Privacy Policy

How we protect your information

Last updated November 25, 2025

Enterprise Security

SOC 2 compliant with industry-standard encryption

Data Protection

Your information is never sold or shared

Transparency

Full visibility into how we use your data

User Control

You control your data and preferences

Information We Collect

We collect only what's necessary to provide you with the best service

Personal Information

We collect the following personal information when you use our service:

Name and contact information
Account credentials and authentication data
Payment information and billing details
Vehicle information (brand, model, year, color)
Company and business information (for business users)
Branch location and service details
Reservation and booking history
Loyalty program participation and rewards
Usage data and preferences
Location data (when using map features)
Profile pictures and company images
Firebase Cloud Messaging (FCM) tokens for push notifications
Device information for notification delivery
Admin impersonation session data (for administrative purposes)
Trial subscription and expiration data
Loyalty redeem code usage and transaction history
OAuth authentication data from Google and Facebook (when using social login)
Google Maps interaction data for location services
Business report export data and download history

Usage Data

We automatically collect information about how you use our service:

Device information (IP address, browser type, operating system)
App usage statistics and performance data
Location data (when using map features and geolocation)
Crash reports and error logs
Service booking patterns and preferences
Loyalty program participation and redemption history
Payment transaction data and billing history
Customer support interactions and communications
Email engagement and delivery status
Map interaction data (when using Google Maps features)
Push notification delivery and engagement metrics
FCM token registration and management data
Service worker usage and offline activity
Form interaction and validation data
Admin dashboard usage and management activities
Trial subscription management and conversion tracking
Vercel Web Analytics data (privacy-focused, no cookies or personal identifiers)
Google Ads conversion tracking and campaign performance data
OAuth provider interaction data (Google, Facebook authentication)
Excel export generation and business report downloads
Employee account management and role-based access tracking

How We Use Your Information

Your data helps us provide better services and improve your experience

We use the collected information for the following purposes:

To provide and maintain our car wash booking and management platform

To process reservations, payments, and loyalty program transactions

To send booking confirmations, reminders, and loyalty reward notifications

To provide customer support and respond to inquiries

To display your location on maps and help you find nearby car wash services

To manage your vehicle information and service history

To process subscription payments and manage business accounts

To send important service updates and policy changes

To gather analytics and improve our platform functionality

To detect, prevent, and address technical issues and security threats

To comply with legal obligations and enforce our terms of service

To deliver push notifications for reservations, loyalty rewards, and business updates

To manage Firebase Cloud Messaging tokens and notification delivery

To provide enhanced admin features including user impersonation and company management

To track and manage trial subscriptions with automated expiration notifications

To monitor platform performance and errors using Rollbar integration

To enhance security through Row Level Security (RLS) policies

To improve user experience through form standardization and validation

To provide privacy-focused analytics through Vercel Web Analytics without cookies

To track advertising effectiveness through Google Ads conversion tracking

To enable convenient social authentication via Google and Facebook OAuth

To facilitate business data exports and reporting through Excel generation

To manage employee accounts and role-based access for business operations

To implement rate limiting for authentication and API security to prevent abuse

Sharing Information

We're committed to protecting your privacy and never sell your data

We do not sell, market, or transfer your personal information to third parties except in the following circumstances:

With your explicit consent

To comply with legal obligations and regulatory requirements

To protect and defend our rights and property

With trusted service providers including payment processors, email services, and map providers

With car wash businesses to fulfill your reservations and provide services

In connection with a merger, acquisition, or sale of assets

To prevent fraud and ensure platform security

To provide customer support and resolve disputes

With Firebase for push notification delivery and FCM token management

With Rollbar for error tracking and platform monitoring

With trusted analytics providers for service improvement

With administrative users for platform management and support purposes

With Vercel for privacy-focused web analytics (no personal data shared)

With Google for Maps integration, Ads tracking, and OAuth authentication

With Facebook for OAuth authentication when using social login

With employee users within your organization for business management purposes

Data Security

Multiple layers of security to keep your information safe

We implement appropriate security measures to protect your personal information:

Encryption of sensitive data in transit and at rest using industry-standard protocols

Regular security audits and vulnerability assessments

Access controls and authentication mechanisms with role-based permissions

Rate limiting for authentication and API endpoints to prevent abuse and enumeration attacks

Secure payment processing with PCI DSS compliance

Employee training on data protection practices

Incident response procedures and breach notification protocols

Regular backups and disaster recovery planning

Secure API endpoints with proper authentication and validation

Location data protection with user consent requirements

Row Level Security (RLS) policies for database-level access control

Enhanced admin security controls and impersonation safeguards

Secure FCM token management and notification delivery

Comprehensive error logging and monitoring through Rollbar

Enhanced form validation and data sanitization

Service worker security and offline data protection

Privacy-focused analytics without cookies or personal tracking

Secure OAuth token management for third-party authentication

Protected business data export with access controls and encryption

Employee account security with role-based permissions and audit logging

Your Rights

You have full control over your personal information

You have the following rights regarding your personal information:

Access: Request copies of your personal data

Rectification: Request correction of inaccurate data

Erasure: Request deletion of your personal data

Restriction: Request limitation of processing

Portability: Request transfer of your data

Objection: Object to processing of your data

Notification Preferences: Control push notification settings and FCM token usage

Admin Access: Request information about administrative actions and impersonation

Trial Management: Control trial subscription data and expiration notifications

Error Data: Request information about error logs and performance data collected

Analytics Opt-out: Opt out of analytics tracking while maintaining core functionality

OAuth Disconnection: Disconnect social authentication and revert to email/password

Export History: Request information about data exports and downloads

Employee Data: Control how your data is shared with employee users in your organization

Push Notifications and Communications

We use Firebase Cloud Messaging to deliver important updates:

Reservation confirmations and status updates
Loyalty reward notifications and redeem code alerts
Trial expiration reminders and subscription updates
Business updates and service announcements
You can control notification preferences in your account settings
FCM tokens are stored securely and managed according to your preferences
Notification delivery is optimized for your device and usage patterns

Administrative Features and Security

Enhanced administrative capabilities include:

User impersonation for customer support and troubleshooting
Company management and business account administration
Enhanced security controls and access management
Comprehensive audit trails and activity logging
Row Level Security policies for data protection
All administrative actions are logged and monitored for security

Analytics and Advertising

We use privacy-focused analytics and advertising tools:

Vercel Web Analytics for privacy-first website analytics without cookies or personal data
Google Ads conversion tracking to measure advertising campaign effectiveness
No personal identifiers are used in analytics or advertising
Analytics data is aggregated and anonymized to protect your privacy
You can opt out of conversion tracking through browser settings
All tracking complies with GDPR and international privacy regulations

Social Authentication

When using social login (Google or Facebook):

We collect only your basic profile information (name, email, profile picture)
Authentication is managed through OAuth 2.0 secure protocols
We do not have access to your social media account passwords
You can disconnect social authentication at any time from your account settings
Social login data is protected with the same security as native accounts
We do not post to your social media accounts without explicit permission

Questions About Your Privacy?

We're here to help. Contact our privacy team for any questions about how we protect your information.

Contact Support Visit Help Center