1. Scope
This Privacy Policy explains how AutoAssessIQ handles personal data when you visit the website, request information, create an account, subscribe to communications, request a trial, use product features, or otherwise interact with the service. It applies to the public website, marketing pages, legal pages, onboarding flows, and related communications.
If a customer signs a separate commercial agreement, data processing addendum, enterprise order form, or negotiated security schedule, those documents may supplement this policy for the relevant customer relationship.
2. Data we collect
Depending on how you interact with the service, we may collect the following categories of information:
- Identity and business contact data, such as your name, work email address, company name, role, and country.
- Account and subscription data, such as login identifiers, plan selection, service configuration, and customer support history.
- Commercial and billing-related data, such as subscription status, invoices, payment status, and transaction references handled through approved payment providers.
- Usage and technical data, such as pages viewed, referral source, browser type, device information, approximate location derived from IP address, and event-level analytics.
- User-submitted business data, such as valuation inputs, vehicle-related information, integration metadata, uploaded materials, or messages submitted through forms.
- Communication data, such as newsletter signups, contact requests, waitlist submissions, and support correspondence.
We do not intentionally collect special-category personal data unless it is provided to us unexpectedly through free-text submissions.
3. How we use data
We use personal data only where it is necessary for a defined business purpose. Typical purposes include:
- operating the website and maintaining service availability;
- creating and administering accounts, trials, and subscriptions;
- processing payments, renewals, invoicing, and commercial administration;
- providing product functionality, analytics, and user-requested outputs;
- responding to contact requests, support tickets, and partnership or investor inquiries;
- protecting the service against fraud, abuse, misuse, and security incidents;
- improving the website, measuring product adoption, and understanding how users interact with content and features;
- sending service communications, updates, legal notices, and, where permitted, marketing communications.
We do not sell personal information. We do not use customer-submitted information for unrelated advertising purposes.
4. Legal bases for processing
Where the GDPR or equivalent laws apply, our legal bases generally include one or more of the following:
- Contract, where processing is necessary to provide the website, a trial, or a subscription requested by you or your organization.
- Legitimate interests, where processing is necessary to secure, improve, administer, and support the service, provided those interests are not overridden by your rights.
- Consent, where a cookie, marketing communication, or optional data use requires prior consent.
- Legal obligation, where records must be retained or disclosed for accounting, tax, compliance, or law-enforcement reasons.
Enterprise note: When customers upload or manage third-party information inside the platform, the customer may act as controller and AutoAssessIQ may act as processor for those instructions.
5. Sharing and processors
We share personal data only where it is required to operate the service or comply with law. Recipients may include hosting providers, infrastructure and security providers, analytics providers, payment processors, customer-support tools, document and communication services, and professional advisers.
We may also disclose data where required to comply with law, enforce our contractual rights, protect users, investigate misconduct, or support a merger, acquisition, financing, or corporate reorganization.
6. Retention
We retain personal data only for as long as necessary for the purpose for which it was collected. Retention periods may vary depending on the type of information:
- marketing-contact data is kept until you unsubscribe or object;
- account and transaction records are retained for operational, accounting, and tax requirements;
- support and inquiry data is retained for continuity, quality, and defense of legal claims;
- technical logs are retained for security monitoring for a limited period proportionate to risk.
7. International transfers
Because the website and service may rely on cloud-based providers, personal data may be processed in countries other than the country in which it was collected. Where required by applicable law, we use appropriate safeguards for such transfers, which may include adequacy decisions, standard contractual clauses, or equivalent transfer mechanisms.
8. Your rights
Depending on your location, you may have the right to access, correct, update, delete, restrict, object to, or port certain personal data, and the right to withdraw consent where processing depends on consent. You may also have the right to lodge a complaint with a supervisory authority.
To exercise a privacy request, use the contact page and describe your request with enough detail to allow us to verify and process it.
9. Security
We apply administrative, technical, and organizational safeguards designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. These safeguards include access management, environment separation, vendor diligence, secure development practices, encryption controls, and monitoring measures proportionate to risk.
10. Children
The website and related services are intended for business users and are not directed to children. We do not knowingly collect personal data from children.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the date at the top of this page and, where appropriate, provide additional notice through the service.