Mail: AutoDiag, 3601 NE 207th Street, Suite 1310, Aventura, FL 33180, USA