AutoAt

AutoAt, Inc.

Privacy Policy

Version 2025.2 · Last updated April 9, 2026

AutoAt, Inc. (“AutoAt,” “we,” “us,” or “our”) respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains what information we collect, how we use it, with whom we share it, and the choices you have regarding your information. It applies to users of the AutoAt website, mobile applications, and related services (the “Platform”).

By using the Platform, you acknowledge that you have read and understood this Policy. If you do not agree with it, please do not use the Platform. For the legal framework that governs your use of the Platform, see our Terms of Service.

1. Information We Collect

1.1
Personal information you provide. When you create an account or use the Platform, we collect the information you submit, which may include: name, email address, phone number, mailing address, profile photo, business name (for Shops), and account credentials.
1.2
Vehicle information. We collect the vehicle details you enter (year, make, model, license plate, color, VIN, mileage) and any notes you attach to your vehicle profile.
1.3
Connected vehicle diagnostics. If you link a vehicle via Smartcar, a manufacturer app, or an OBD-II device, we collect diagnostic data provided by those third-party services. This may include odometer, fuel or battery level, oil life, tire pressure, diagnostic trouble codes (DTCs), vehicle identification number (VIN), and other telemetry. We also store the OAuth access and refresh tokens required to read that data, in encrypted form.
1.4
Location information. With your permission, we collect approximate or precise location data to show nearby Shops, power pickup and mobile service logistics, and personalize search results. You can control location sharing through your device settings.
1.5
Booking and transaction data. We collect records of bookings, service histories, messages exchanged between Users and Shops, reviews, ratings, parts tracking, and payment activity. Payment card details are collected directly by our payment processor (Stripe) and are not stored on AutoAt's servers.
1.6
AI Diagnostic conversations. When you use the AI Diagnostic feature, we store your chat history and the AI's suggested services so you can resume conversations, reference past results, and book recommended services. These conversations are processed by Anthropic, PBC, our large-language-model provider, subject to their data-handling practices.
1.7
Usage data. We automatically collect technical information when you use the Platform, including IP address, browser type, device type, operating system, pages visited, timestamps, referring URLs, and actions taken on the Platform. This helps us operate and improve the Platform and protect it from abuse.
1.8
Cookies and similar technologies. See Section 10 for details.

2. How We Use Information

2.1
Operate the Platform. We use your information to create and maintain your account, process bookings, facilitate communication between you and Shops, enable pickup and mobile logistics, provide customer support, and send you transactional notifications (booking confirmations, receipts, status updates, etc.).
2.2
Improve the Platform. We analyze usage data to understand how Users interact with the Platform, diagnose problems, measure performance, and develop new features. We may de-identify or aggregate data for analytics purposes.
2.3
Personalize your experience. We use vehicle information, service history, location, and connected vehicle diagnostics to recommend Shops and services that are likely to be relevant to you.
2.4
Communicate with you. We use your contact information to send service-related messages, respond to inquiries, and — with your consent — share promotional offers, referral rewards, and Platform updates. You may opt out of marketing communications at any time via your notification preferences or the unsubscribe link in marketing emails.
2.5
AI training note. AutoAt does not use your personal information or conversation content to train foundation AI models. When you use the AI Diagnostic, your inputs are processed by Anthropic, PBC solely to generate a real-time response; Anthropic's data-handling practices for API customers govern retention and use of that data. See Anthropic's Privacy Policy for details.
2.6
Safety, security, and legal compliance. We use information to detect and prevent fraud, abuse, and unauthorized activity; enforce our Terms of Service; comply with legal obligations; and protect the rights, property, or safety of AutoAt, our users, and the public.

3. How We Share Information

3.1
With Shops. When you book a service, AutoAt shares relevant information with the Shop to fulfill the booking, including your name, contact details, vehicle information, service requests, pickup/mobile address (where applicable), and any connected vehicle diagnostic data you have consented to share.
3.2
With service providers. We share information with trusted third parties that perform services on our behalf, including:
  • Stripe, Inc. for payment processing
  • Anthropic, PBC for the AI Diagnostic feature
  • Smartcar, Inc. for connected vehicle data
  • Google, Apple for sign-in authentication
  • Resend for transactional email delivery
  • Cloud hosting, database, and analytics providers
These providers are contractually required to handle your information in accordance with this Policy and applicable law.
3.3
Legal requirements. We may disclose information if required to do so by law, subpoena, court order, or other legal process, or if we reasonably believe that disclosure is necessary to protect the rights, property, or safety of AutoAt, our users, or the public.
3.4
Business transfers. In connection with a merger, acquisition, reorganization, or sale of all or substantially all of AutoAt's assets, your information may be transferred to the acquiring or successor entity, subject to this Policy.
3.5
With your consent. We may share your information with other parties when you direct us to do so (for example, sharing your vehicle health data with a specific Shop for a pre-booking consultation).
3.6
We do not sell your personal information. AutoAt does not sell your personal information to third parties for monetary consideration. See Section 6 for California-specific disclosures, including our treatment of “sale” and “sharing” as defined under California law.

