Privacy Policy

1. Information We Collect

Information You Provide

• Account Information: When you create an account, we collect your email address and password (stored securely via encryption). If you sign in with Apple or Google, we receive your name and email from those providers.
• Profile Information: You may choose to provide your name, username, bio, website, and profile photo.
• Vehicle Information: Information you provide about your vehicles, including year, make, model, trim, VIN, engine, license plate, mileage, color, photos, maintenance records, modifications, and journal entries.
• User Content: Comments, posts, questions, answers, feedback, and other content you share within the Service's community features.
• Payment Information: If you subscribe to CarJourney Pro, payment is processed by Stripe (web) or through Apple/Google via RevenueCat (mobile). We do not store your credit card number. We receive confirmation of your subscription status.

Information Collected Automatically

• Usage Data: Information about how you interact with the Service, including features used and time spent.
• Device Information: Device type, operating system, browser type, and push notification tokens (if you enable notifications).
• IP Address & User Agent: We collect your IP address and browser user-agent string for content moderation, security, and abuse prevention purposes. This data is stored in our moderation audit logs when content is flagged.
• Error & Performance Data: We use Sentry to capture application errors and performance metrics. With your consent (web only), Sentry may record anonymized session replays with all text masked and media blocked.
• Cookies & Local Storage: Our website uses cookies and local storage for authentication and, with your consent, for error monitoring. See our Cookie Policy for full details.

2. How We Use Your Information

Product Enhancement & Bug Troubleshooting: The primary purposes for which we use your data are to enhance the CarJourney product, improve user experience, troubleshoot technical issues, and ensure service reliability. All data collection and processing is done solely to provide, maintain, and improve the Service.

We use the information we collect to:

• Provide, maintain, and improve the Service
• Create and manage your account
• Enable community features (following, likes, comments, Q&A)
• Process vehicle lookups through third-party services
• Provide AI-powered features (document scanning, vehicle Q&A, recommendations, journal analysis)
• Process payments and manage subscriptions
• Send transactional emails (password resets, transfer requests, community notifications)
• Send push notifications (with your consent)
• Screen user-generated content for safety and policy compliance
• Monitor errors, diagnose issues, and improve performance
• Detect and prevent fraud, abuse, or violations of our Terms of Service
• Respond to your inquiries and support requests
• Comply with legal obligations

3. Cookies & Tracking Technologies

Our website uses cookies and similar technologies. Essential cookies (for authentication) are always active. Performance cookies (Sentry session replay, PostHog analytics) are only enabled with your consent via our cookie banner.

Our mobile app does not use cookies. It uses secure token storage (AsyncStorage) for authentication sessions.

You can manage your cookie preferences at any time using our cookie settings. Click the "Customize" button in the cookie banner, or use the "Cookie Preferences" link in the footer.

For detailed information about the specific cookies we use and how to manage them, please see our Cookie Policy.

4. Data Security

Blue Shed Digital LLC takes all reasonable efforts to keep your data secure. We implement industry-standard security measures including:

• Secure authentication via Supabase Auth
• Encrypted data transmission (HTTPS/TLS)
• Secure cloud storage for images and documents
• Row-level security policies on our database
• API rate limiting to prevent abuse
• Sensitive data filtering in error reports (tokens, PII removed before sending to Sentry)

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security. You acknowledge that you provide your information at your own risk.

5. Information Sharing

We may share your information in the following circumstances:

6. Your Rights & Choices

• Access & Portability: You can export all your data (profile, vehicles, maintenance logs, modifications, comments, and more) at any time from Settings → Export My Data. Data is delivered as CSV files in a ZIP archive via email.
• Rectification: You can update your profile information, vehicles, and records at any time through the Service.
• Erasure / Deletion: You can permanently delete your account and all associated data from Settings → Delete Account. You will be asked to type "DELETE" to confirm. All data is permanently removed, including profile information, vehicles, maintenance logs, modifications, photos, community posts, comments, questions, and answers. You may also request deletion by emailing support@carjourney.app. We will process requests within 30 days.
• Object / Restrict Processing: You may object to certain processing activities by contacting us at support@carjourney.app.
• Cookie Preferences: On our website, you can accept or reject non-essential cookies via our consent banner. See our Cookie Policy.
• Email Preferences: You can manage which email categories you receive (community and marketing emails) from Settings → Email Preferences. System emails (security, password resets) cannot be opted out of.
• Notifications: You can enable or disable push notifications in the Service settings or your device settings.
• Public/Private: You control whether your vehicles are visible to the community.
• Report Content: You can report inappropriate content, spam, or harassment directly within the Service using the flag icon on comments, questions, answers, and profiles.

7. European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following additional rights under the General Data Protection Regulation (GDPR):

• Legal Bases: We process your data based on: (a) your consent (e.g., optional cookies, marketing emails), (b) performance of our contract with you (providing the Service), (c) our legitimate interests (security, fraud prevention, service improvement), and (d) legal obligations.
• Right of Access: You may request a copy of the personal data we hold about you.
• Right to Rectification: You may request correction of inaccurate data.
• Right to Erasure: You may request deletion of your personal data.
• Right to Data Portability: You may request your data in a structured, machine-readable format (CSV export).
• Right to Object: You may object to processing based on our legitimate interests.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time (e.g., cookie preferences, email preferences).
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority.

International Data Transfers: Your data is processed and stored in the United States via our service providers. By using the Service, you consent to the transfer of your data to the United States, which may have different data protection laws than your country of residence.

To exercise any of these rights, contact us at support@carjourney.app. We will respond within 30 days.

8. California Users (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You may request details about the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.

Categories of Information Collected: Identifiers (email, username, IP address), commercial information (subscription status), internet activity (usage data, error logs), and user-generated content (vehicles, comments, questions).

To exercise your rights, contact us at support@carjourney.app or use the in-app data export and account deletion features.

9. Content Moderation

We use automated AI-powered systems (OpenAI Moderation API) to screen user-generated text and images for policy violations before or after publication. When content is flagged, we log the content, the moderation decision, a unique violation ID, and associated metadata (user ID, email, IP address, and user-agent) in our moderation audit trail for review and accountability. Flagged users receive a violation ID they can reference when contacting support@carjourney.app to appeal.

10. Data Retention

We retain your information for as long as your account is active or as needed to provide you services. If you delete your account, we will delete your information immediately, except where retention is required by law (e.g., financial transaction records). Moderation audit logs may be retained for up to 12 months after account deletion for abuse prevention.

11. Third-Party Services

The Service may contain links to or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through the Service.

12. Children's Privacy

CarJourney is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we learn that we have collected information from a child under the applicable age, we will delete that information promptly.

13. No Obligation to Use

Your use of CarJourney is entirely voluntary. There is no obligation to use this Service, create an account, or provide any information. If you do not agree with our privacy practices, please do not use the Service.

14. Disclaimer of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, BLUE SHED DIGITAL LLC SHALL NOT BE LIABLE FOR ANY UNAUTHORIZED ACCESS TO, OR ALTERATION, THEFT, OR DESTRUCTION OF YOUR DATA, WHETHER THROUGH ACCIDENT, FRAUDULENT MEANS, OR ANY OTHER METHOD. While we take reasonable efforts to secure your information, you acknowledge that no data transmission or storage system is completely secure.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy in the Service and, where appropriate, by email. Your continued use of CarJourney after such changes constitutes your acceptance of the updated policy.

16. Contact Us

If you have any questions about this Privacy Policy, our privacy practices, or wish to exercise your rights, please contact us at: