RepairM8 - Fast Auto Repair Quotes from Verified Shops Near You

1. Information We Collect

Account Information

• Email address and password (encrypted)
• Full name and contact information
• Phone number (verified via SMS)
• Physical address for service locations
• Date of birth (to verify age requirements)
• Profile photos you upload

Vehicle Information

• Vehicle make, model, year, and trim
• Vehicle Identification Number (VIN)
• License plate number
• Mileage and service history
• Photos of vehicle issues

Service Request Data

• Service categories and descriptions
• Location preferences and search radius
• Preferred scheduling times
• Budget ranges
• Communication with automotive shops
• Quote history and decisions

Payment Information

• Payment card details (processed and stored by Stripe - we never see full card numbers)
• Billing name and address
• Transaction history and amounts
• Refund and dispute records
• Tax identification information (for shops)

Technical Information

• IP address and approximate location
• Device type, operating system, and browser
• Unique device identifiers
• Usage patterns and feature interactions
• Cookies and local storage data
• Log files and error reports
• Analytics and performance data

Communication Data

• Messages between customers and shops
• Customer service interactions
• Feedback and reviews
• Phone call logs (not recordings)
• SMS message history

2. How We Use Your Information

• Service Delivery: Connect you with automotive service providers and process service requests
• Payment Processing: Handle transactions, platform fees, and refunds
• Communication: Send service updates, quotes, confirmations, and important notices
• Account Management: Maintain your account, verify identity, and provide support
• Safety & Security: Detect fraud, verify shops, prevent abuse, and protect users
• Platform Improvement: Analyze usage patterns, fix bugs, and develop new features
• Personalization: Customize your experience and provide relevant recommendations
• Marketing: Send promotional content (with your consent and opt-out option)
• Legal Compliance: Meet regulatory requirements and respond to legal requests
• Dispute Resolution: Investigate and resolve conflicts between users

3. Information Sharing and Disclosure

With Automotive Service Providers

When you submit a service request, we share necessary information with matching shops:

• Your name and contact information
• Vehicle details and service requirements
• Service location (approximate until quote accepted)
• Photos and descriptions of issues
• Preferred scheduling times

With Third-Party Service Providers

• Stripe: Payment processing (PCI-DSS compliant)
• Twilio: SMS verification and notifications
• SendGrid/Resend: Transactional email delivery
• Google Maps: Location services and address validation
• Supabase: Database and authentication services
• Vercel: Platform hosting and CDN
• Amazon S3: Secure file storage

Legal Disclosures

We may disclose information when required by law or to:

• Comply with legal process or government requests
• Enforce our Terms of Service
• Protect rights, property, or safety of RepairM8 and users
• Investigate fraud or security issues
• Respond to emergency situations

Business Transfers

If RepairM8 is acquired, merged, or sells assets, your information may be transferred as part of that transaction. We will notify you via email and platform notice before your information is transferred and becomes subject to a different privacy policy.

4. Data Security

Security Measures We Implement:

• Encryption: TLS/SSL for data in transit, AES-256 for data at rest
• Authentication: Secure password hashing (bcrypt) and two-factor authentication
• Access Control: Role-based permissions and principle of least privilege
• Monitoring: 24/7 security monitoring and intrusion detection
• Compliance: PCI-DSS for payments, SOC 2 Type II practices
• Testing: Regular security audits and penetration testing
• Training: Employee security awareness and data handling protocols
• Incident Response: Established breach response procedures

While we implement industry-standard security, no system is 100% secure. We cannot guarantee absolute security but commit to protecting your data with best practices.

5. Data Retention

How Long We Keep Your Data:

• Active Account Data: Duration of account plus 90 days after closure
• Transaction Records: 7 years (IRS and legal requirements)
• Service Communications: 3 years from last interaction
• Marketing Preferences: Until opt-out plus 30 days
• Security Logs: 1 year
• Cookies: Session to 1 year depending on type
• Dispute Records: 7 years after resolution
• Legal Holds: As required by legal process

We may retain certain anonymized data indefinitely for analytics and platform improvement.

