Privacy Policy
This Privacy Policy explains how Autoshot ("we", "us") collects, uses, shares, and protects your personal data when you use our AI-powered vehicle damage assessment platform (the "Service"). We operate across Europe and Latin America, so this policy is written to comply with the EU/UK GDPR and Brazil's LGPD, among other laws. By using the Service you agree to the practices described here.
1Who We Are
Autoshot is the data controller for the personal data described in this policy. For any privacy question, request, or complaint, contact us at edisonkruger@gmail.com.
2Data We Collect
| Category | Examples |
|---|---|
| Account information | Name and email address (via Google sign-in or email/password registration); subscription tier. |
| Uploaded photos | Photographs of vehicles you submit for assessment, including any visible content such as license plates or surroundings. |
| Vehicle details | License plate and mileage, when you choose to provide them; AI-derived vehicle make, model, and condition. |
| Assessment data | Detected damage, generated reports, estimated prices, and timestamps. |
| Billing data | Subscription status and identifiers from Stripe. Card details are handled by Stripe — we never see or store full card numbers. |
| Usage & technical data | IP address (also used to rate-limit guest trials), device/browser information, log data, and error diagnostics. |
3How We Use Your Data
- To provide the Service — run damage detection, identify vehicles, fetch pricing, and generate reports.
- To manage your account — authentication, billing, and customer support.
- To improve and train our AI models — see the highlighted notice below.
- To secure the Service — prevent fraud, abuse, and enforce guest-mode rate limits.
- To comply with legal obligations and respond to lawful requests.
We retain and use the vehicle photographs you upload — together with their assessment results — to train, retrain, and improve our damage-detection AI models. This is core to how Autoshot gets more accurate over time. Images may be reviewed and annotated for this purpose. If you do not want your photos used for model training, contact us at edisonkruger@gmail.com and we will exclude and/or delete them.
4Legal Bases (GDPR / LGPD)
We process personal data under one or more of the following legal bases:
- Contract — to deliver the Service you requested and manage your subscription.
- Legitimate interests — to secure, maintain, and improve the Service, including AI model training, balanced against your rights.
- Consent — where required, for example for certain non-essential cookies; you may withdraw consent at any time.
- Legal obligation — to meet accounting, tax, and other legal requirements.
5Third-Party Processors
We share data with carefully selected service providers who process it on our behalf. We do not sell your personal data.
| Provider | Purpose |
|---|---|
| Anthropic | Claude AI vision — vehicle identification and analysis of uploaded photos. |
| OAuth sign-in / authentication. | |
| Stripe | Payment processing and subscription billing. |
| Sentry | Error monitoring and diagnostics. |
| Pricing sources | Public market-data websites and APIs queried to estimate vehicle value (vehicle attributes only, not your personal data). |
6International Data Transfers
We and our processors operate in multiple countries, so your data may be transferred to and processed outside your country of residence, including outside the European Economic Area or Brazil. Where we transfer personal data internationally, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or equivalent mechanisms recognized under LGPD, to ensure your data remains protected.
7Data Retention
We keep personal data only as long as needed for the purposes described here. Account data is retained while your account is active. Uploaded photos and assessment results are retained to provide history and to train our models, unless you request deletion. Billing records are kept as long as required by law (typically several years for tax and accounting). When data is no longer needed, we delete or anonymize it.
8Your Rights
Subject to applicable law, you have the right to:
- Access — obtain a copy of the personal data we hold about you;
- Rectification — correct inaccurate or incomplete data;
- Erasure ("right to be forgotten") — request deletion of your data, including uploaded photos;
- Portability — receive your data in a structured, machine-readable format;
- Restriction & objection — limit or object to certain processing, including model training;
- Withdraw consent — where processing is based on consent, without affecting prior processing;
- Lodge a complaint — with your local data-protection authority (in the EU) or the ANPD (in Brazil).
9How to Request Deletion or Exercise Rights
To delete your account or data, or to exercise any right above, email edisonkruger@gmail.com from the address associated with your account. We will verify your identity and respond within the timeframe required by law (generally 30 days under GDPR; 15 days under LGPD for certain requests). Deletion includes the uploaded photos and assessment data linked to your account.
10Cookies & Local Storage
We use a minimal set of cookies and browser localStorage to keep you signed in, remember your selected country and language, and operate the Service securely. We use essential storage strictly necessary for the Service to function, and our error-monitoring provider may set diagnostic identifiers. We do not use advertising or cross-site tracking cookies. You can clear cookies and local storage through your browser settings, though doing so may affect functionality such as staying logged in.
11Security
We apply reasonable technical and organizational measures to protect your data, including access controls, encryption in transit, and restricted handling of uploaded images. No system is perfectly secure, so we cannot guarantee absolute security, but we work to protect your data and to notify you and the authorities of breaches where required.
12Children
The Service is intended for business use by adults and is not directed at children. We do not knowingly collect personal data from anyone under 18.
13Changes to This Policy
We may update this Privacy Policy from time to time. We will revise the "Last updated" date above and, for material changes, provide reasonable notice. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
14Contact
For any privacy question or request, contact us at edisonkruger@gmail.com.