Privacy Policy

Effective Date: 1 December 2025
Last Updated: 1 December 2025

1. Introduction

AI Mechanic ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service at www.aimechanic.uk.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

AI Mechanic is the data controller responsible for your personal data. For data protection inquiries, contact us at: [email protected]

3. Information We Collect

3.1 Information You Provide

  • Account Information: Email address, password (hashed), name
  • Payment Information: Processed by Stripe (we do not store card details)
  • Vehicle Data: VRM (registration marks), vehicle makes/models searched
  • Diagnostic Data: Fault codes, AI conversation history, repair questions
  • Support Inquiries: Messages sent to our support team

3.2 Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent on Service
  • Device Information: IP address, browser type, operating system
  • Cookies: Session tokens, authentication, preferences (see Section 7)
  • Analytics: Aggregated usage statistics (anonymized)

3.3 Third-Party Data

  • DVLA API: Vehicle registration data (make, model, year, MOT status)
  • Google OAuth: Email address, name, profile picture (if you sign in with Google)

4. How We Use Your Information

We use your data for the following purposes:

4.1 Service Provision

  • Create and manage your account
  • Process AI diagnostic requests
  • Retrieve vehicle information via VRM lookups
  • Generate PDF reports
  • Save and retrieve diagnostic cases (PROFESSIONAL tier)

4.2 Billing and Payments

  • Process subscription payments via Stripe
  • Send payment receipts and invoices
  • Manage subscription upgrades/downgrades/cancellations

4.3 Communication

  • Send account verification emails
  • Send service updates and important notices
  • Respond to support inquiries
  • Send quota warnings (e.g., approaching usage limits)

4.4 Service Improvement

  • Improve AI diagnostic accuracy
  • Identify and fix bugs
  • Analyze usage patterns to enhance features
  • Train AI models with anonymized diagnostic data

4.5 Legal Compliance

  • Comply with legal obligations
  • Prevent fraud and abuse
  • Enforce our Terms of Service

5. Legal Basis for Processing (UK GDPR)

We process your personal data under the following legal bases:

  • Contract Performance: To provide the Service you subscribed to (Art. 6(1)(b))
  • Legitimate Interests: To improve our Service and prevent fraud (Art. 6(1)(f))
  • Consent: For marketing communications (you can opt out anytime)
  • Legal Obligation: To comply with UK tax and accounting laws (Art. 6(1)(c))

6. Data Sharing and Disclosure

We do NOT sell your personal data. We share data only in the following circumstances:

6.1 Service Providers

  • Stripe: Payment processing (see Stripe Privacy Policy)
  • DVLA: Vehicle registration lookups (public data)
  • Resend: Transactional email delivery
  • Cloudflare: CDN and security services

6.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights and safety.

6.3 Business Transfers

If AI Mechanic is acquired or merged, your data may be transferred to the new owner.

7. Cookies and Tracking

We use cookies for:

  • Essential Cookies: Authentication, session management (required)
  • Analytics Cookies: Usage statistics (optional, consent required)
  • Preference Cookies: Theme settings, language preferences

You can manage cookie preferences via our cookie consent banner or your browser settings. See our Cookie Policy for details.

8. Data Retention

We retain your data for the following periods:

  • Active Accounts: Retained while your account is active
  • Deleted Accounts: Personal data deleted within 30 days of account deletion
  • Diagnostic History: Retained for 12 months after account deletion (for dispute resolution)
  • Payment Records: Retained for 7 years (UK tax law requirement)
  • Anonymized Analytics: Retained indefinitely (cannot identify you)

9. Your Data Protection Rights (UK GDPR)

Under UK GDPR, you have the following rights:

  • Right to Access: Request a copy of your personal data (free of charge)
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data (subject to legal retention requirements)
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for marketing communications

To exercise these rights, email us at [email protected]. We will respond within 30 days.

10. Data Security

We implement industry-standard security measures:

  • Encryption: HTTPS/TLS for data in transit, bcrypt for password hashing
  • Access Controls: Role-based access, principle of least privilege
  • Secure Infrastructure: Firewalls, regular security updates
  • Payment Security: PCI-DSS compliant (via Stripe)
  • Monitoring: Automated alerts for suspicious activity

Important: No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11. International Data Transfers

Your data is primarily stored and processed in the United Kingdom. Some service providers (e.g., Stripe, Cloudflare) may process data outside the UK/EEA. We ensure adequate safeguards are in place, such as Standard Contractual Clauses (SCCs).

12. Children's Privacy

AI Mechanic is not intended for users under 16 years of age. We do not knowingly collect personal data from children. If we discover we have collected data from a child, we will delete it immediately. If you believe a child has provided us with personal data, contact us at [email protected].

13. Third-Party Links

Our Service may contain links to third-party websites (e.g., parts suppliers, manufacturer manuals). We are not responsible for the privacy practices of these sites. Please review their privacy policies before providing personal data.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

For significant changes, we will notify you via email or a prominent notice on our website.

15. Contact Us

For questions about this Privacy Policy or to exercise your data protection rights, contact us at:

Email: [email protected]
Website: https://www.aimechanic.uk

16. Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Website: https://ico.org.uk
Phone: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

© 2025 AI Mechanic. All rights reserved.