Privacy Policy

1. Introduction and Scope

1.1 Who We Are

IQ Automotive Systems, LLC (doing business as "IQ Auto") ("we", "us", "our", or "Company") is a Delaware limited liability company that provides artificial intelligence-powered digital vehicle inspection audit services to independent automotive repair shops. Our principal place of business is located in the United States.

1.2 Purpose of This Policy

This Privacy Policy describes our practices regarding the collection, use, disclosure, retention, and protection of personal information and business data that we receive through our website, software-as-a-service platform, mobile applications, and related services (collectively, the "Services"). This policy applies to all users of our Services, including shop owners, administrators, technicians, and visitors to our website.

1.3 Acceptance of This Policy

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and our Terms of Service. If you do not agree with our practices, please do not use our Services.

1.4 Updates to This Policy

We reserve the right to modify this Privacy Policy at any time. Material changes will be communicated to you via email to your registered email address and/or through a prominent notice on our Services at least 30 days before the changes take effect. Your continued use of the Services after the effective date of any changes constitutes your acceptance of the revised policy. We maintain a version history of this policy available upon request.

2. Information We Collect

We collect information that you provide directly to us, information we obtain automatically when you use our Services, and information from third-party sources. The specific categories of information we collect depend on how you interact with our Services.

2.1 Information You Provide Directly

Account Registration Information

• Contact Information: Full name, email address, phone number (optional)
• Business Information: Shop name, business address, number of service bays, estimated monthly inspection volume
• Authentication Credentials: Password (encrypted using industry-standard bcrypt hashing with salt), multi-factor authentication settings, OAuth tokens (if using Google Sign-In)
• Account Preferences: Timezone, email notification preferences, language preferences

Payment and Billing Information

• Payment Data: Credit card information, billing address, tax identification numbers (processed and stored by our payment processor, Stripe, Inc.)
• Transaction History: Subscription tier, payment amounts, billing dates, invoice records
• Note: We do not store complete credit card numbers on our servers. Payment card data is tokenized and stored securely by Stripe in compliance with PCI DSS standards.

Integration Data

• Third-Party System Credentials: OAuth access tokens and refresh tokens for integrations with Tekmetric, Shop-Ware, QuickBooks, and other shop management systems
• Shop System Data: Shop ID, shop name, integration status, last synchronization timestamps

2.2 Inspection and Audit Data

Vehicle Inspection Information

• Vehicle Data: Year, make, model, VIN (Vehicle Identification Number), mileage, license plate (when provided)
• Inspection Reports: Complete digital vehicle inspection reports including photos, videos, technician notes, recommended services, labor times, parts pricing
• Service History: Prior service recommendations, completed repairs, declined services
• Technician Information: Technician names or IDs, inspection timestamps, certification levels (when available)

Customer Vehicle Owner Information (Limited)

• What We Collect: First name only, vehicle ownership information as it relates to inspection context
• What We Do NOT Collect: We do not collect or store vehicle owner full names, addresses, phone numbers, email addresses, social security numbers, driver's license numbers, or any other personally identifiable information about vehicle owners. Our service focuses on inspection quality, not customer data.

2.3 Automatically Collected Information

Usage and Log Data

• Device Information: IP address, browser type and version, device type, operating system, screen resolution
• Usage Analytics: Pages visited, features used, time spent on platform, navigation paths, button clicks, search queries
• Session Information: Login timestamps, session duration, geographic location (city/state level based on IP), user agent strings
• Performance Data: Page load times, API response times, error messages, crash reports

Cookies and Tracking Technologies

• Essential Cookies: Session cookies for authentication (iq_session), security tokens, CSRF protection tokens
• Functional Cookies: User preference storage, language settings, interface customization
• Analytics Cookies: Anonymous usage analytics, feature adoption tracking, conversion measurement (can be disabled in account settings)
• No Third-Party Advertising: We do not use cookies for advertising purposes or share cookie data with advertising networks

