Privacy Policy

1. Introduction

AI Mechanic Ltd, trading as AI Mechanic ("we", "us", "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered vehicle diagnostic service.

We are registered in the United Kingdom and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Account Information

• Name and email address
• Password (securely hashed)
• Subscription tier and billing information
• Account preferences and settings

2.2 Vehicle Data

• Vehicle registration numbers (VRM) for DVLA lookups
• Vehicle make, model, year, and specifications
• Diagnostic trouble codes (DTCs) and fault information
• Service history and repair records you provide

2.3 Diagnostic Data

• AI conversation history and diagnostic queries
• Symptom descriptions and diagnostic responses
• Feedback ratings and comments

2.4 Technical Data

• IP address and browser information
• Device type and operating system
• Usage patterns and feature interactions

3. How We Use Your Information

We use your information for the following purposes:

• Service Delivery: To provide AI-powered diagnostic assistance and vehicle lookups
• Account Management: To manage your subscription, process payments, and provide customer support
• Service Improvement: To analyse usage patterns and improve our AI diagnostic accuracy
• Communication: To send service updates, security alerts, and marketing communications (with consent)
• Legal Compliance: To comply with legal obligations and protect our rights

4. Legal Basis for Processing

Under UK GDPR, we process your data based on:

• Contract: Processing necessary to provide our services to you
• Consent: Where you have given explicit consent (e.g., marketing emails)
• Legitimate Interest: For service improvement and fraud prevention
• Legal Obligation: Where required by law

5. Data Sharing and Third Parties

We share your data with the following third parties:

• Stripe: Payment processing (PCI-DSS compliant)
• DVLA: Vehicle registration lookups (UK government service)
• Cloud Providers: Secure data storage and hosting

We do not sell your personal data to third parties.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Specifically:

• Account data: Retained until account deletion
• Diagnostic conversations: Retained for 24 months for service improvement
• Payment records: Retained for 7 years for legal compliance
• Usage logs: Retained for 12 months

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at [email protected]

8. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure password hashing using industry-standard algorithms
• Regular security audits and vulnerability assessments
• Access controls and employee data protection training

9. International Data Transfers

Your data is primarily processed within the United Kingdom. Where data is transferred outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the Information Commissioner's Office (ICO).

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through our service. Continued use of AI Mechanic after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at: