Privacy Policy

1. Overview

This Privacy Policy explains what information CarWatch (“we,” “us”) collects, how we use it, and your choices. By using the Service you agree to this policy.

2. Information We Collect

• Account data: your email address and a securely hashed password (we never store your password in plain text).
• Optional contact data: a phone number and/or Telegram chat ID, only if you choose to enable SMS or Telegram alerts.
• Search & watch data: the searches you run and the watches you save (make, model, filters, ZIP/radius, notification channel).
• Alert history: which listings we have notified you about, to avoid duplicate alerts.
• Technical data: standard server logs (IP address, request metadata) used for security, rate limiting, and debugging.

We do not knowingly collect payment card details during beta (there is no billing). If paid plans launch, payments will be handled by a third-party processor and card details will not touch our servers.

3. How We Use Your Information

• To provide the Service — run searches, save watches, and send the alerts you request;
• To send account emails (verification, password reset);
• To secure the Service (rate limiting, abuse prevention) and debug issues;
• To communicate important service notices.

We do not sell your personal information.

4. Third-Party Service Providers

We share limited data with vendors strictly to operate the Service:

• Email delivery — to send verification, reset, and alert emails;
• SMS / messaging — only if you enable those channels;
• Hosting & infrastructure — to run the application and store data.

These providers process data on our behalf under their own terms. We do not authorize them to use your data for their own purposes.

5. Cookies

We use a single, essential httpOnly session cookie to keep you logged in. It is not used for advertising or cross-site tracking. You cannot use the authenticated parts of the Service without it.

6. Data Retention

We retain your account data while your account is active. When you delete your account, we remove your account, watches, and alert history. Aggregated or anonymized listing data (not tied to you) and minimal security logs may be retained as needed for operations and legal compliance.

7. Your Rights & Choices

• Access / update: manage your email, password, and contact channels from your account settings.
• Delete: permanently delete your account and associated data from the account “danger zone.”
• Unsubscribe: remove a watch to stop its alerts, or delete your account to stop all of them.

Depending on where you live (e.g., EEA/UK under GDPR, California under CCPA), you may have additional rights such as data portability or the right to object. Contact us to exercise them. [Refine this section for your actual user jurisdictions before launch.]

8. Security

We use reasonable measures to protect your data, including password hashing (bcrypt), httpOnly session cookies, HTTPS in production, and rate limiting. No method of transmission or storage is 100% secure, and as a beta service we cannot guarantee absolute security.

9. Children

The Service is not directed to anyone under 18, and we do not knowingly collect data from children. If you believe a minor has provided us data, contact us and we will delete it.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be reflected in the version and effective date above.

11. Contact

Questions about your privacy? Contact us at [CONTACT EMAIL].