MechaniQ Logo - AI-Powered Car Diagnostic App
MechaniQ Logo - AI-Powered Car Diagnostic App

Privacy Policy — MechaniQ

Last updated: August 25, 2025

This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use MechaniQ's apps and website.

1) Information We Collect

A. You provide

  • Account & profile: email, password (hashed), optional name, profile photo, phone, preferred language.
  • Vehicles: VINs, make/model/year, nicknames, photos (optional), maintenance records.
  • Content: chat messages, voice transcripts, images, search queries, support requests.

B. Collected automatically

  • Usage & device: app interactions, message counts, device/OS, performance metrics, crash/error logs, network status, and similar diagnostics.
  • Vehicle diagnostics (when connected): DTCs, live data streams, and diagnostic history.
  • Notifications: delivery and interaction data for reminders and alerts.

C. From third parties

  • Identity providers: if you sign in with a third‑party identity provider, we receive basic account information you authorize (e.g., email).
  • Public or enterprise data sources: we may retrieve vehicle or safety‑related information from public or enterprise databases to support features you request.

We do not collect precise geolocation or your contacts.

2) How We Use Information

  • Provide and operate the Service: authentication, sessions, chat/voice features, diagnostics, reminders, support.
  • Personalize and improve: language preferences, content organization, tutorials, usability improvements.
  • Safety and security: fraud and abuse prevention, rate‑limiting, logging, and incident response.
  • Communications: service notices, support responses, and (if you opt in) marketing communications.
  • Legal compliance: fulfill legal obligations and enforce our Terms.

No ads/tracking: We do not use third‑party ad networks or cross‑app tracking.

3) AI/Voice Processing & Model Training

To deliver chat and voice features, your inputs and relevant context may be processed by service providers acting on our behalf under written agreements. We do not allow your content to be used to train third‑party or our own generalized models. Providers are contractually restricted to processing your data solely to provide the requested functionality.

4) Subscriptions & Payments

If you purchase a subscription, payments are processed by our payment partners. We do not store your full payment card details. We receive transaction or entitlement information needed to activate your plan.

5) How We Share Information

We share personal information only with:

  • Service providers/contractors that host, process, or support the Service (e.g., cloud hosting, security, first‑party analytics, notification delivery, subscription/entitlement management, and AI/voice processing), subject to confidentiality and data‑protection obligations;
  • Authorities or third parties when required by law, legal process, or to protect rights, safety, and security;
  • Business transfers (e.g., merger, acquisition, financing) where your information may be transferred as part of the transaction, subject to this Policy.

We do not sell personal information and we do not share it for cross‑context behavioral advertising.

6) Your Choices & Controls

  • Account deletion: You can delete your account in Profile → Delete Account or by contacting support@mechaniq.io.
  • Data export: Request an export of your data by emailing support@mechaniq.io; we generally fulfill within 30 days where legally required.
  • Manage content: Delete individual chats; edit or remove vehicles; clear diagnostic history.
  • Communications: Opt out of marketing at any time (instructions in messages). Service‑related notices are necessary to operate the Service.
  • Permissions: You can disable camera, microphone, Bluetooth, and notifications in your device settings at any time (feature availability may be reduced).

7) Retention

  • Active accounts: retained while your account is active.
  • Deleted accounts: upon deletion, we immediately deactivate your account and schedule permanent deletion after 90 days (soft‑delete period). Some records may be retained for limited periods for security, fraud prevention, or legal compliance.
  • Chat history: retained until you delete conversations.
  • Diagnostics: typical retention 90 days.
  • Analytics/metrics: aggregated or anonymized after approximately 12 months.

8) Security

We use administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit and at rest, secure password hashing, access controls, monitoring, and regular updates. No method of transmission or storage is 100% secure, but we work to protect your data against unauthorized access, alteration, disclosure, or destruction.

9) International Transfers

We may process and store information in the United States and other locations. Where required, we use appropriate safeguards for international transfers (e.g., standard contractual clauses or their equivalents) and implement supplementary measures as needed.

10) Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from them. If we learn that a child under 13 has provided personal information, we will delete it.

11) Your Privacy Rights (General)

Depending on your location, you may have rights to access, correct, delete, or receive a copy of your personal information; to object to or restrict processing; or to withdraw consent where processing is based on consent. To exercise rights, contact privacy@mechaniq.io or use in‑app controls. We will verify your request and respond within applicable timelines.

12) California Privacy Notice (CCPA/CPRA)

This section applies to California residents and supplements the rest of this Policy. It uses terms defined in the California Consumer Privacy Act (as amended by the CPRA).

A. Categories of Personal Information Collected

We may collect, and in the past 12 months have collected, the following categories of personal information ("PI"):

  1. Identifiers: name (if provided), email address, account ID, device identifiers, IP address.
  2. Customer Records Information (Cal. Civ. Code §1798.80(e)): account profile details you provide (e.g., phone number if added).
  3. Commercial Information: records of subscriptions or in‑app purchases (limited to transaction and entitlement information; we do not store full payment card numbers).
  4. Internet or Other Electronic Network Activity Information: app usage, interactions with features, diagnostics, crash logs, and related analytics.
  5. Geolocation Data: not precise geolocation; approximate location may be inferred from IP address.
  6. Audio, Electronic, Visual Information: voice interaction transcripts and associated session metadata when you use voice features; images you upload.
  7. Inferences: limited internal inferences to personalize features (e.g., language preference, content ordering).
  8. Sensitive Personal Information (SPI): account login credentials (email and hashed password); optional two‑factor authentication data.