4. Data Retention

4.1
We retain your information for as long as your account is active or as needed to provide the Platform. We may also retain information where required for legal, tax, accounting, dispute resolution, fraud prevention, or legitimate-business purposes.
4.2
Account deletion. You may request deletion of your account at any time. Upon account deletion, we delete or anonymize your personal information from our active systems within thirty (30) days, except for information we are required to retain by law (for example, financial records) or that is contained in backups (which are overwritten on a rolling schedule).
4.3
Connected vehicle data. OAuth tokens for connected vehicles are deleted immediately when you disconnect a vehicle. Historical diagnostic data is retained for up to twenty-four (24) months after disconnection to preserve your service history, and may then be deleted or anonymized.
4.4
Anonymized data. AutoAt may retain aggregated or de-identified data indefinitely for analytical purposes. Such data cannot reasonably be used to identify you.

5. Your Rights and Choices

5.1
Subject to applicable law, you have the following rights regarding your personal information:
  • Access. Request a copy of the personal information we hold about you.
  • Correction. Ask us to correct inaccurate or incomplete information.
  • Deletion. Request that we delete your personal information, subject to legal exceptions.
  • Portability. Receive your information in a structured, commonly used, machine-readable format.
  • Objection. Object to certain processing activities.
  • Marketing opt-out. Opt out of receiving marketing communications at any time.
5.2
To exercise any of these rights, contact us at privacy@autoat.com. We will respond within the timeframe required by applicable law. We may need to verify your identity before fulfilling your request.
5.3
Non-discrimination. We will not discriminate against you for exercising your privacy rights. We will not deny you services, charge you a different price, or provide a different level of quality of service because you exercised a right.

6. California Privacy Rights

6.1
For California residents. This section applies to residents of California and supplements the other sections of this Policy. Under the California Consumer Privacy Act (“CCPA”) and the California Privacy Rights Act (“CPRA”), California residents have additional rights:
  • Right to know. You have the right to know what personal information AutoAt collects, uses, discloses, and sells or shares.
  • Right to delete. You have the right to request deletion of personal information, subject to certain exceptions.
  • Right to correct. You have the right to request correction of inaccurate personal information.
  • Right to opt out of sale or sharing. AutoAt does not sell personal information for monetary consideration. To the extent we “share” personal information for cross-context behavioral advertising as that term is defined under the CPRA, you have the right to opt out.
  • Right to limit use of sensitive personal information. You have the right to limit the use and disclosure of sensitive personal information (e.g. precise geolocation) to that necessary to perform the services.
  • Non-discrimination. We will not discriminate against you for exercising these rights.
6.2
To exercise your California rights, email privacy@autoat.com with “California Privacy Request” in the subject line. You may also designate an authorized agent to make a request on your behalf; proof of authorization will be required.
6.3
Categories of personal information collected (last 12 months). Identifiers (name, email, phone, IP); commercial information (booking history); internet activity (usage data, cookies); geolocation (approximate or precise location); vehicle and diagnostic data; inferences drawn from the above for personalization.
6.4
Sources. We collect the above information directly from you, from Shops you interact with, from connected-vehicle services, and automatically from your device.

7. Children's Privacy

7.1
The Platform is not intended for, and is not directed to, individuals under the age of eighteen (18). We do not knowingly collect personal information from children under 18.
7.2
If you believe a child under 18 has provided personal information to AutoAt, please contact us at privacy@autoat.com and we will take steps to delete that information.

8. Security

8.1
AutoAt implements reasonable administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, use, alteration, or destruction. These safeguards include encryption in transit (TLS), encryption at rest of sensitive fields (including OAuth refresh tokens using AES-256-GCM), role-based access controls, and ongoing security monitoring.
8.2
No security system is perfect, and AutoAt cannot guarantee the absolute security of your information. You are responsible for maintaining the confidentiality of your account credentials and for notifying us immediately of any unauthorized access.

9. International Transfers

9.1
AutoAt is based in the United States. If you access the Platform from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where AutoAt or its service providers maintain facilities. By using the Platform, you consent to such transfers.
9.2
Where required by applicable law, AutoAt will implement appropriate safeguards for international data transfers, including standard contractual clauses where applicable.

10. Cookies and Tracking

10.1
AutoAt uses cookies and similar tracking technologies (pixels, local storage, device identifiers) to operate and improve the Platform. Categories include:
  • Essential cookies that enable core functionality (session management, authentication, security). You cannot disable these without rendering the Platform inoperative.
  • Functional cookies that remember your preferences (language, UI settings).
  • Analytics cookies that help us understand how the Platform is used so we can improve it.
  • Marketing cookies — if AutoAt uses them — to deliver relevant offers. These are opt-in where required by law.
10.2
You can control cookies through your browser settings. Blocking or deleting cookies may affect Platform functionality.

11. Changes to This Policy

11.1
AutoAt may update this Privacy Policy from time to time. When we make material changes, we will notify you via email, in-app notification, or a prominent notice on the Platform. The “Last updated” date at the top of this document reflects the most recent revision.
11.2
Your continued use of the Platform after an update constitutes your acceptance of the revised Policy.

12. Contact Us

12.1
If you have questions or concerns about this Privacy Policy or AutoAt's data practices, please contact us:

Email: privacy@autoat.com

Mail: AutoAt, Inc., Attn: Privacy Team, [Mailing address, your state]