Privacy Policy

Your privacy matters

Learn how we protect your personal information and data.

Effective date: October 6, 2025
Entity: Autoist Inc. (California, USA)
Contact: privacy@autoist.com

This Privacy Policy explains how Autoist collects, uses, shares, and protects information. It applies to our websites, apps, APIs, and related services. By using the service you agree to this Policy.

1) Eligibility and audience

  • The service is intended for users 16 and older.
  • We do not knowingly collect data from children under 13. If we learn a user is under 13, we delete the account and data.

2) Summary

  • We collect account, usage, and vehicle data to run the service.
  • We use processors to operate features like storage, OCR, analytics, and crash reporting.
  • We do not sell personal information.
  • We do not share personal information for cross-context behavioral advertising.
  • We honor Global Privacy Control signals.
  • You can access, correct, delete, or export your data. You can limit use of sensitive personal information.

3) Notice at collection

Categories collected

  • Identifiers: name, email, account ID, device and browser identifiers.
  • Vehicle data: VIN, license plate image for OCR, decoded specs, recall status, ownership state, documents you upload.
  • Usage data: app events, telemetry, diagnostics, crash reports, feature flags.
  • Location: city and region for features like nearby comparables and maps. We do not collect precise GPS by default.
  • Inferences: short summaries or labels used to power product features.
  • Communications: support messages and chat prompts used to provide the service.

Sensitive personal information

  • Login credentials and security tokens.
  • We do not request government IDs, Social Security numbers, or full financial account numbers.

Sources

  • You and your devices.
  • Public and licensed sources, including NHTSA VIN recall data and market listings.
  • Service providers that support authentication, analytics, OCR, or hosting.

Purposes

  • Provide, secure, and improve the service.
  • Decode VINs, surface recalls, organize documents, and show comparables.
  • Operate chat features with citations.
  • Detect and prevent fraud or abuse.
  • Comply with legal obligations.

Retention

  • Account profile and Garage data: for the life of the account, then up to 24 months.
  • Plate images: deleted after OCR unless you save them.
  • Documents in the Glove Box: kept until you delete them or close your account.
  • Logs and diagnostics: up to 12 months.
  • Aggregated or de-identified data may be retained longer.

Sale or sharing

  • We do not sell personal information.
  • We do not share personal information for cross-context behavioral advertising.
  • If you ask us to send information to a third party, we share only with your direction and consent.

4) Teens 16 to 17

  • We do not sell or share teen personal information.
  • We do not use targeted advertising for users under 18.
  • Precise location is off by default for teens. You may opt in to enable it.
  • If a state law requires teen opt-in for certain processing, we will request explicit consent or keep that processing disabled.

5) How we use information

  • Create and manage accounts, authenticate users, and provide features.
  • Decode VINs and surface recall status for specific vehicles.
  • Store and organize vehicle documents in the Glove Box.
  • Show similar vehicles and market signals.
  • Provide chat responses with source citations.
  • Monitor performance, prevent fraud, and improve features.
  • Send service and transactional communications. Marketing only with your consent.

6) How we share information

Service providers

  • Cloud hosting, storage, OCR, analytics, crash reporting, content delivery, customer support.
  • Providers act as processors and may access data only to deliver their services.

Partners you choose

  • Dealers, repair shops, or offer providers, but only when you ask us to share. Their terms apply.

Legal and safety

  • To comply with law or valid legal process, or to protect people, property, and our service.

Business transfers

  • In a merger, acquisition, or asset sale, information may transfer subject to this Policy.

We do not allow third parties to collect personal information on our sites for their own advertising.

7) License plates, VINs, and DPPA

If plate features are offered, you may use them only for a permissible purpose under the Driver’s Privacy Protection Act and applicable state law. We do not disclose DMV records. We use plate images only to extract a VIN or to add your vehicle with your consent. We may restrict plate features by jurisdiction.

8) Cookies and similar technologies

We use cookies and SDKs for authentication, security, performance, and feature settings.

  • Browser controls allow you to manage cookies.
  • We honor Global Privacy Control signals as an opt-out of sale or sharing.

9) AI and model providers

  • Content you enter into chat or upload may be sent to model providers to generate responses or extract fields.
  • Providers act as processors under contract.
  • We do not permit third-party model providers to train their models on your data.
  • You can request exclusion from any model improvement workflows we control.

10) Data security

  • TLS 1.2 or higher for data in transit.
  • AES-256 encryption at rest for stored documents.
  • Least-privilege access, audit logging, and vendor security reviews.
    No system is perfectly secure. Report issues to security@autoist.com.

11) Data retention

We keep personal information only as long as needed for the purposes in this Policy, to comply with law, and to resolve disputes. See Section 3 for standard timeframes.

12) Your privacy rights

Depending on your location, you may have the following rights:

  • Access and portability: get a copy of your data.
  • Correction: fix inaccurate data.
  • Deletion: request deletion of personal information.
  • Opt out of sale or sharing: we do not sell or share, and we honor GPC.
  • Limit use of sensitive personal information: we use SPI only as needed to provide the service.
  • Appeal: if we deny a rights request, you may appeal.
  • Non-discrimination: you will not be penalized for exercising privacy rights.

How to exercise rights
Use the in-app Privacy Center or email privacy@autoist.com. We will verify your request. You may use an authorized agent as permitted by law.

13) California disclosures

  • This Policy serves as a Notice at Collection.
  • We disclose categories listed in Section 3 to service providers for business purposes.
  • We do not sell personal information.
  • We do not share personal information for cross-context behavioral advertising.
  • We do not use or disclose sensitive personal information beyond what is necessary to provide the service.
  • Minor eraser: California minors can request removal of their own posted content.
  • Metrics reporting will be published if required by California law.

Shine the Light
California residents can request information on certain disclosures for direct marketing. Send requests to privacy@autoist.com with “Shine the Light” in the subject line.

14) Other state disclosures

  • Colorado CPA effective updates October 1, 2025: we do not sell teen data and do not use targeted advertising for users under 18. Where opt-in is required, we will request explicit consent or keep the processing disabled.
  • Connecticut CTDPA: if we ever process users under 16, teen opt-in would be required for targeted advertising or sale. We currently serve 16+ and do not sell or share.
  • Virginia VCDPA: child processing rules apply to users under 13. We do not knowingly collect data from users under 13.

15) International users

We store and process data in the United States. If you access the service from outside the U.S., you consent to the transfer and processing of your information in the U.S.

16) Changes to this Policy

We may update this Policy. If changes are material, we will provide notice. Continued use after the effective date means you accept the changes.

17) How to contact us

privacy@autoist.com