2.4 Information from Third-Party Sources

• Shop Management Systems: Inspection data, vehicle information, shop configuration data received through API integrations with Tekmetric, Shop-Ware, and other authorized systems
• OAuth Providers: Profile information (name, email, profile photo) when you authenticate using Google Sign-In
• Payment Processors: Payment confirmation, subscription status, failed payment notifications from Stripe

3. How We Use Your Information

We use the information we collect for the following business and commercial purposes. We limit our use of personal information to what is necessary, relevant, and reasonable given the purposes for which it was collected.

3.1 To Provide and Maintain Our Services

• Audit Processing: Analyze digital vehicle inspection reports using artificial intelligence to generate quality scores, identify completeness issues, verify accuracy against industry standards, and detect potential fraud patterns
• Report Generation: Create detailed audit reports with scores across six dimensions (completeness, accuracy, documentation, recommendations, professionalism, safety compliance)
• Quality Insights: Provide analytics on inspection quality trends, technician performance patterns, and shop-wide quality metrics
• Recommendations: Generate actionable improvement suggestions based on industry best practices (ASE, NHTSA, SAE standards)
• Fraud Detection: Identify patterns indicating over-recommendation, unnecessary services, pricing anomalies, or measurement manipulation
• Revenue Opportunities: Detect commonly missed service recommendations based on vehicle condition and industry standards

3.2 To Manage Your Account and Billing

• Create and maintain your user account
• Process payments and manage subscriptions
• Track audit usage against your subscription tier limits
• Send billing invoices and payment receipts
• Manage trial periods and subscription renewals
• Process refund requests and billing disputes

3.3 To Communicate With You

• Service Communications: Send audit completion notifications, daily quality summaries, weekly performance reports
• Account Management: Email verification, password reset instructions, multi-factor authentication codes, security alerts
• Customer Support: Respond to your inquiries, troubleshoot technical issues, provide onboarding assistance
• Product Updates: Announce new features, service improvements, and important platform changes
• Marketing (Optional): Send product tips, industry insights, and promotional offers (you can opt-out at any time)

3.4 To Improve and Develop Our Services

• Performance Optimization: Monitor system performance, identify bottlenecks, optimize processing speeds
• Feature Development: Analyze usage patterns to prioritize new features and improvements
• AI Model Training: Improve our audit algorithms using aggregated, anonymized inspection data (no personally identifiable information is used for training)
• Quality Assurance: Conduct internal audits of our audit accuracy, validate AI predictions against human expert review
• Bug Fixes: Identify and resolve technical issues, errors, and software defects

3.5 For Security and Fraud Prevention

• Detect and prevent unauthorized access to accounts
• Monitor for suspicious activity or security threats
• Enforce our Terms of Service and prevent abuse
• Conduct security audits and vulnerability assessments
• Investigate and respond to security incidents

3.6 For Legal Compliance and Protection

• Comply with applicable laws, regulations, and legal obligations
• Respond to legal processes (subpoenas, court orders, government requests)
• Protect our legal rights and defend against legal claims
• Enforce our Terms of Service and other agreements
• Maintain business records as required by law

4. Data Sharing, Disclosure, and Third-Party Processors

4.1 We DO NOT Sell Your Personal Data

Important Commitment: We do not and will never sell, rent, lease, or trade your personal information, business data, or inspection data to third parties for their marketing purposes or any other commercial purpose. This commitment applies regardless of whether you are a current customer, former customer, or trial user.

4.2 Third-Party Service Providers (Data Processors)

We share limited data with carefully vetted third-party service providers who perform services on our behalf. These providers are contractually obligated to use your information only for the specific purposes we authorize and must maintain appropriate security measures. We have executed Data Processing Agreements (DPAs) with all processors handling personal data.

AI and Machine Learning Providers

• OpenAI, Inc. - Primary AI audit processing engine. Processes anonymized inspection reports (vehicle data and technician notes) to generate quality scores. Does not receive shop names, customer names, or account information. Subject to OpenAI's Enterprise Data Processing Agreement.
• Anthropic PBC - Secondary AI validation and quality assurance. Processes anonymized inspection data for validation purposes. Subject to Anthropic's Commercial Terms and Data Processing Addendum.
• Data Anonymization: Before sending inspection data to AI providers, we remove all identifiers including shop names, technician names (replaced with IDs), customer names, and contact information.
• AI Training Opt-Out: By default, your data is NOT used to train third-party AI models. OpenAI and Anthropic have confirmed that data sent via API is not used for model training unless explicitly opted in (which we do not do).

Infrastructure and Hosting

• Vercel, Inc. - Web application hosting and serverless functions. Hosts our frontend application and API routes. Data stored in US data centers with SOC 2 Type II compliance.
• Supabase, Inc. - PostgreSQL database hosting, authentication services, and secure storage. All data encrypted at rest using AES-256. SOC 2 Type II certified.
• Redis Labs - Job queue management and caching. Stores temporary processing data only (no long-term personal data storage).

Payment Processing

• Stripe, Inc. - Payment card processing, subscription billing, and invoice management. PCI DSS Level 1 certified. We receive only tokenized payment references, never full card numbers. Subject to Stripe's Data Processing Agreement.

Communication Services

• Postmark (Wildbit, LLC) or SendGrid (Twilio Inc.) - Transactional email delivery for audit notifications, account emails, and reports. Receives email addresses and message content only. No promotional tracking pixels included in our emails.

Analytics and Monitoring (Anonymous)

• Internal Analytics Only: We use self-hosted analytics to track feature usage and platform performance. We do not use Google Analytics, Facebook Pixel, or other third-party advertising analytics.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to the successor entity. We will provide notice via email and prominent website notification at least 30 days before any such transfer, and you will have the option to delete your account before the transfer occurs.

4.4 Legal Compliance and Protection

We may disclose your information when we believe in good faith that disclosure is necessary to:

• Comply with applicable laws, regulations, or legal processes (subpoenas, court orders, government requests)
• Enforce our Terms of Service or other agreements
• Protect the rights, property, or safety of IQ Auto, our users, or the public
• Detect, prevent, or address fraud, security, or technical issues
• Defend against legal liability or claims

We will notify you of legal demands for your information unless prohibited by law or court order. We review all requests for legal sufficiency and will challenge overbroad or improper requests.

4.5 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so, such as when you authorize integration with a third-party shop management system.

4.6 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you or your business. For example, we may publish industry benchmarks like "average inspection completeness score across all shops" or "common missed inspection items in brake services." This data does not include shop names, locations, or any identifying information.

5. Data Security Measures

We implement industry-standard technical, administrative, and physical security measures to protect your information from unauthorized access, alteration, disclosure, or destruction. While no system is 100% secure, we continuously work to protect your data.

5.1 Technical Security Measures

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3 (Transport Layer Security) with perfect forward secrecy
• Encryption at Rest: All database data is encrypted at rest using AES-256 encryption. Sensitive fields (passwords, OAuth tokens) receive additional encryption layers.
• Password Security: User passwords are hashed using bcrypt with computationally expensive salt rounds (never stored in plain text)
• Multi-Factor Authentication: Optional email-based MFA with backup recovery codes for enhanced account protection
• Session Management: Secure HTTP-only cookies with SameSite protection, 30-day expiration, automatic cleanup of expired sessions
• API Security: Rate limiting, request validation, CSRF protection, OAuth 2.0 for third-party integrations

5.2 Access Controls

• Role-Based Access: Employees and contractors have access only to data necessary for their job functions
• Principle of Least Privilege: Access rights are granted at the minimum level required
• Authentication Requirements: All internal access requires strong authentication with 2FA mandatory for administrative functions
• Access Logging: All access to production systems and customer data is logged and monitored
• Regular Access Reviews: Quarterly reviews of access permissions with immediate revocation upon employee departure

