carpybara.AI

Privacy Policy

Last updated: April 10, 2026

1. Introduction

carpybara.AI ("we", "us", or "our") respects your privacy. This policy explains what personal data we collect, why we collect it, and how we protect it when you use carpybara.ai and related services ("the Service").

2. Data We Collect

Account data: When you register, we collect your name (optional), email address, and authentication credentials. If you sign in via Google, we receive your name, email, and profile picture from Google.

Usage data: We collect anonymous analytics (page views, feature usage) via Vercel Analytics. No cookies are used for tracking; Vercel Analytics is privacy-focused and does not use cookies.

Calculator inputs: Vehicle details you enter (VIN, auction price, engine specs) are processed in your browser and are not stored on our servers unless you explicitly save a vehicle to your account.

Payment data: Payments are handled entirely by Paddle. We do not collect, store, or have access to your credit card number or payment method details. Paddle shares your email and subscription status with us so we can provision your account.

AI analysis data: When you use the AI damage analysis feature, vehicle photos from public auction listings are sent to third-party AI providers (Google Gemini, OpenAI) for processing. We do not upload your personal photos.

3. How We Use Your Data

  • To provide, maintain, and improve the Service.
  • To manage your account and deliver subscription features.
  • To send transactional emails (e.g., magic link sign-in, password reset). We do not send marketing emails unless you opt in.
  • To generate anonymous, aggregated statistics about Service usage.

4. Data Sharing

We share personal data only with:

  • Paddle — payment processing (Merchant of Record).
  • Google Gemini & OpenAI — AI damage analysis (vehicle photos from public listings only).
  • Vercel — hosting and anonymous analytics.
  • Google Analytics — anonymous usage analytics (only if you accept analytics cookies).
  • MongoDB Atlas — database hosting (encrypted at rest and in transit).

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

5. Cookies & Analytics

We use a single essential cookie (next-auth.session-token) for authentication. We use localStorage for user preferences (theme, language, country, cookie consent choice).

If you accept analytics cookies via our cookie consent banner, we load Google Analytics to understand how visitors use the Service. Google Analytics uses cookies to collect anonymous usage data (pages visited, session duration, device type). No personally identifiable information is sent to Google Analytics. You may opt out at any time by choosing "Essential only" in the cookie banner, or by clearing your browser cookies.

We do not use advertising or tracking cookies. We do not share cookie data with any third party for marketing purposes.

6. Data Retention

Account data is retained for as long as your account is active. If you delete your account, we remove your personal data within 30 days. Anonymous analytics data is retained indefinitely.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction or deletion of your data.
  • Object to or restrict certain processing.
  • Export your data in a portable format.

To exercise any of these rights, email us at support@carpybara.ai.

8. Security

We implement industry-standard security measures including TLS encryption in transit, encryption at rest for stored data, and secure authentication flows. However, no method of transmission or storage is 100% secure.

9. Children's Privacy

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the Service. The "Last updated" date at the top reflects the most recent revision.

11. Contact

For privacy-related questions or requests, contact us at support@carpybara.ai.