Privacy Policy
This page explains what data CarPIQ collects when you use the service, why, and how you stay in control. We follow a data-minimisation approach: by default your interactions are recorded anonymously and only with your consent.
1. Data controller
The data controller is [TO COMPLETE: legal entity], [TO COMPLETE: address]. For any question about your data: [TO COMPLETE: contact / DPO email].
2. Data we collect
With your consent, we record anonymous usage events: pages and screens viewed, funnel steps, criteria entered, vehicles viewed or added to the garage. These events are tied to a random anonymous identifier (stored on your device) and a temporary session identifier — never to your name, email or address, unless you create an account. We never sell any data.
3. Purposes and legal basis
Analytics data is used to improve the service (understand journeys, fix friction points). Aggregate statistics may be shared for business (B2B) purposes only in aggregated, anonymised form. The legal basis is your consent (GDPR art. 6.1.a), collected via the consent banner and revocable at any time.
4. Your consent choices
The banner distinguishes three categories: (a) Essential — strictly necessary, always on; (b) Analytics — anonymous audience measurement; (c) B2B — feeding anonymised aggregate statistics. You can accept, reject or customise, and change your choice whenever you wish (by clearing the preferences stored in your browser).
5. Anonymisation and aggregation
Statistics shared with third parties are only published once a minimum number of distinct users is reached (k-anonymity), so that no row can be linked to an individual. Aggregate tables never contain individual identifiers.
6. Hosting and processors
Events are stored via Supabase (hosting: [TO COMPLETE: region, e.g. EU]). Access is restricted and protected by row-level security (RLS). [TO COMPLETE: any other processors, e.g. third-party analytics].
7. Retention
Raw events are kept for [TO COMPLETE: duration, e.g. 14 months] then deleted or anonymised; aggregate statistics, anonymous by design, are kept indefinitely.
8. Your rights
Under the GDPR you have the right of access, rectification, erasure, restriction, objection and portability, and the right to withdraw your consent at any time. To exercise these rights: [TO COMPLETE: email]. You may also lodge a complaint with the competent data protection authority.
9. Updates
This policy may change. Last updated: [TO COMPLETE: date].