Privacy4Cars – Consumer Privacy Notice
Last updated: 29th December 2025
Privacy4Cars is committed to protecting personal information and respecting privacy rights through compliance with applicable global data protection laws.
1. What does this Privacy Notice cover?
This Privacy Notice explains how Privacy4Cars, Inc. (“Privacy4Cars”, “P4C”, “we”, “us”) collects, uses, shares, and protects personal data when you interact with our consumer-facing services in the United States, Canada, European Union (EU), United Kingdom (UK), Australia, and other regions where our services are available.
Our consumer services include our websites (such as Privacy4Cars.com and VehiclePrivacyReport.com), mobile applications, Vehicle Privacy Reports and similar tools, “Assert your data rights” workflows, resources for survivors of abuse, whitepaper or educational material requests, donation pages, and related communications.
This Privacy Notice replaces and supersedes earlier privacy policies that applied separately to VehiclePrivacyReport(s).com or similar consumer tools. Where previous versions referred to site-specific privacy policies, this consolidated notice now governs our consumer-facing services unless otherwise stated.
This notice applies only to individuals using our consumer services. A separate privacy notice applies to our business or enterprise services (for example, services provided to dealerships, fleets, lenders, or other organizations through Privacy4Cars.biz). Where you interact with us on behalf of a business, that separate notice may apply.
Summary:
This notice explains how Privacy4Cars handles your personal data when you use our consumer tools and resources.
2. Information we collect
What do we mean by “personal data”?
For the purposes of this Privacy Notice, “personal data” (or “personal information”) means information that identifies you or can reasonably be linked to you or to a vehicle that you own or lease. Information that has been de-identified so that it cannot reasonably be linked to you or your vehicle is not considered personal data. Where we maintain de-identified data, we do not attempt to re-identify it unless required by law or with your consent.
Information you provide to us
Depending on how you interact with our services, we may collect personal data that you choose to provide. This includes contact and identity information such as your name, email address, phone number, postal address or region, and information about your relationship to a vehicle (for example, whether you are an owner, lessee, driver, authorized agent, or employee of a dealership or fleet).
We may also collect vehicle-related information, including the vehicle identification number (VIN), vehicle make, model, year, trim, and whether the vehicle is new or used. Where relevant to your request, you may choose to provide information about a dealership, auction company, fleet, lender, or rental company associated with the vehicle.
When you use our “Assert your data rights” tools or otherwise engage us for privacy advocacy, we may collect additional information necessary to act on your behalf. This can include details of the privacy or data rights you wish to exercise, information about connected vehicle services or accounts, copies of documents used to verify your identity or authority (often redacted), details of prior communications with manufacturers or service providers, and instructions about how we should contact you safely.
You may voluntarily share sensitive contextual information, including information relating to personal safety or being a survivor of domestic or other abuse. We treat such information with heightened care, strict access controls, and data minimization practices.
When you use our mobile applications, we may collect account information, details of vehicles you register or work on, actions you take within the app, limited workflow-related location information, and device identifiers used for security and fraud prevention. Our apps are not designed to access the personal content stored on your device, such as contacts, messages, photos, or email content.
If you make a donation, we may collect your name, contact details, donation amount, currency, and limited billing information necessary to process and reconcile the transaction. Full payment card details are processed by third-party payment processors and are not stored by us.
When you request whitepapers or communicate with us, we may collect your contact details and the content of your communications, including attachments.
Information collected automatically
When you visit our websites or use our apps, we automatically collect certain technical and usage information. This includes your IP address and approximate location (at the city or region level), date and time of access, device type, operating system, browser type and version, referring URLs, pages viewed, links clicked, and app performance or diagnostic information such as crash logs.
We use cookies and similar technologies to support essential functions such as security and session management, remember user preferences, and perform limited analytics and performance measurement. Where required by law, we seek your consent for non-essential cookies and provide tools to manage your choices.
Information from third parties
We may receive limited personal data from third parties when necessary to carry out your requests or verify outcomes. This includes information from vehicle manufacturers, dealerships, fleets, lenders, rental companies, and related businesses, particularly when they respond to a privacy rights request, verify vehicle ownership or control, or provide updates on deletion or disconnection status.
We may also receive limited information from payment processors for donation reconciliation and from advocacy partners or support organizations where you have agreed to a referral. We do not purchase consumer data from data brokers.
Summary:
We collect information you provide to us, limited technical data, and necessary information from trusted partners so we can deliver our services.
3. How we use your information
We use personal data only where we have a valid legal basis and for purposes consistent with our mission of helping individuals understand and reduce vehicle-related privacy risks. This includes operating our websites, applications, and tools, generating Vehicle Privacy Reports, and helping users understand what data may be associated with their vehicles.
Where you ask us to act as your authorized agent or privacy advocate, we use personal data to prepare, submit, and track privacy and data rights requests with vehicle manufacturers, dealerships, fleets, rental companies, and other service providers. We also use this information to communicate with those organizations on your behalf, document outcomes, and verify whether requested actions—such as data deletion or account disconnection—have been completed.
We use personal data to communicate with you, respond to enquiries, provide support, send updates about your requests or app activity, and deliver whitepapers, reports, or other resources you request. Where you have opted in, we may also send newsletters or similar communications, which you can opt out of at any time.
In addition, we use de-identified and aggregated data to analyze how our tools are used, improve our products and services, and produce research, statistics, and advocacy materials relating to automotive and mobility privacy. We also process personal data as necessary to protect our systems and users, prevent fraud or misuse, and comply with applicable legal and regulatory obligations.
Summary:
We use your information to provide services, act on your behalf, communicate with you, and improve privacy protections.
4. How we share your information
We share your personal information when you have granted us permission to do so, when it is necessary to fulfill our obligations to you, or when we have a necessary business purpose to share your personal information. In particular, we share your personal information with:
Support Vendors: When necessary, we share your personal information with third-party vendors working on our behalf to provide specific business support services, including payment processing, and application hosting and management.
Mobile Store: If you are making a purchase within the Mobile Application or a purchasing a subscription plan from us though iTunes or Google Play, you are sharing your identity and payment information for billing purposes. Please refer to the privacy policy of your mobile store.
Customers: If you are an employee of a Customer and have registered a Business User Account on the Mobile Application, there is certain information we are obligated to share with our Customers (the business, company, or legal entity to which your Business User Account is tied) based on our contract with our Customers. This information may include your name, email address, location of your Info Wipes, day and time of your Info Wipes, and information about the vehicle from which you are wiping information.1 If you violate the Terms and Conditions of Use [https://privacy4cars.com/terms-of-use/default.aspx] of the Mobile Application, we may also report this violation to the Customer to which your Business User Account is tied. If you have questions about what information we may share with the Customer to which your Business Account is tied, you should contact your employer for more information.
Analytics Companies: We share anonymous, aggregate information regarding use of the Mobile Application with third-party analytics companies. These companies use this aggregate data, which has been stripped of any personally identifying information about you, to provide us with insight regarding Mobile Application usage patterns. As we only share anonymous, aggregate data, this information cannot be traced back to you individually by either us or the analytics vendors.
Other Users: If you provide User Content to the Mobile Application, we may make such information available to other Users of the Mobile Application, including any personal information you include. If you enable sharing of your Account, we will share the generated content with other users of your Account.
Third Parties: In some circumstances, we may share information with unaffiliated third parties, such as dealerships and rental car companies. When we share information with unaffiliated third parties, we will only share anonymous, aggregated data that cannot be used to individually identify you.
Legal Requirements: As required by law, regulation, or legal process, we will share your personal information with government authorities, enforcement officials, or third parties as necessary to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims.
Security and Fraud Prevention Efforts: When necessary, we will share your personal information to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations or suspected violations of this Privacy Policy, our agreements or arrangements with you or other policies in effect from time to time to which you are subject, or as otherwise required by law.
Sale of Business: We reserve the right to transfer your personal information in the event we sell or transfer all or a portion of our business or its assets. In such an event, your personal information will continue to be governed by this Privacy Policy.
We do not “sell” personal data as that term is commonly understood. Where a law defines “sale” or “sharing” more broadly, we follow the additional notice and rights requirements (for example, regional opt‑out rights) to the extent they apply.
Summary: We share personal data with service providers, your organisation, selected partners, authorities where required, and in corporate transactions, but we do not sell personal data in the ordinary sense.
5. Legal bases and international data transfers
Privacy4Cars, Inc., a U.S.-based company (with operations including team members in India), provides B2B automotive privacy solutions used globally including in Canada, Australia, EU/EEA, and UK. We determine our legal basis for processing personal data as follows:
Where EU/UK GDPR applies (to EU/EEA/UK residents or processors): Contractual necessity (Art. 6(1)(b)) for B2B platform access, support, subscriptions; legitimate interests (Art. 6(1)(f)) for service operation/security/improvement, B2B relationship management, internal analytics (balanced via LIA); legal obligations (Art. 6(1)(c)) for regulatory/tax compliance; consent (Art. 6(1)(a)) for non-essential cookies/marketing where required.
Canada (PIPEDA): Consent or implied consent where reasonable; contractual requirements; legal/statutory obligations.
Australia (Privacy Act/APPs): Contract performance; necessary/reasonable for primary purpose (service delivery); direct marketing to business contacts where permitted.
India/U.S./Other: Contractual necessity; legitimate business purposes; legal compliance.
International Transfers: Data collected globally may be processed in the U.S. (primary location), India (operations), or other service provider countries. For EU/UK transfers, we use EU Standard Contractual Clauses (2021), UK IDTA, and Transfer Impact Assessments with supplementary measures. For Canada/Australia, we apply comparable contractual safeguards and vendor due diligence ensuring protection aligned with local standards. Contact privacyrights (at) privacy4cars (dot) com for transfer mechanism details.
