Privacy Policy

Used Cars Doctor ("we," "our," "us") operates the web application and Progressive Web Application available at usedcarsdoctor.com. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

By using the Service, you consent to the practices described in this policy. If you do not agree, please discontinue use immediately. This policy applies to all platforms on which the Service is available, including the website, PWA, and any future mobile releases (e.g., Android via Google Play).

The Service provides AI-assisted decision support only. AI outputs, inspection scores, market estimates, and vehicle history summaries are not guarantees of a vehicle's condition, safety, legality, value, or history.

Account Data. When you register, we collect your name, email address, and a hashed password. If you sign in with Google, we receive your name, email address, and profile photo from Google.

Vehicle & Inspection Data. Information you enter about vehicles you are evaluating: make, model, year, VIN, mileage, asking price, inspection checklist responses, and notes.

Vehicle Images and Inspection Data. Images you upload during the AI photo inspection phase are transmitted to our AI provider (OpenAI) for analysis. See Section 5 for details. Uploaded images may incidentally contain information beyond the vehicle itself — including visible surroundings, license plates, reflections, or other content captured by the camera. You should avoid uploading images that contain personal, sensitive, or unrelated content that is not necessary for vehicle inspection purposes. We recommend focusing images on the vehicle and its condition.

AI Results. AI-generated findings, confidence scores, inspection summaries, risk scores, and related report content generated from your photos and inspection inputs.

Payment Data. If you purchase a premium report, payment is processed by Stripe. We do not store card numbers or full payment instrument details on our servers. We retain transaction records (amount, date, vehicle reference, and status) for billing and legal compliance.

Usage Data. Browser type, device type, IP address, pages visited, feature interactions, and general usage patterns collected to improve the Service.

Local Storage. Your authentication session is stored in browser localStorage on your device and persists across browser sessions until you explicitly sign out.

We use the information we collect to:

• Provide and operate the Service, including AI-assisted analysis features
• Generate decision-support inspection outputs, risk scores, and report summaries
• Process and confirm premium report purchases
• Authenticate your account and maintain session security
• Communicate with you about your account, purchases, or service changes
• Improve the accuracy, quality, and reliability of AI features
• Comply with applicable legal obligations and enforce our Terms of Service
• Detect and prevent fraud, abuse, or security incidents

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

We share data only with service providers essential to delivering the Service:

• Neon Technologies (neon.tech) — Database hosting. Your account, vehicle, and inspection data is stored in a Neon PostgreSQL instance. Data is hosted on AWS infrastructure in the EU.
• OpenAI — Your vehicle photos and relevant inspection context are submitted to the OpenAI API to generate AI analysis results. OpenAI processes this data subject to their own privacy policy and API usage policies.
• Stripe — Payment processing. Stripe handles all card data and payment flows. We share only the minimum information required to initiate and confirm transactions.
• Vehicle history data providers — When you purchase a premium vehicle history report, your vehicle's VIN is submitted to third-party vehicle history data partners to retrieve history records.
• Cloudflare (if applicable) — CDN, DNS management, and DDoS protection. Cloudflare may process request metadata (IP address, headers) as part of its network security services.
• Email delivery provider — Transactional emails (account verification, password reset, notifications) may be sent via a third-party email delivery service.

Each third-party provider processes data in accordance with their own privacy policies and data processing agreements. We are not responsible for the data practices of third-party systems beyond our reasonable control. We recommend reviewing the privacy policies of each provider if you have concerns about how your data is handled by those services.

We do not share your personal data with advertisers, data brokers, or unaffiliated third parties for any other purpose.

Uploaded vehicle images and associated vehicle data may be processed using AI-based services and third-party AI providers, including OpenAI. AI processing is used to generate inspection insights, risk indicators, defect flags, condition summaries, and related recommendations that form part of your inspection report.

The accuracy and quality of AI-generated results may depend on:

• The resolution, clarity, and focus of uploaded images
• Lighting conditions and camera angles at the time of capture
• The completeness and accuracy of vehicle data entered by the user
• The inherent capabilities and limitations of the AI model used

AI results are provided for informational and decision-support purposes only. They are not a professional inspection, certified assessment, or guarantee of any vehicle's condition, safety, value, or history. You should not rely solely on AI-generated results when making any vehicle-related decision.

Data submitted for AI processing is handled in accordance with the policies of the relevant AI provider. We transmit only the minimum data required to generate the requested analysis.

Your data is stored in a PostgreSQL database hosted by Neon Technologies on AWS infrastructure within the European Union. Data is encrypted in transit using TLS/SSL.

We implement reasonable technical and organizational security measures to protect your data, including access controls, environment separation, and secure key management. However, no digital system or method of electronic transmission over the Internet can guarantee absolute security. By using the Service, you acknowledge and accept this inherent risk.

In the event of a data breach that affects your rights and freedoms, we will notify you and the relevant supervisory authority as required by applicable law.

We retain your data for as long as necessary to fulfil the purposes described in this policy, including:

• Account functionality — maintaining your account, inspection history, and saved vehicle data while your account is active
• Report generation — retaining inspection results and summaries so you can access your reports
• Security and fraud prevention — retaining information needed to detect, investigate, and prevent misuse
• Service improvement — using aggregated or anonymised data to improve the quality and reliability of AI features
• Legal and compliance obligations — retaining records required by applicable accounting, tax, or regulatory law

Retention periods may vary depending on the type of data, the operational requirements of the Service, and applicable legal or technical constraints. We do not guarantee immediate or automatic deletion of all data upon account closure.

You may request deletion of your account and associated data at any time from the Account Deletion page or by contacting us (see Section 12). Payment transaction records may be retained for up to 7 years as required by applicable accounting and tax laws, even after account deletion.

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights regarding your personal data under the General Data Protection Regulation (GDPR) or equivalent legislation:

• Right of Access — Request a copy of the personal data we hold about you.
• Right to Rectification — Request correction of inaccurate or incomplete personal data.
• Right to Erasure — Request deletion of your personal data, subject to legal retention obligations and current system capabilities.
• Right to Restriction of Processing — Request that we restrict processing of your data in certain circumstances.
• Right to Data Portability — Receive your data in a structured, commonly used, machine-readable format, where technically supported.
• Right to Object — Object to processing based on legitimate interests or direct marketing.
• Right to Lodge a Complaint — Lodge a complaint with the relevant data protection supervisory authority in your jurisdiction.

To exercise any of these rights, contact us at the email address provided in Section 12. We will respond within the timeframe required by applicable law, and in any event within 30 days where technically and operationally feasible.

Where rights depend on specific technical capabilities, we will inform you of any limitations at the time of your request.

We use the following cookies and browser storage:

• Authentication cookie — A session token used to maintain your signed-in state.
• Language preference cookie — Stores your selected language (e.g., "en", "sr"). Expires after 365 days.
• Session storage — Used to store your authentication session data locally on your device. Cleared when the browser tab is closed.

We do not use advertising cookies, cross-site tracking cookies, or third-party analytics cookies. We do not use Google Analytics or similar tracking services.

The Service is not directed at individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us and we will take steps to delete such information promptly.

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the "Last updated" date at the top of this page and, where appropriate, by sending a notification to the email address associated with your account.

Your continued use of the Service after any changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this page periodically.

For privacy-related questions, data access requests, erasure requests, or complaints, please contact us:

• Email: contact@usedcarsdoctor.com
• Website: https://usedcarsdoctor.com