5.3 Infrastructure Security

• Secure Development: Code reviews, security testing, dependency scanning, static analysis
• Vulnerability Management: Regular security assessments, penetration testing, bug bounty program
• Incident Response: Documented incident response plan with 24-hour notification commitment for data breaches
• Data Isolation: Logical data separation between customers using row-level security policies
• Backup Security: Encrypted backups stored in geographically separate regions with restricted access

5.4 Employee and Contractor Security

• Background checks for employees with data access
• Confidentiality and non-disclosure agreements
• Annual security awareness training
• Secure workstation requirements (disk encryption, screensavers, VPN)

5.5 Security Incident Notification

In the event of a data breach that affects your personal information, we will notify you within 72 hours of discovering the breach (or sooner if required by applicable law). Notification will include the nature of the breach, types of data affected, steps we are taking to address it, and recommended actions you should take to protect yourself.

6. Data Retention and Deletion

We retain your information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

6.1 Retention Periods by Data Type

• Active Account Data: Retained while your account remains active and in good standing
• Inspection Audit Data: Retained for the duration of your subscription plus 30 days after cancellation (to allow for account reactivation)
• Billing Records: Retained for 7 years after final transaction to comply with tax and accounting requirements
• Communication Logs: Email correspondence retained for 3 years for customer support reference
• Usage Analytics: Aggregated analytics retained indefinitely; individual session logs deleted after 90 days
• Security Logs: Access logs, authentication logs, and security events retained for 1 year

6.2 Account Deletion Process

When you request account deletion or your account is terminated:

• Immediate Actions: Account disabled, login access revoked, active sessions terminated
• 30-Day Grace Period: Your data is retained for 30 days in case you change your mind or wish to reactivate
• Permanent Deletion: After 30 days, all personally identifiable information and inspection data is permanently deleted from production databases
• Backup Retention: Data may persist in encrypted backups for up to 90 days for disaster recovery purposes, after which it is automatically purged
• Legal Holds: If your data is subject to a legal hold, preservation order, or ongoing investigation, deletion will be delayed until the legal obligation is lifted

6.3 Data Deletion Verification

Upon request, we will provide written confirmation that your data has been deleted, including the deletion date and scope of deletion. Note that some anonymized, aggregated data derived from your account may be retained for analytical purposes but cannot be used to identify you or your business.

7. Your Privacy Rights and Choices

You have certain rights regarding your personal information. The availability and scope of these rights may depend on your location and applicable law.

7.1 Rights Available to All Users

Right to Access

You have the right to request access to the personal information we hold about you. You can access most of your information directly through your account dashboard. For a complete copy of all your data, contact us at privacy@iqauto.io. We will respond within 30 days and provide your data in a structured, commonly used, machine-readable format (JSON or CSV).

Right to Correction

You have the right to correct inaccurate or incomplete personal information. You can update most information directly in your account settings. For data you cannot update yourself, email us at privacy@iqauto.io with the corrections needed.

Right to Deletion

You have the right to request deletion of your personal information. You can delete your account through Settings → Account Actions → Delete Account. Upon deletion, your data will be removed according to our deletion process described in Section 6.2. Note that we may retain certain information as required by law or for legitimate business purposes (such as billing records).

Right to Data Portability

You have the right to export your audit reports, inspection data, and account information in a portable format (CSV, JSON, PDF). Export functionality is available in your dashboard under Settings → Export Data.

Right to Opt-Out of Marketing

You can opt-out of marketing emails at any time by clicking the "unsubscribe" link in any marketing email or by updating your email preferences in account settings. Note that you will continue to receive transactional emails (audit notifications, billing receipts, security alerts) even if you opt-out of marketing.

