Privacy Policy

1. Introduction

This Privacy Policy describes how AutoScan AI collects, processes, and protects personal data when you access our website and use our SaaS vehicle-inspection platform (collectively, the “Service”).

We comply with the Swiss Federal Act on Data Protection (nDSG / revDSG) of 25 September 2020, in force since 1 September 2023, as well as the EU General Data Protection Regulation (GDPR) (EU) 2016/679 where applicable to users in the European Economic Area (EEA).

2. Data Controller

The data controller responsible for your personal data is:

If you are in the EU/EEA and have questions about our processing of your personal data, you may contact our data protection representative or lodge a complaint with your local supervisory authority.

3. Data We Collect

We collect personal data in the following categories:

4. Legal Basis for Processing

We process your personal data on the following legal bases:

• Contract performance (Art. 6(1)(b) GDPR / Art. 31(2)(a) nDSG): to provide you with access to the platform and fulfil our contractual obligations.
• Legitimate interests (Art. 6(1)(f) GDPR / Art. 31(2)(b) nDSG): to improve the platform, detect and prevent fraud, and ensure security.
• Legal obligation (Art. 6(1)(c) GDPR / Art. 31(2)(c) nDSG): to comply with applicable Swiss and EU laws.
• Consent (Art. 6(1)(a) GDPR / Art. 31(1) nDSG): where we specifically request your consent (e.g., optional analytics cookies).

5. How We Use Your Data

• Provision and operation of the AutoScan AI platform
• User authentication and account management
• Generation, storage, and PDF export of vehicle inspection reports
• Sending transactional emails (account creation, password resets)
• Live-chat communication between tenants and platform administrators
• Platform improvement, bug fixing, and security monitoring
• Compliance with legal obligations (e.g., invoicing, record-keeping)

6. Data Sharing and Third Parties

We do not sell your personal data. We share data only with trusted sub-processors necessary to operate our service:

• Supabase Inc. — database and authentication infrastructure (servers located in EU region)
• IONOS SE / Plesk — server hosting (EU data centres)
• Email delivery provider — transactional email (e.g., Resend or SendGrid)
• Google AI (Gemini API) — AI-powered vehicle analysis (images are processed, not stored by Google)

All sub-processors are bound by data processing agreements (DPAs) ensuring adequate protection. Transfers outside Switzerland or the EEA are protected by appropriate safeguards (Standard Contractual Clauses or adequacy decisions).

7. Retention Periods

We retain personal data only for as long as necessary for the purposes described in this policy, or as required by law:

• Account data: for the duration of the subscription, plus 5 years post-termination for tax and legal compliance
• Inspection reports: retained for the contractual period agreed with the tenant organisation
• Log data: maximum 90 days
• Contact form messages: maximum 2 years

8. Your Rights

Depending on your location, you have the following rights regarding your personal data:

• Right of access — obtain a copy of the personal data we hold about you
• Right to rectification — correct inaccurate or incomplete data
• Right to erasure (“right to be forgotten”) — request deletion of your data
• Right to restriction of processing — limit how we process your data
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interests
• Right to withdraw consent — withdraw any consent given at any time

To exercise any of these rights, contact us at privacy@autoscan.ai. We will respond within 30 days.

9. Security

We implement industry-standard technical and organisational security measures including:

• TLS 1.2+ encryption for all data in transit
• AES-256 encryption at rest for database storage
• Bcrypt password hashing (never stored in plain text)
• Row-Level Security (RLS) policies in the database
• Role-based access control (Super Admin, Admin, Inspector)
• Regular automated security scans and dependency audits

10. Cookies

We use cookies and similar tracking technologies. Please refer to our Cookie Policy for detailed information on the types of cookies used, their purpose, and how to manage your preferences. Cookie Policy

11. Children's Privacy

Our Service is intended exclusively for business users (B2B). We do not knowingly collect personal data from individuals under the age of 16. If you become aware that a minor has provided us with personal data, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be communicated by updating the ‘Last updated’ date and, for material changes, by sending an email notification to registered account holders. We encourage you to review this policy periodically.