Privacy Policy

1. Information We Collect

We collect the minimum data necessary to operate the platform:

• Account information: email, display name, and authentication tokens through Supabase Auth / Google OAuth
• Device information: manufacturer, model, serial numbers, and repair history you register
• Transaction data: repair records submitted by certified shops on your behalf
• Usage data: anonymized page views and feature usage for platform improvement

2. How We Use Your Data

Your data is used exclusively to:

• Build and maintain your Device Passport — the cryptographically verifiable history of your device
• Connect you with certified repair shops you choose to engage with
• Improve platform reliability and detect fraud or policy violations
• Send transactional notifications (repair status updates, certification changes)

We never sell your data. We never share it with third parties outside the repair transaction you authorize.

3. Data Storage & Security

All data is stored in Supabase (PostgreSQL) with encryption at rest and in transit. Authentication uses industry-standard JWT tokens. PII (personally identifiable information) is isolated from analytics data. We maintain SOC 2 Type II compliance.

4. Your Rights

• Access: Export all your data in machine-readable JSON format
• Correction: Update your profile and contact information at any time
• Deletion: Request full account and data deletion (30-day grace period)
• Portability: Device Passport data can be exported and transferred

5. Contact

For privacy inquiries, contact [email protected].