Right to Opt-Out of Analytics

You can disable optional usage analytics and tracking in Settings → Preferences → Privacy Settings. Essential analytics required for security and service operation cannot be disabled.

7.2 How to Exercise Your Rights

To exercise any of these rights, you may:

• Use the self-service tools in your account settings
• Email us at privacy@iqauto.io with your request
• Submit a request through our support portal

We will verify your identity before processing rights requests. We may ask for additional information to confirm you are the account holder. We will respond to verified requests within 30 days (45 days for complex requests, with notice of extension).

8. Automated Decision-Making and AI Processing

8.1 Use of Artificial Intelligence

Our Services use artificial intelligence (AI) and machine learning to analyze vehicle inspection reports and generate quality audit scores. This involves automated decision-making that may significantly affect your business operations and customer relationships.

8.2 How AI Processing Works

• Input Data: We send anonymized inspection reports (vehicle data, service recommendations, photos, technician notes) to AI providers (OpenAI GPT-4o-mini and Anthropic Claude)
• Processing: AI models analyze inspections against our knowledge base of 54 inspection criteria, industry standards (ASE, NHTSA, SAE), and fraud detection patterns
• Output: AI generates quality scores (0-100), identifies issues, flags potential fraud, and provides improvement recommendations
• Human Oversight: While audits are generated automatically, you maintain full control over how you use the results. Audit scores are advisory only and do not automatically trigger any actions.

8.3 Your Rights Regarding Automated Decisions

• Right to Explanation: You can request an explanation of how a specific audit score was calculated
• Right to Human Review: You can request manual review of any audit by our team
• Right to Contest: You can dispute audit results you believe are inaccurate
• No Solely Automated Decisions: Audit scores are provided as recommendations only. All final decisions about your business operations remain under your exclusive control.

9. International Data Transfers

9.1 Data Storage Location

Our primary data storage and processing infrastructure is located in the United States. By using our Services, you acknowledge and consent to the transfer of your information to the United States and other countries where we, our affiliates, or our service providers maintain facilities.

9.2 European Union Users

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your personal data may be transferred to and processed in the United States, which may not provide the same level of data protection as your home country. We rely on the following legal mechanisms for such transfers:

• Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses with our service providers to ensure adequate protection for personal data transfers
• Adequacy Decisions: We rely on European Commission adequacy decisions where applicable
• Your Consent: By using our Services, you explicitly consent to the transfer of your data to the United States

9.3 Additional Safeguards

We implement supplementary measures to protect data transferred internationally, including encryption, access controls, and contractual commitments from service providers to comply with GDPR-equivalent standards.

10. GDPR Rights (European Union Users)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and equivalent local laws.

10.1 Legal Basis for Processing

We process your personal data under the following legal bases:

• Contractual Necessity: Processing necessary to perform our contract with you (providing audit services)
• Legitimate Interests: Our legitimate business interests in improving our services, preventing fraud, and ensuring security (balanced against your privacy rights)
• Consent: Your explicit consent for optional features (marketing emails, analytics)
• Legal Obligation: Compliance with laws and regulations (tax reporting, anti-fraud measures)

10.2 Your GDPR Rights

• Right of Access: Request a copy of your personal data we hold
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data under certain circumstances
• Right to Restriction of Processing: Request that we limit how we use your data
• Right to Data Portability: Receive your data in a portable format and transmit it to another service
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time (without affecting lawfulness of processing before withdrawal)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

10.3 Exercising GDPR Rights

To exercise any GDPR rights, email gdpr@iqauto.io with your request. We will respond within 30 days. For complex requests, we may extend this by an additional 60 days with notice. All requests are free of charge unless manifestly unfounded or excessive.

10.4 EU Representative

For EU data protection matters, you may contact our EU representative at: eu-representative@iqauto.io (to be appointed as required by GDPR Article 27).

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), effective January 1, 2023.