Summary: Contract/legitimate interests primarily globally; appropriate safeguards for cross-border transfers (SCCs/IDTA/TIAs). B2B focus throughout.
6. How long we keep information
We retain personal data only for as long as necessary to provide the services you request, document privacy rights requests and deletion activities, comply with legal obligations, enforce our rights, and maintain reasonable business and security records.
For consumer-facing services, privacy rights and deletion records are generally retained for up to four years after the last meaningful interaction, unless a longer period is required by law. Account and app usage data is retained while your account is active and for a limited period afterwards. Donation and financial records are retained as required by tax and accounting laws. De-identified and aggregated data may be retained for longer periods.
Summary:
We do not keep your personal data longer than necessary.
7. How we protect your information
We implement commercially reasonable technical, organizational, and administrative measures designed to protect personal data from unauthorized access, loss, misuse, or alteration. These measures include the use of secure cloud infrastructure, encryption in transit and where appropriate at rest, strict access controls, monitoring, backups, business continuity planning, and ongoing security training.
No system can be guaranteed to be completely secure, but we continuously review and update our safeguards.
Summary:
We use industry-standard security measures to protect your data.
8. Your rights and choices
(a) Rights in respect of your personal information
Depending on where you live and subject to applicable law and certain limitations, you may have rights in relation to your personal information. These rights may include the right to:
- Request access to the personal information we hold about you;
- Request correction of inaccurate or incomplete personal information;
- Request deletion of certain personal information, subject to legal and contractual exceptions;
- Request data portability, where applicable, for certain information you provided to us;
- Object to or restrict certain processing, where provided by law;
- Withdraw consent, where we rely on consent as a legal basis;
- Appeal a decision where we decline to act on your rights request, where required by applicable law.
We do not sell personal information and do not share personal information for cross-context behavioural advertising. As a result, some opt-out rights related to “sale” or “sharing” may not apply to our services.
(b) Exercising your rights
You may exercise your rights by:
- Contacting us at privacyrights (at) privacy4cars (dot) com.
To protect your privacy and security, we may need to verify your identity before fulfilling your request. Depending on the nature of the request, this may include verifying your email address, your relationship to a vehicle, or the authority of an authorized agent acting on your behalf. If we are unable to verify your identity or authority, we may be unable to process your request.
Where required by law, you may also have the right to appeal a decision we make in response to your request. Information on how to submit an appeal will be provided if applicable.
(c) Additional jurisdiction-specific information
- EU and UK:
If you are located in the EU or UK, you have rights under the GDPR or UK GDPR, including the right to lodge a complaint with your local supervisory authority. - United States:
If you are located in a U.S. state with a comprehensive privacy law, you may have rights such as access, deletion, correction, data portability, and the right to appeal certain decisions. We do not sell personal information or share it for cross-context behavioural advertising. - Canada:
If you are located in Canada, federal and provincial privacy laws provide rights of access, correction, withdrawal of consent (subject to legal limits), and the right to complain to the appropriate privacy regulator. - Australia:
If you are located in Australia, the Privacy Act 1988 (Cth) and the Australian Privacy Principles apply. You may request access to or correction of your personal information and make a complaint about our handling of your information. If concerns are not resolved, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).
Summary:
You have privacy rights depending on where you live, and you can exercise them through our tools or by contacting us directly.
9. Children’s privacy
Our consumer services are not directed to children under the age of 16, and we do not knowingly collect personal data from children without appropriate parental or guardian consent. If we become aware that such data has been collected, we will take steps to delete it.
Summary:
We do not knowingly collect data from children under 16.
10. Additional protections for survivors of abuse
We recognize that connected vehicles and related technologies can be misused to stalk, monitor, or control survivors of domestic or other abuse. When you contact us in this context, we collect only the minimum data necessary to assist you and comply with legal obligations. Information about your situation is treated as highly sensitive and subject to strict access controls and a need-to-know approach.
We do not disclose your status as a survivor or details of your situation to third parties unless you ask us to do so, it is necessary to protect vital interests, or we are required to do so by law. If you are in immediate danger, you should contact local emergency services first.
Summary:
If you are a survivor, we prioritize your safety, confidentiality, and control.
11. Third-party websites and services
Our websites and communications may include links to third-party websites, applications, or social media platforms. This Privacy Notice does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services before providing them with personal data.
Summary:
We are not responsible for the privacy practices of third-party sites or services.
12. Changes to this Privacy Notice
We may update this Privacy Notice from time to time to reflect changes in our services, legal requirements, or internal practices. When we do, we will update the “Last updated” date and provide additional notice where required by law.
Summary:
This notice may change, and we will let you know when required.
13. Contact us
Privacy4Cars, Inc.
P.O. Box 287433
New York, NY 10128
United States
Email: privacyrights (at) privacy4cars (dot) com
Summary:
You can contact us at any time with privacy questions or requests.
