Privacy Policy — AutoForger

This Privacy Policy explains what information AutoForger collects when you use our Service, how we use it, who we share it with, and your rights regarding your information. By using AutoForger, you consent to the practices described here.

1. Who We Are

AutoForger ("we," "us," or "our") is operated by [LEGAL ENTITY NAME], at [BUSINESS ADDRESS]. For privacy questions or to exercise your rights under this policy, email support@autoforger.com.

2. Information We Collect

2.1 Information You Provide

Account information: name, email address, password (stored hashed), shop name, business address, phone number.
Team members: name, email, and role for each user you invite to your shop.
Operational data: work orders, units (VINs, license plates), customers, parts, technicians, inspections, photos, notes, invoices, estimates, and other records you enter into the Service.
Payment information: billing address and payment method, processed through Stripe. We do not store full credit card numbers on our servers — Stripe handles all card data.
Communications: messages you send to support@autoforger.com or through in-app contact forms.

2.2 Information Collected Automatically

Usage data: pages visited, features used, timestamps of actions (work order created, inspection submitted, etc.) — used to provide the Service and improve performance.
Device and connection data: IP address, browser type, operating system, device type, and approximate location derived from IP.
Cookies and local storage: we use cookies and browser local storage to keep you signed in (session tokens) and remember preferences (theme, sidebar state). We do not use third-party advertising or tracking cookies.

2.3 Information From Third Parties

Stripe: we receive your subscription status, last 4 digits of your card, and payment events from Stripe to manage your billing.
QuickBooks Online (optional): if you connect QuickBooks, we receive your QuickBooks company ID and OAuth tokens to sync invoices and customers, with your explicit consent.

3. How We Use Your Information

We use the information we collect to:

Provide, operate, and maintain the AutoForger Service;
Process subscription payments and send billing notifications;
Authenticate you and protect your account from unauthorized access;
Send transactional emails (password resets, trial expiration warnings, receipts);
Respond to support requests and communicate about service changes;
Diagnose technical issues, prevent abuse, and improve the Service;
Comply with legal obligations.

We do not sell your personal information. We do not use your operational data (work orders, customers, etc.) for any purpose other than providing the Service to you.

4. Who We Share Information With

We share information only as needed to operate the Service:

Stripe — payment processing. Stripe Privacy Policy.
Hostinger — transactional email delivery (account notifications, billing receipts). Hostinger Privacy Policy.
QuickBooks / Intuit — only if you choose to connect QuickBooks Online. Intuit Privacy Statement.
Hosting infrastructure — our servers are hosted on infrastructure that may process data on our behalf solely to deliver the Service.
Legal compliance — we may disclose information if required by law, subpoena, or court order, or to protect our rights, property, or safety.
Business transfers — if AutoForger is acquired or merged, your data may transfer to the acquiring entity, subject to this Privacy Policy.

5. Data Retention

Active accounts: we retain your data for as long as your account is active.
Canceled or expired accounts: data is retained for 30 days after cancellation to allow you to reactivate, then permanently deleted.
Inactive trial accounts: deleted 90 days after the trial expires if no plan is selected.
Backups: deleted data may persist in encrypted backups for up to 90 additional days before being overwritten.
Billing records: retained for at least 7 years to comply with tax and accounting laws.

6. Data Security

We take reasonable measures to protect your information:

All traffic to and from AutoForger is encrypted using HTTPS (TLS);
Passwords are hashed using bcrypt — we cannot recover plaintext passwords;
Authentication uses signed JSON Web Tokens (JWTs);
Each customer's data is isolated in a multi-tenant database with strict tenant scoping;
Payment card data is handled by Stripe (PCI-DSS Level 1 certified) — we never see or store full card numbers.

No method of transmission or storage is 100% secure. If we discover a security incident affecting your data, we will notify you in accordance with applicable law.

7. Your Rights

You have the right to:

Access: request a copy of the personal information we hold about you;
Correct: update inaccurate or incomplete information through your account or by emailing us;
Delete: request deletion of your account and personal data (subject to our retention policy);
Export: export your operational data in machine-readable format;
Withdraw consent: for any processing based on consent (e.g., QuickBooks integration), you may disconnect at any time;
Object: object to certain types of processing.

To exercise these rights, email support@autoforger.com. We will respond within 30 days.

7.1 California Residents (CCPA / CPRA)

California residents have additional rights, including the right to know what categories of personal information we collect, the right to delete, and the right to opt out of "sale" or "sharing" of personal information. AutoForger does not sell or share personal information for cross-context behavioral advertising.

7.2 EU / UK Residents (GDPR)

If you are located in the EU or UK, our legal bases for processing your personal data are: (a) performance of our contract with you (providing the Service), (b) compliance with legal obligations, and (c) legitimate interests in operating and improving the Service. You have rights of access, rectification, erasure, restriction, portability, and objection. You may also lodge a complaint with your local data protection authority.

8. International Data Transfers

AutoForger is operated from the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the U.S. By using the Service, you consent to this transfer.

9. Children's Privacy

AutoForger is intended for use by businesses and is not directed to children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us at support@autoforger.com and we will delete it.

10. Third-Party Links

AutoForger may contain links to third-party sites (e.g., Stripe billing portal, QuickBooks). We are not responsible for the privacy practices of those sites. Review their privacy policies before providing any information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and by posting the updated policy on this page with a new effective date. Your continued use of the Service after the changes take effect constitutes acceptance of the updated policy.

12. Contact

Questions about this Privacy Policy or our handling of your personal information? Email us at support@autoforger.com.