6. Your Privacy Rights

You Have the Right To:

• Access: Request a copy of all personal data we hold about you
• Correction: Update or correct any inaccurate information
• Deletion: Request deletion of your personal data ("right to be forgotten")
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Limit how we process your information
• Object: Opt-out of certain uses like marketing
• Withdraw Consent: Change permissions you've previously granted
• Non-Discrimination: Not be treated differently for exercising privacy rights

To exercise these rights, email privacy@repairm8.com or call 1-800-REPAIR8. We will respond within 30 days.

7. Cookies and Tracking Technologies

Types of Cookies We Use

• Essential Cookies: Required for platform functionality (login, security, preferences)
• Performance Cookies: Help us understand usage patterns and improve performance
• Functionality Cookies: Remember your preferences and personalize experience
• Analytics Cookies: Google Analytics, Mixpanel for usage insights (optional)
• Marketing Cookies: Deliver relevant ads and measure campaigns (optional)

Managing Cookies

You can control cookies through:

• Browser settings (block or delete cookies)
• Our cookie consent banner (select preferences)
• Platform settings (opt-out of non-essential cookies)
• Third-party opt-out tools (Google Ad Settings, NAI Opt-Out)

Note: Blocking essential cookies may prevent platform features from working properly.

8. California Privacy Rights (CCPA)

Additional Rights for California Residents:

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information (with some exceptions)
• Right to opt-out of sale of personal information
• Right to non-discrimination for exercising privacy rights
• Right to correct inaccurate personal information
• Right to limit use of sensitive personal information

Important: We DO NOT sell personal information to third parties.

California residents can make requests by calling 1-800-REPAIR8 or emailing privacy@repairm8.com. Authorized agents must provide written authorization.

9. Data Breach Notification

Our Commitment in Case of a Breach:

• Notification Timeline: Within 72 hours of discovery
• Notification Methods: Email and SMS to affected users
• Information Provided: What happened, data involved, steps taken, recommendations
• Credit Monitoring: 12 months free if SSN or financial data compromised
• Regulatory Compliance: Notify authorities as required by law
• Public Disclosure: Website notice for large-scale breaches
• Investigation: Third-party forensic analysis and security improvements

We maintain cyber insurance and follow industry best practices for incident response.

10. Children's Privacy (COPPA)

Protection of Minors:

RepairM8 is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 13.

• Age verification required during registration
• Immediate deletion if we discover under-13 data collection
• Parental requests honored for data deletion
• No targeted marketing to minors

If you believe we have data from a child under 13, contact privacy@repairm8.com immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your own, particularly the United States where our servers are located.

• We ensure appropriate safeguards for international transfers
• Standard contractual clauses with international vendors
• Compliance with Privacy Shield principles where applicable
• Data localization where required by law

12. Third-Party Links and Services

Our platform may contain links to third-party websites, services, or apps. We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies before providing personal information.

13. Marketing Communications

How We Handle Marketing:

• Promotional emails only with explicit consent
• Easy unsubscribe link in every marketing email
• SMS marketing only with separate opt-in
• Frequency controls in account settings
• No sharing of email/phone for third-party marketing
• Transactional messages sent regardless of marketing preferences

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations.

• Material Changes: 30 days advance notice via email and platform banner
• Minor Changes: Updated immediately with "Last Updated" date change
• Continued Use: Using platform after changes means acceptance
• Review: Check this page periodically for updates

15. Contact Information

RepairM8 Privacy Team

📧 Email: privacy@repairm8.com

📞 Phone: 1-800-REPAIR8 (1-800-737-2478)

✉️ Mail: [Physical address to be provided]

🌐 Online: Privacy request form at repairm8.com/privacy

Response time: Within 30 days for privacy requests, 72 hours for urgent matters

Data Protection Officer: For complex privacy matters or appeals, contact our DPO at dpo@repairm8.com

Last updated: October 7, 2025

Effective date: October 7, 2025

Version: 1.0.0