11.1 Categories of Personal Information We Collect

In the past 12 months, we have collected the following categories of personal information:

• Identifiers: Name, email address, phone number, IP address, account username
• Commercial Information: Subscription records, purchase history, payment transaction records
• Internet/Network Activity: Browsing history on our platform, interaction with our Services, usage analytics
• Professional Information: Business name, shop information, technician data
• Inferences: Quality trends, performance patterns derived from your use of our Services

11.2 Your California Rights

• Right to Know: Request disclosure of the categories and specific pieces of personal information we collect, use, disclose, and sell
• Right to Delete: Request deletion of your personal information (subject to certain exceptions)
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out of Sale/Sharing: We do not sell or share personal information, so this right is not applicable. If this changes, we will provide a "Do Not Sell My Personal Information" link.
• Right to Limit Sensitive Personal Information: We do not use or disclose sensitive personal information for purposes other than those permitted under CCPA
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

11.3 California "Shine the Light" Law

California Civil Code Section 1798.83 permits California residents to request certain information about disclosure of personal information to third parties for direct marketing. We do not disclose personal information to third parties for their direct marketing purposes.

11.4 Exercising California Rights

To exercise your CCPA rights:

• Call our toll-free number: 1-800-XXX-XXXX (to be established)
• Email: ccpa@iqauto.io
• Submit request through our website: [Privacy Request Form]

We will verify your identity using information you provided during account registration. We will respond within 45 days (90 days for complex requests with notice). You may designate an authorized agent to make requests on your behalf by providing written authorization.

11.5 Opt-Out Preference Signals

We honor opt-out preference signals such as Global Privacy Control (GPC) as required by California law. If we detect a GPC signal from your browser, we will treat it as a request to opt-out of the sale of personal information (though we do not sell data).

12. Additional State Privacy Rights

Residents of Colorado, Connecticut, Indiana, Kentucky, Montana, Oregon, Texas, Utah, and Virginia have privacy rights under their respective state laws, which are generally similar to CCPA rights. These include rights to access, delete, correct, and port your data, as well as opt-out of targeted advertising and profiling.

To exercise state-specific privacy rights, contact privacy@iqauto.io with your request.

13. Cookies and Tracking Technologies

13.1 Types of Cookies We Use

• Strictly Necessary Cookies: Required for authentication, security, and basic functionality. Cannot be disabled. Example: iq_session (authentication cookie)
• Functional Cookies: Remember your preferences and settings. Can be disabled but may affect functionality.
• Analytics Cookies: Help us understand how you use our Services to improve user experience. Can be disabled in account settings.

13.2 Cookie Management

You can control cookies through:

• Account Settings: Disable optional analytics cookies in Settings → Privacy
• Browser Settings: Most browsers allow you to refuse cookies or delete existing cookies. Note that disabling essential cookies will prevent you from using our Services.
• Do Not Track: We honor Do Not Track (DNT) signals for analytics cookies

13.3 Third-Party Cookies

We do not allow third-party advertising networks to place cookies on our website or Services. The only third-party cookies you may encounter are from our service providers (Stripe for payment processing, Google for OAuth login) when you explicitly use those features.

14. Children's Privacy

Our Services are intended for business use only and are not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@iqauto.io, and we will delete such information from our systems within 30 days.

15. Links to Third-Party Websites and Services

Our Services may contain links to third-party websites, services, or integrations (such as Tekmetric, Shop-Ware, QuickBooks). This Privacy Policy does not apply to those third-party services. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services before providing them with your information.

15.1 Third-Party Integrations

When you authorize integration with third-party shop management systems:

• You are granting us permission to access data from that system according to their terms of service
• That third party's privacy policy governs their handling of your data
• You can revoke integration access at any time through Settings → Integrations

16. Business-to-Business Data

Much of the information we collect relates to your business operations (shop name, technician performance, inspection quality metrics). This is business-to-business (B2B) data that may not be considered "personal information" under some privacy laws. However, we apply the same rigorous privacy and security protections to all data regardless of classification.

