Privacy Policy

1. Introduction

Welcome to WIBD ("we," "our," or "us"). We are committed to protecting your privacy and ensuring transparency about how we collect, use, and safeguard your personal information. This Privacy Policy explains our practices regarding data collection, processing, and your rights when using our vehicle reliability report service.

By using our service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address (required for authentication)
• Full name (optional, provided during signup)
• Profile avatar URL (optional, if you choose to upload one)
• Account preferences and settings
• Onboarding completion status

2.2 Vehicle Report Data

When you create a vehicle reliability report, we collect:

• Vehicle information: year, make, model, trim level
• Vehicle specifications: fuel type, transmission type, mileage, mileage unit
• Listing information: price, currency
• Vehicle history: service history, warranty duration, previous owners
• Usage information: expected yearly mileage
• Additional details: any additional information you provide about the vehicle

Note: You may create reports without an account (anonymous reports), but account creation is required to save and access your reports later.

2.3 Payment Information

When you purchase a report, we process payments through a secure third-party payment processor. We collect:

• Payment amount and currency
• Payment status (pending, succeeded, failed)
• Transaction identifiers

Important: We do not collect, store, or process your credit card information directly. All payment card data is handled securely by our payment processor in accordance with PCI DSS standards. Payment information is subject to our payment processor's privacy policy.

2.4 Generated Report Data

Our AI system generates comprehensive reports based on your vehicle information. This includes:

• Reliability scores and assessments
• Common issues and maintenance recommendations
• Ownership cost projections
• Vehicle statistics and comparisons
• AI-generated content and analysis

2.5 Feedback and Reviews

If you choose to provide feedback on reports, we collect:

• Rating (1-5 stars)
• Comments or written feedback
• Optional feedback flags (helpful, accurate, comprehensive)

Feedback may be submitted anonymously and is used to improve our service quality.

2.6 Technical Information

We automatically collect certain technical information when you use our service:

• IP address
• Browser type and version
• Device information
• Usage patterns and interactions with our service
• Error logs and diagnostic information

2.7 Location Information

To provide you with a better user experience, we may detect your approximate location based on:

• Your IP address (used to determine your country for currency selection)
• Browser locale settings (language and region preferences)

We use this location information solely to set your default currency preference (EUR, GBP, or USD) based on your country. This information is not stored on our servers and is only used locally in your browser. You can change your currency preference at any time using the currency selector in the footer. We do not collect precise location data (such as GPS coordinates) and do not track your location over time.

2.8 Cookies and Session Data

We use cookies and similar technologies to:

• Maintain your authentication session
• Remember your preferences (including currency selection)
• Store your cookie consent preference
• Ensure security and prevent fraud

Our authentication system uses secure, HTTP-only cookies to maintain your login session. These cookies are essential for the service to function and cannot be disabled.

We also use local storage (similar to cookies) to remember your currency preference and cookie consent choice. You can manage your cookie preferences through the cookie consent banner that appears when you first visit our site. If you reject cookies, we will not detect your location for currency selection and will default to EUR.

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Provision

• Create and manage your account
• Generate vehicle reliability reports using AI technology
• Process payments and deliver purchased reports
• Store and provide access to your reports
• Enable report sharing functionality
• Detect your location to set default currency preferences

3.2 Service Improvement

• Analyze usage patterns to improve our service
• Process feedback to enhance report quality
• Debug technical issues and errors
• Monitor service performance and reliability

3.3 Communication

• Send service-related notifications (e.g., report completion)
• Respond to your inquiries and support requests
• Send important updates about our service (with your consent where required)

3.4 Legal Compliance

• Comply with legal obligations and regulatory requirements
• Protect our rights and prevent fraud or abuse
• Enforce our Terms of Service

4. Third-Party Services and Data Sharing

We use third-party service providers to operate our service. We share data with the following categories of service providers:

4.1 Cloud Infrastructure and Database Providers

We use cloud infrastructure providers to store and manage your data. These providers act as data processors and store:

• Your account information and profile data
• Vehicle reports and generated content
• Feedback submissions

Data Location: Your data is stored in secure cloud infrastructure. The specific data center location may vary based on our provider's infrastructure.

