Privacy Policy
Last updated: March 12, 2026
This Privacy Policy describes how Dr.Vin ("we", "us") collects, uses, and protects your information.
1. Information We Collect
Photos you upload: Vehicle photographs submitted for assessment.
Vehicle information: VIN (optional), mileage (optional), ZIP code (optional).
Payment information: Processed directly by Stripe. We do not store credit card numbers.
Technical data: IP address, browser type, and timestamp - collected for security and consent verification.
2. How We Use Your Information
- Provide the Service: Your photos are sent to Google Gemini for AI analysis.
- Process payments: Through Stripe's embedded checkout.
- Report verification: Photos are stored so buyers can verify seller report authenticity.
- Service improvement: Aggregate, de-identified assessment statistics (such as average condition scores by vehicle type) may be used to improve service quality. Individual photos and personal information are never used for AI model training.
- Legal compliance: Consent records and IP addresses are stored for liability protection.
3. Third-Party Services
We share data with:
- Google (Gemini AI): Photos are sent for AI vision analysis. See Google's privacy policy.
- Stripe: Payment processing. See Stripe's privacy policy.
- Amazon Web Services (S3): Photo storage. See AWS's privacy policy.
- NHTSA (National Highway Traffic Safety Administration): VIN lookups for vehicle identification. VINs are sent to the public NHTSA vPIC API.
We do not sell your personal information to any third party.
4. Data Retention
- Photos: Stored for up to 90 days, then deleted.
- Assessment data: Retained for 1 year for dispute resolution, then deleted.
- Payment records: Retained as required by law and Stripe's policies.
- Consent records: Retained for 3 years for legal defense purposes.
5. Your Rights
Depending on your state of residence, you may have the following rights:
California (CCPA/CPRA): Right to know, delete, correct, and opt out of sale/sharing of personal information. Right to non-discrimination.
Virginia (VCDPA): Right to access, delete, correct, and opt out of targeted advertising or sale of personal data.
Colorado (CPA): Right to access, delete, correct, and opt out. We honor Global Privacy Control (GPC) signals.
Connecticut (CTDPA): Right to access, delete, correct, and opt out of targeted advertising or sale of personal data.
To exercise these rights, contact [email protected] with your assessment ID (displayed after each assessment). We will respond within 45 days.
6. GDPR (for EEA/UK Residents)
If you are in the European Economic Area or United Kingdom:
Legal Basis: We process your data based on contractual necessity (to provide the assessment you requested) and legitimate interest (service improvement, fraud prevention).
International Transfers: Your data is processed in the United States. We rely on Standard Contractual Clauses (SCCs) for transfers from the EEA/UK.
Your Rights: You have the right to access, rectify, erase, restrict processing, data portability, and object to processing. Contact [email protected].
Data Protection Authority: You have the right to lodge a complaint with your local data protection authority.
7. Do Not Sell My Personal Information
We do not sell your personal information. If photos are shared with Google Gemini for AI analysis, this may constitute "sharing" under CCPA's broad definition. You can opt out by contacting [email protected].
8. Data Breach Notification
In the event of a data breach affecting your personal information, we will notify affected individuals within 72 hours of becoming aware of the breach, as required by applicable law.
9. Security
We use industry-standard security measures including encrypted data transmission (TLS), access-controlled cloud storage, and rate limiting. However, no system is 100% secure.
10. Children
The Service is not intended for use by anyone under 16 years of age.
11. Changes to This Policy
We may update this Privacy Policy periodically. We will notify users of material changes by updating the "Last updated" date at the top of this page.