Privacy Policy

Last updated: February 2026

CarDiag AI Pro ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our vehicle diagnostic and fleet management platform, including our mobile applications (iOS and Android), desktop applications (Windows, macOS, and Linux), and web services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Name and email address
  • Password (stored in securely hashed form)
  • Account preferences and settings
  • Subscription tier and payment history

1.2 Vehicle Data

To provide diagnostic and fleet management services, we collect:

  • Vehicle identification details (make, model, year, VIN)
  • Mileage and odometer readings
  • OBD-II diagnostic trouble codes (DTCs) and scan results
  • Vehicle health scores and diagnostic history

1.3 Diagnostic and Maintenance Data

We collect information related to your vehicle maintenance and diagnostics:

  • Diagnostic scan results and error code analyses
  • Maintenance records (service type, date, cost, notes)
  • Smart Analysis session data and conversation history
  • Upcoming and overdue maintenance alerts

1.4 Trip Data

If you use trip tracking features, we collect:

  • Trip start and end times
  • Distance traveled and fuel consumption data
  • Route data (GPS coordinates during trips)
  • Average speed and driving statistics

1.5 Usage and Device Data

We automatically collect certain information when you use the Service:

  • Device type, operating system, and app version
  • Firebase Cloud Messaging (FCM) tokens for push notifications
  • Feature usage patterns and interaction data
  • Error logs and crash reports for service improvement

1.6 Payment Information

We do not directly collect or store your credit card or bank account information. Payments are processed through:

  • Apple App Store (iOS in-app purchases)
  • Google Play Store (Android in-app purchases)
  • Stripe (desktop application payments)

We store transaction identifiers and subscription status for record-keeping purposes only.

2. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the Service — including vehicle diagnostics, maintenance tracking, trip logging, and fleet management features
  • Power Smart Analysis features — your vehicle data and diagnostic codes are processed through our analysis engines to provide intelligent insights and recommendations
  • Manage your account — including authentication, subscription management, and user preferences
  • Send notifications — such as maintenance reminders, achievement updates, and important service announcements
  • Process payments — validate in-app purchases and manage subscription billing
  • Improve our Service — analyze usage patterns to enhance features, fix bugs, and optimize performance
  • Ensure security — detect, prevent, and address technical issues, fraud, and unauthorized access
  • Comply with legal obligations — respond to lawful requests and protect our legal rights

3. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties.

We may share your information in the following limited circumstances:

3.1 Third-Party Service Providers

We use trusted third-party services to operate the platform:

  • Analysis Engine Providers (e.g., OpenAI, Google Gemini) — vehicle diagnostic data and user queries are sent to these providers to power Smart Analysis and Smart Assistant features. Data is sent in accordance with their respective privacy policies and data processing agreements.
  • Payment Processors (Apple, Google, Stripe) — for secure payment processing. We never handle your raw payment credentials.
  • Advertising Partners (Google AdMob, Unity Ads) — for free-tier users only, to serve relevant advertisements. Premium and Pro subscribers are never shown ads.
  • Push Notification Services (Firebase Cloud Messaging) — to deliver timely notifications to your device.

3.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency).

3.3 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Service of any change in ownership.

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. Specific retention periods include:

  • Account data — retained until you delete your account
  • Vehicle and diagnostic data — retained for the lifetime of your account
  • Smart Analysis conversations — retained for the lifetime of your account, with the ability to delete individual sessions
  • Subscription audit records — retained for up to one year for compliance and dispute resolution
  • Push notification tokens — automatically pruned after 90 days of inactivity
  • Read notifications — automatically deleted after 90 days

5. Your Rights and Choices

We respect your data privacy rights. Depending on your jurisdiction, you may have the following rights:

5.1 Data Export

You can request a complete export of your personal data (including vehicle data, diagnostic history, trips, and maintenance records) directly from the application. Exports are delivered in a machine-readable format.

5.2 Account Deletion

You can request the deletion of your account and all associated data at any time through the application settings. Upon deletion:

  • Your account will be soft-deleted and scheduled for permanent removal
  • All personal data, vehicle records, diagnostic history, trips, maintenance records, Smart Analysis sessions, subscriptions, and achievements will be permanently erased
  • Subscription audit events associated with your account will be cleaned up
  • This action is irreversible once the deletion is processed

5.3 GDPR Rights (European Economic Area)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including:

  • Right of access — request a copy of your personal data
  • Right to rectification — correct inaccurate personal data
  • Right to erasure — request deletion of your personal data
  • Right to restrict processing — limit how we use your data
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to the processing of your personal data

To exercise any of these rights, please contact us at the email address provided below.

5.4 Push Notifications

You can manage your notification preferences within the app settings or disable push notifications through your device's operating system settings.

5.5 Ad Preferences

Free-tier users see advertisements. You can upgrade to a Premium or Pro subscription to remove all ads. You may also adjust your ad personalization settings through your device's privacy settings (e.g., App Tracking Transparency on iOS).

6. Cookies and Local Storage

Our Service uses the following technologies to store data locally:

  • Session cookies — used for admin panel authentication and maintaining your session state on the web interface
  • CSRF tokens — used to protect against cross-site request forgery attacks on web forms
  • SharedPreferences / Local Storage — the mobile and desktop applications store authentication tokens, language preferences, and cached settings locally on your device
  • Hive local database — the desktop application may cache subscription status locally for up to 24 hours (the server remains authoritative)

We do not use third-party tracking cookies. Any cookies set by advertising SDKs (AdMob, Unity Ads) are governed by their respective privacy policies and only apply to free-tier users.

7. Data Security

We implement robust security measures to protect your data, including:

  • Encryption at rest — sensitive credentials (including analysis engine API keys and advertising IDs) are encrypted using AES-256 encryption
  • Encryption in transit — all communications between the app and our servers use HTTPS/TLS
  • Password security — passwords are hashed using bcrypt with automatic salting
  • Token-based authentication — API access is secured with Laravel Sanctum tokens
  • Rate limiting — login attempts, API requests, and sensitive operations are rate-limited to prevent abuse
  • Idempotency protection — critical operations (purchases, webhook processing) are protected against duplicate processing
  • Webhook verification — all incoming webhooks (Apple, Google, Stripe) are cryptographically verified
  • Server-side receipt validation — in-app purchases are validated directly with Apple and Google servers to prevent fraud
  • Circuit breaker pattern — external service failures are isolated to prevent cascading issues

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to implementing industry-standard protections.

8. Children's Privacy

The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will promptly delete that information. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from your jurisdiction. When we transfer data internationally, we take appropriate safeguards to ensure your information remains protected in accordance with this Privacy Policy.

Specifically, vehicle diagnostic data processed through our Smart Analysis features may be transmitted to servers operated by our analysis engine providers (e.g., OpenAI in the United States, Google in various global locations).

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated policy on this page with a new "Last updated" date
  • Sending a push notification or email for significant changes

Your continued use of the Service after any modifications indicates your acceptance of the updated Privacy Policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

CarDiag AI Pro — Privacy Team

Email: privacy@cardiag.app

Website: https://pixcodehub.xyz

We will respond to your inquiry within 30 days. For GDPR-related requests from EEA residents, we will respond within the legally required timeframe.