4.2 Payment Processors

We use third-party payment processors to handle all payment transactions. When you make a purchase:

• Payment card information is collected and processed directly by our payment processor
• We receive payment status and transaction IDs from the processor
• We do not have access to your full payment card details

Our payment processor is PCI DSS compliant and handles all payment data in accordance with industry security standards.

4.3 AI Service Providers

We use third-party AI services to generate vehicle reliability reports. When generating a report:

• Your vehicle information (make, model, year, specifications, etc.) is sent to our AI service provider
• The AI service processes this data to generate comprehensive report content
• Generated content is returned to us and stored in our database

We also use AI services to enrich reports with additional information such as vehicle images and owner quotes from public sources.

4.4 Image and Content Services

We may use third-party services to fetch vehicle images and related content for reports:

• Vehicle information (make, model, year) may be sent to image search services
• These services return relevant vehicle images
• Image URLs are stored in your report

4.5 Data Sharing Limitations

We do not:

• Sell your personal information to third parties
• Share your data for marketing purposes without your explicit consent
• Use your data for purposes other than those described in this policy

We may share your information if required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users.

All third-party service providers are contractually obligated to protect your data and use it only for the purposes we specify. They are required to maintain appropriate security measures and comply with applicable data protection laws.

5. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: Data in transit is encrypted using TLS/SSL protocols
• Authentication: Secure authentication with password hashing
• Access Controls: Row-level security policies ensure users can only access their own data
• Secure Storage: Data is stored in secure, managed cloud infrastructure
• Payment Security: Payment processing is handled by PCI DSS compliant processors
• Regular Updates: We keep our systems and dependencies up to date with security patches

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

6. Data Retention

We retain your data for the following periods:

• Account Data: Retained while your account is active. Deleted within 30 days of account deletion.
• Reports: Retained until you delete them or delete your account. Reports are soft-deleted (marked as deleted) but may be retained in backups for up to 90 days.
• Payment Records: Retained for 7 years as required by financial regulations and tax laws.
• Feedback: Retained indefinitely for service improvement purposes, but may be anonymized.
• Technical Logs: Retained for up to 90 days for security and debugging purposes.

When you delete your account, we will:

• Delete your profile and account information
• Soft-delete your reports (mark as deleted, remove from active access)
• Remove your authentication credentials
• Retain payment records as required by law

7. Your Rights and Choices

Depending on your location, you may have the following rights:

7.1 General Rights

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and data
• Portability: Request your data in a portable format
• Objection: Object to certain processing activities

7.2 GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under GDPR:

• Right to be informed about data collection
• Right of access to your data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making

To exercise these rights, please contact us using the information in Section 12.

7.3 CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising your privacy rights
• Right to deletion of personal information

7.4 How to Exercise Your Rights

You can exercise your rights by:

• Using the account deletion feature in your profile settings
• Contacting us directly at the email address provided in Section 12
• Updating your profile information directly in your account settings

We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing certain requests.

8. Report Sharing

Our service allows you to share reports with others using secure share tokens. When you share a report:

• A unique, cryptographically secure token is generated for the report
• Anyone with the share link can view the report without authentication
• Shared reports are read-only and cannot be modified by viewers
• You can stop sharing by deleting the report or your account

Important: When you share a report, anyone with the link can access it. Only share reports with people you trust. We are not responsible for how shared reports are used by recipients.

9. Children's Privacy

Our service is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. Specifically:

• Our third-party service providers may process data in various locations worldwide
• We ensure appropriate safeguards are in place, including standard contractual clauses where applicable
• By using our service, you consent to the transfer of your information to these countries

If you are located in the EEA, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission to transfer your data.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending an email notification to registered users (for significant changes)
• Displaying a notice on our website or service

Your continued use of our service after changes become effective constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through our support page or via email at support@willitbreakdown.com.

Note: We are currently in the process of formalizing our company registration. Once registration is complete, we will update this section with our official company address and registered business details.

For GDPR-related inquiries, you also have the right to lodge a complaint with your local data protection authority.

13. Consent

By using our service, you consent to our Privacy Policy and agree to its terms. If you do not agree to this policy, please do not use our service.

For users in the EEA, our legal basis for processing your data includes:

• Contractual necessity: To provide the service you requested
• Legitimate interests: To improve our service and prevent fraud
• Consent: For optional features and marketing communications (where applicable)
• Legal obligation: To comply with legal and regulatory requirements