Privacy Policy

Effective Date: January 2025
Last Updated: July 21, 2025

1. Introduction

Drivly, Inc. ("Auto.dev," "we," "our," or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our automotive data API services ("Services").

By using our Services, you consent to the data practices described in this Privacy Policy.

2. Information We Collect

2.1 Account Information

When you register for our Services, we collect:

• Name and email address
• Company name and business information
• Billing and payment information (processed by Stripe)
• Account credentials and API keys

2.2 Usage Data

We automatically collect information about your use of our Services:

• API calls and requests (including timestamps and request details)
• IP addresses and geographic location
• Browser and device information
• Usage patterns and performance metrics

2.3 Billing Information

Payment processing is handled by Stripe. We receive:

• Transaction confirmations and billing status
• Subscription and usage information for billing purposes
• We do NOT store complete credit card information on our servers

2.4 Communications

We collect information when you:

• Contact our support team
• Participate in surveys or feedback
• Subscribe to newsletters or updates

3. How We Use Your Information

3.1 Service Provision

We use your information to:

• Provide and maintain our API Services
• Process payments and manage subscriptions
• Monitor usage for billing purposes
• Authenticate and authorize access

3.2 Service Improvement

We use aggregated, non-personal information to:

• Analyze usage patterns and improve our Services
• Develop new features and capabilities
• Monitor system performance and security
• Generate business analytics and insights

3.3 Communications

We may use your information to:

• Send service-related notifications
• Provide technical support
• Share important updates about our Services
• Send marketing communications (with your consent)

3.4 Legal and Compliance

We may use your information to:

• Comply with legal obligations
• Enforce our Terms of Service
• Protect our rights and interests
• Respond to legal requests

4. Information Sharing and Disclosure

4.1 Third-Party Service Providers

We share information with trusted service providers:

Stripe (Payment Processing)

• Billing and payment information
• Subscription management data
• Governed by Stripe's privacy policy

Infrastructure Providers

• Usage data for hosting and performance monitoring
• Anonymized analytics data

4.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

4.3 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal processes
• Protect our rights and property
• Investigate fraud or security issues
• Protect user safety

4.4 Aggregated Data

We may share aggregated, anonymized data that cannot identify individual users for:

• Industry reports and analysis
• Business partnerships
• Research and development

5. Data Security

5.1 Security Measures

We implement industry-standard security measures:

• Encryption in transit and at rest
• Secure API authentication
• Regular security audits and monitoring
• Access controls and authentication

5.2 Data Breach Response

In the event of a data breach:

• We will investigate and contain the incident
• Affected users will be notified within 72 hours
• We will cooperate with regulatory authorities as required

6. Data Retention

6.1 Account Data

• Account information is retained while your account is active
• Deleted accounts are purged within 30 days
• Some information may be retained for legal compliance

6.2 Usage Data

• API usage logs are retained for billing and analytics purposes
• Billing records are retained for 7 years for accounting purposes
• Aggregated analytics data may be retained indefinitely

6.3 Support Communications

Support tickets and communications are retained for 3 years for quality assurance and training purposes.

7. International Data Transfers

7.1 Global Operations

Our Services are operated from the United States, and your information may be transferred to and processed in the United States.

7.2 International Users

For users outside the United States:

• We implement appropriate safeguards for international data transfers
• EU users have specific rights under GDPR (see Section 9)
• We comply with applicable international privacy laws

7.3 Data Processing Locations

Your data may be processed in:

• United States (primary)
• Cloud infrastructure providers' data centers globally
• All transfers are protected by appropriate safeguards

8. Cookies and Tracking

8.1 Essential Cookies

We use necessary cookies for:

• Authentication and session management
• API access and security
• Basic functionality of our Services

8.2 Analytics

We use analytics tools to understand usage patterns:

• Google Analytics (anonymized data)
• Performance monitoring tools
• Usage statistics and metrics

8.3 Cookie Control

You can control cookies through your browser settings, but disabling essential cookies may affect Service functionality.

9. Your Privacy Rights

9.1 General Rights

All users have the right to:

• Access your personal information
• Update or correct your information
• Delete your account and associated data
• Export your data in a portable format

9.2 GDPR Rights (EU Users)

EU users have additional rights under GDPR:

• Right to be forgotten: Request deletion of personal data
• Right to portability: Receive your data in machine-readable format
• Right to object: Object to certain data processing
• Right to restrict: Limit how we process your data
• Right to rectification: Correct inaccurate information

9.3 California Privacy Rights (CCPA)

California residents have specific rights:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of sale of personal information
• Right to non-discrimination for exercising privacy rights

Note: We do not sell personal information to third parties.

9.4 Exercising Your Rights

To exercise your privacy rights:

• Email us at sales@auto.dev
• Use your account settings to update information
• Contact our support team for assistance
• We will respond within 30 days (or as required by law)

10. Children's Privacy

Our Services are not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn we have collected such information, we will delete it immediately.

11. Third-Party Links

Our Services may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

12. Changes to This Privacy Policy

12.1 Updates

We may update this Privacy Policy to reflect:

• Changes in our data practices
• Legal requirements
• New features or services

12.2 Notification

We will notify you of material changes:

• By email to your registered address
• Through prominent notices in our Services
• Updates will be effective 30 days after notification

12.3 Continued Use

Your continued use of our Services after policy changes constitutes acceptance of the updated Privacy Policy.

13. Contact Information

13.1 Privacy Questions

For privacy-related questions or requests:

Email: sales@auto.dev
Subject Line: Privacy Inquiry - [Your Request Type]

13.2 Data Protection Officer (EU Users)

EU users may contact our Data Protection Officer: Email: sales@auto.dev

13.3 Regulatory Authorities

EU users have the right to lodge complaints with supervisory authorities in their jurisdiction.

14. Legal Basis for Processing (GDPR)

For EU users, our legal bases for processing personal data:

• Contract Performance: To provide our Services
• Legitimate Interests: To improve services and prevent fraud
• Legal Compliance: To meet regulatory requirements
• Consent: For marketing communications (where required)

15. Automotive Data Privacy

15.1 Public Data Sources

Our automotive data is collected from publicly available sources. This data typically does not contain personal information but may include:

• Vehicle identification numbers (VINs)
• Vehicle specifications and history
• Market pricing information

15.2 No Personal Vehicle Data

We do not collect or store:

• Personal vehicle ownership information
• Driver behavior or location data
• Personal identification linked to vehicles

15.3 Data Accuracy

While we strive for accuracy, automotive data is provided "as is" from public sources. We cannot guarantee the accuracy or completeness of this information.

Summary

This Privacy Policy explains how Auto.dev collects, uses, and protects your information. We are committed to transparency and giving you control over your data. For questions or to exercise your privacy rights, contact us at sales@auto.dev.

Last Updated: January 2025
Effective Date: January 2025