We do not knowingly collect protected classification characteristics, biometric identifiers, or precise geolocation.

B. Sources of PI

  • You (including when you interact with the Service, submit content, or contact support);
  • Your devices and interactions with the Service (automatic collection);
  • Identity providers you use to sign in;
  • Public or enterprise sources relevant to vehicle information you request.

C. Purposes for Collection and Use

We collect and use PI for the business purposes described in Section 2 above, including: providing the Service; personalization and improvement; security and fraud prevention; communications; and legal compliance.

D. Retention

We retain PI for the periods described in Section 7 above, which reflect our need to provide the Service, comply with law, resolve disputes, and secure our systems. For example, account data is deleted after the 90‑day soft‑delete window; diagnostics typically after 90 days; analytics is aggregated/anonymized after ~12 months.

E. Disclosure of PI

We disclose PI to the following categories of recipients for the business purposes above:

  • Service providers/contractors that host, secure, or process data; deliver notifications; manage entitlements and transactions; provide first‑party analytics; and enable chat/voice features;
  • Authorities or third parties as required by law or to protect rights and safety;
  • Business transferees in connection with corporate transactions.

We do not sell PI and do not share PI for cross‑context behavioral advertising as those terms are defined by California law.

F. Your California Rights

Subject to exceptions, California residents have the right to:

  • Know/Access the categories and specific pieces of PI we collected about you; the categories of sources; business/commercial purposes; and categories of third parties to whom PI was disclosed.
  • Delete PI we collected from you.
  • Correct inaccurate PI.
  • Data Portability: receive a copy of certain PI in a portable format.
  • Opt‑out of Sale/Sharing: not applicable because we do not sell or share your PI as defined.
  • Limit Use/Disclosure of SPI: not applicable beyond account credentials used to provide the Service; we do not use SPI to infer characteristics.
  • Non‑discrimination: we will not discriminate against you for exercising these rights.

G. How to Exercise California Rights

Submit requests by emailing privacy@mechaniq.io or via in‑app controls (where available). We will verify your identity (e.g., by confirming control of your account or email). You may use an authorized agent by providing a signed permission and verifying your identity directly with us. If we deny your request (where permitted), you may contact us to request a further explanation.

H. "Shine the Light" and Do Not Track

We do not disclose personal information to third parties for their own direct marketing. We do not respond to browser "Do Not Track" signals.

13) EEA/UK GDPR Notice

This section applies to individuals in the European Economic Area (EEA) and the United Kingdom.

A. Controller

Hack House, 7975 N Hayden Rd Suite A210, Scottsdale, AZ 85258, USA.
Contact: privacy@mechaniq.io

B. Representative & DPO

We will designate an EU/UK representative and update this Policy when appointed. We have not appointed a Data Protection Officer. You can always contact us at privacy@mechaniq.io.

C. Purposes and Legal Bases

We process personal data for the purposes listed in Section 2 on the following legal bases:

  • Contract (Art. 6(1)(b) GDPR): to provide the Service you request (authentication, chat/voice features, diagnostics, reminders, support).
  • Legitimate interests (Art. 6(1)(f)): to personalize and improve the Service; ensure security and fraud prevention; protect our rights; internal analytics limited to first‑party metrics. We balance these interests against your rights and expectations.
  • Consent (Art. 6(1)(a)): for optional marketing communications and certain device permissions (e.g., notifications, microphone/camera access), where required. You may withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)): to comply with applicable laws, regulatory requests, and claims handling.

We do not use your content to train general machine‑learning models and do not conduct solely automated decision‑making that produces legal or similarly significant effects (Art. 22 GDPR).

D. Recipients

We disclose data to categories of recipients described in Section 5 (service providers/contractors under data‑processing terms; authorities/legal; and business transferees in corporate transactions).

E. International Transfers

Where we transfer personal data outside the EEA/UK (e.g., to the United States), we use appropriate safeguards, such as the European Commission's Standard Contractual Clauses and UK equivalents, and implement supplementary measures where necessary. You may request more information about transfer mechanisms by contacting privacy@mechaniq.io.

F. Retention

We retain data as outlined in Section 7. Criteria include the nature of the data, the purpose of processing, legal requirements, and security needs.

G. Your Rights

You have the right to access, rectify, erase, and port your data, and to object to or request restriction of processing where applicable. Where processing is based on consent, you may withdraw consent at any time without affecting prior processing. To exercise rights, contact privacy@mechaniq.io. You also have the right to lodge a complaint with your local supervisory authority (e.g., in the EEA: a Data Protection Authority; in the UK: the Information Commissioner's Office).

H. Necessity of Providing Data

You are not legally required to provide personal data; however, certain data is necessary to create an account and use core features. If you do not provide such data, some or all features may be unavailable.

14) Cookies & Local Storage

Our apps may use local storage on your device for authentication and performance. Our website may use cookies or similar technologies; you can manage browser settings to limit cookies, though some features may not work.

15) Changes to this Policy

We may update this Policy. If changes are material, we will notify you as required by law. Your continued use after the effective date signifies acceptance.

16) Contact

For questions about this Privacy Policy, please contact us at:

MechaniQ Privacy Team

Privacy: privacy@mechaniq.io

Support: support@mechaniq.io

Address: 7975 N Hayden Rd Suite A210, Scottsdale, AZ 85258, USA