Privacy Policy

This website and application (“Service”) are operated by the entity behind Carvidi (“we”, “us”, “our”). For data protection questions, contact us using the contact details provided on the website.

This Privacy Policy applies to personal data processed when you visit our website, create an account, purchase report credits, upload content (including photos), or use diagnostic features. It should be read together with our Terms & Conditions.

Account data: name, email address, authentication identifiers, and profile information you provide.

Vehicle and diagnostic data: make, model, year, symptoms you describe, photos you upload, OBD or warning-light information you enter, and outputs generated for your account.

Usage and technical data: IP address, device/browser type, approximate location derived from IP, timestamps, logs, and cookies or similar technologies where applicable.

Payment-related data: handled by our payment providers; we typically receive limited confirmation data (e.g. transaction status), not full card numbers.

To provide and operate the Service (accounts, reports, saved vehicles, billing).

To generate informational diagnostic-style outputs using automated systems, including artificial intelligence (AI) models.

To improve security, prevent abuse, and comply with legal obligations.

To communicate with you about the Service, support requests, and (where permitted) product updates.

To analyse aggregated or anonymised usage to improve features; we do not sell your personal data as a business model.

Where GDPR applies, we rely on: performance of a contract (providing the Service); legitimate interests (security, improvement, fraud prevention), balanced against your rights; consent where required (e.g. certain cookies or marketing); legal obligation where applicable.

We use trusted service providers (e.g. hosting, authentication, database, email, payment, and AI inference providers) who process data on our instructions under appropriate agreements.

We may disclose information if required by law, court order, or to protect rights, safety, and integrity of users or the public.

We do not sell your personal information to third parties for their own marketing.

Your data may be processed in the European Economic Area and/or other countries where our providers operate. Where we transfer personal data outside the EEA, we use appropriate safeguards (such as Standard Contractual Clauses) where required by law.

We retain data as long as your account is active and for a reasonable period afterwards to resolve disputes, enforce agreements, and meet legal requirements. You may delete certain data from your account settings where available; some records may be retained in backup or anonymised form.

We implement technical and organisational measures appropriate to the risk (encryption in transit, access controls, etc.). No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

Depending on your location, you may have rights to access, rectify, erase, restrict processing, port data, object to processing, and withdraw consent where processing is consent-based.

You may lodge a complaint with your local data protection authority (e.g. in Romania, the ANSPDCP).

To exercise rights, contact us via the contact channel published on the site. We may need to verify your identity.

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have, contact us and we will take steps to delete it.

We may update this Privacy Policy from time to time. We will post the revised version with an updated date. Continued use after changes constitutes acceptance where permitted by law.