Back to Home

GDPR Compliance

AI Oil Plus & Car Care is fully compliant with the General Data Protection Regulation (GDPR). Your privacy and data protection are our top priorities.

GDPR Compliant Since 2018

Data We Collect

We collect only the data necessary to provide our vehicle maintenance tracking services:

Account Information

  • Personal Data: Name, email address, and authentication information
  • Account Security: Encrypted passwords and authentication tokens

Vehicle Information

  • Vehicle Details: Make, model, year, VIN (optional), and mileage
  • Maintenance Records: Service dates, costs, locations, and notes

Usage Data

  • App Analytics: Feature usage, session duration, and performance metrics
  • Location Data: GPS coordinates for automatic mileage tracking (with consent)

How We Use Your Data

  • Service Delivery: Provide maintenance reminders and vehicle tracking
  • AI Features: Power our AI car assistant and intelligent recommendations
  • Analytics: Generate maintenance insights and cost tracking
  • Data Sync: Synchronize your data across devices securely
  • Customer Support: Provide technical assistance and account support

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right to Access: Request a copy of all personal data we hold about you
  • Right to Rectification: Correct any inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("Right to be Forgotten")
  • Right to Restrict Processing: Limit how we process your data
  • Right to Data Portability: Export your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Rights Related to Automated Processing: Protection against automated decision-making

Data Security & Protection

  • Encryption: All data encrypted in transit and at rest using AES-256
  • Google Cloud Security: Hosted on Google Cloud Platform with ISO/IEC 27701 certification
  • Access Controls: Strict access controls and employee data protection training
  • Data Backup: Regular encrypted backups with disaster recovery procedures
  • Security Monitoring: Continuous monitoring for security threats and breaches

Consent Management

We provide granular consent controls for different types of data processing:

  • Essential Services: Required for core app functionality (cannot be disabled)
  • Analytics: Help us improve app performance and user experience
  • Marketing: Promotional emails and feature announcements
  • Third-Party Integrations: External services and social media features
  • Preference Management: Easy-to-use consent settings in the app

Data Retention Policy

  • Account Data: Deleted within 30 days of account closure request
  • Vehicle Records: Retained for 7 years or until account deletion
  • Analytics Data: Anonymized after 26 months, aggregated data retained
  • Backup Data: Automatically purged from backups within 90 days of deletion

Third-Party Data Sharing

We only share data with GDPR-compliant service providers:

  • Google Cloud Platform: Data hosting and processing (Data Processing Agreement in place)
  • Firebase Analytics: App performance and usage analytics (with consent)
  • RevenueCat: Subscription management (Standard Contract Clauses)
  • OpenAI: AI assistant features (Data Processing Agreement)
  • No Data Sales: We never sell your personal data to third parties

Data Protection Contact

For any GDPR-related questions, data requests, or privacy concerns, contact our Data Protection Officer:

privacy@aioilplus.com
Data Protection Officer
Response within 30 days

You also have the right to lodge a complaint with your local supervisory authority if you believe your data protection rights have been violated.