17. Changes to This Privacy Policy

17.1 Notification of Changes

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or service features. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Send an email notification to your registered email address
• Display a prominent notice on our Services
• Provide at least 30 days' notice before the changes take effect

17.2 Your Options

If you do not agree with changes to this Privacy Policy, you may terminate your account before the changes take effect. Your continued use of our Services after the effective date constitutes acceptance of the updated policy.

17.3 Version History

We maintain a version history of this Privacy Policy. Previous versions are available upon request at privacy@iqauto.io.

18. Contact Information and Data Protection Officer

18.1 General Privacy Inquiries

For questions about this Privacy Policy or our data practices:

• Email: privacy@iqauto.io
• Mail: IQ Automotive Systems, LLC
  Attn: Privacy Officer
  [Business Address]
  [City, State ZIP]
• Response Time: We respond to privacy inquiries within 5 business days

18.2 Data Subject Rights Requests

• GDPR Requests (EU): gdpr@iqauto.io
• CCPA Requests (California): ccpa@iqauto.io
• General Privacy Requests: privacy@iqauto.io

18.3 Data Protection Officer

Our Data Protection Officer is responsible for overseeing compliance with this Privacy Policy and applicable data protection laws:

• Email: dpo@iqauto.io

18.4 Supervisory Authority Contact

If you are located in the EU and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU supervisory authorities is available at: https://edpb.europa.eu/about-edpb/board/members_en

19. Dispute Resolution

We are committed to resolving privacy-related complaints fairly and promptly. If you have a concern:

1. Contact Us First: Email privacy@iqauto.io describing your concern. We will investigate and respond within 10 business days.
2. Escalation: If not satisfied, you may escalate to our Data Protection Officer at dpo@iqauto.io
3. Independent Review: For EU users, you may file a complaint with your supervisory authority. For US users, you may contact state attorney general offices.
4. Binding Arbitration: As a last resort, disputes may be resolved through binding arbitration as outlined in our Terms of Service (except where prohibited by law).

20. Specific Disclosures for California Residents

20.1 California Categories of Personal Information

The following table describes the categories of personal information we collect, sources, business purposes, and third-party sharing:

20.2 Sale or Sharing of Personal Information

We do not sell or share personal information as those terms are defined under California law. We have not sold or shared personal information in the past 12 months and do not have actual knowledge of selling or sharing personal information of minors under 16.

20.3 Retention Period

We retain each category of personal information for the periods described in Section 6.1. You may request specific retention information for your account by contacting privacy@iqauto.io.

21. Additional Legal Disclosures

21.1 No Sensitive Data Collection

We do not intentionally collect or process sensitive personal information including: Social Security numbers, driver's license numbers, passport numbers, financial account numbers, precise geolocation data, health/medical information, biometric data, genetic data, sexual orientation information, religious/philosophical beliefs, or union membership status.

21.2 User-Generated Content

Any information you voluntarily include in inspection reports, support tickets, or communications with us may be viewable by our support team and used to improve our Services. Do not include sensitive personal information in free-form text fields.

21.3 Account Credentials

You are responsible for maintaining the confidentiality of your account credentials (username, password, MFA codes). We will never ask for your password via email or phone. If you suspect unauthorized access to your account, immediately change your password and contact security@iqauto.io.

22. Policy Scope and Limitations

22.1 This Policy Does Not Apply To

• Information collected by third-party shop management systems (Tekmetric, Shop-Ware, etc.) before integration with our Services
• Employee or contractor data (covered by separate employment privacy notices)
• Information we process on behalf of enterprise clients under separate Data Processing Agreements
• Publicly available information or information you make publicly accessible

22.2 Accuracy of Information

You are responsible for ensuring the accuracy of information you provide to us. We rely on you to update your account information and notify us of any changes.