Privacy Policy

Last updated: February 27, 2026

1. What We Collect

Account data: Email address, hashed password, and optionally your name and phone number.

Phone numbers: If you provide a phone number, it is encrypted using AES-256-GCM before storage. We never store your phone number in plain text.

Scan data: When someone scans your tag, we log a one-way hash of their IP address (not the IP itself), browser user-agent, and an approximate city derived from their IP (e.g., “Austin, TX”). We do not store GPS coordinates or precise location.

2. How We Use Your Data

• To notify you when someone scans your vehicle tag.
• To relay messages and calls without revealing either party's identity.
• To enforce rate limits and prevent abuse.
• To send you account-related emails (password resets, security alerts).

We never sell your data, share it with advertisers, or use it for profiling.

3. Data Encryption

Phone numbers are encrypted with AES-256-GCM using a server-side key. Passwords are hashed with bcrypt (12 rounds). All traffic is encrypted over HTTPS/TLS.

4. Third-Party Services

• Twilio — SMS and voice relay (when SMS notifications are enabled).
• Resend — Transactional email delivery.
• AWS — Infrastructure hosting (EC2, RDS).

These providers process data under their own privacy policies as data processors on our behalf.

5. Data Retention

Interaction logs are retained for 90 days, then purged automatically.Account data persists until you delete your account.IP hashes are non-reversible; the original IP cannot be recovered.

6. Your Rights

• Access: Request a copy of your data from the Settings page.
• Delete: Delete your account and all associated data at any time.
• Portability: Export your vehicle and tag data as JSON.

7. Contact

Questions about privacy? Email us at [email protected].