Privacy Policy | DriveVerse

Last updated: December 25, 2024

1. Introduction

At DriveVerse, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services, including DriveVerse Plus (our premium subscription offering).

By using DriveVerse, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our service.

2. Information We Collect

We collect several types of information from and about users of our app, including:

2.1 Personal Information

Email address provided during account creation
Profile information including name, username, bio, and profile picture
Authentication data when you sign in via Google, Apple, or email/password
Age or date of birth (for age verification purposes)
Terms of Service acceptance records including version number and timestamp

2.2 Vehicle Information

VIN (Vehicle Identification Number) if you choose to provide it
Vehicle details including make, model, year, mileage, and color
Maintenance history and logs you create in the app
Car Health Score data and diagnostic history
Smart Buy evaluations and vehicle research data

2.3 Audio and Media Content

Audio recordings of vehicle sounds you upload for AI diagnostic analysis
Vehicle photos and images of issues, parts, damage, or your vehicle
Metadata associated with recordings and photos (timestamp, device info, file size)

Important: Audio recordings and photos are processed by third-party AI services (including OpenAI) for diagnostic analysis. See Section 4 for details.

2.4 User-Generated Content

Community posts including titles, descriptions, and categories
Comments and interactions on posts
Likes, saves, and other engagement with community content
Messages and chatbot conversations with our AI diagnostic tool
Referral codes you use or share

2.5 Technical and Usage Data

Device information including device type, operating system, and version
IP address and approximate geographic location
App usage data including features used, time spent, and navigation patterns
Session data and timestamps of app interactions
Crash reports and error logs for debugging and improvement
Analytics data to understand feature engagement and user behavior

2.6 Subscription and Payment Data

Subscription status (active, canceled, expired) for DriveVerse Plus
Subscription type (monthly, annual) and pricing tier
Payment method (Apple or Stripe) - Note: We do NOT store credit card details

Payment Processing: For in-app purchases, all billing is handled securely by Apple. For web purchases, all payment processing is handled securely by Stripe. DriveVerse does not store or process your credit card information, bank account details, or other payment credentials.

2.7 Communications and Notifications

Firebase Cloud Messaging (FCM) tokens to send push notifications
Notification preferences and settings
Email communications you send to support or receive from us

2.8 Location Data (Optional)

Approximate location if you grant permission, used for features like finding nearby mechanics or local community posts
We do NOT continuously track your location

3. How We Use Your Information

We use the information we collect to:

3.1 Provide and Improve Services

Operate and maintain the DriveVerse app and website
Process and analyze audio recordings and photos for AI diagnostics
Generate Car Health Scores based on your vehicle data and diagnostic history
Provide Smart Buy recommendations and vehicle research insights
Personalize AI chatbot responses using your VIN, mileage, and vehicle information
Display and manage your community posts and interactions
Send push notifications about community activity, AI analysis results, and app updates

3.2 AI and Machine Learning

Train and improve AI diagnostic models using uploaded audio, photos, and user feedback
Enhance accuracy and reliability of diagnostic suggestions
Develop new AI features and capabilities
Share anonymized data with AI service providers (OpenAI, etc.) for processing

3.3 Subscription Management

Process and verify DriveVerse Plus subscription status
Enable or restrict access to premium features
Handle subscription renewals, cancellations, and billing issues
Send subscription-related notifications

3.4 Communication and Support

Respond to your questions, comments, and support requests
Send technical notices, security alerts, and policy updates
Notify you about new features, improvements, or promotional offers (with your consent)

3.5 Analytics and Research

Analyze user behavior and feature engagement
Understand which diagnostic features are most helpful
Conduct research to improve vehicle diagnosis accuracy
Measure effectiveness of AI models and recommendations

3.6 Safety and Security

Detect and prevent fraud, abuse, or misuse of the service
Enforce our Terms of Service and community guidelines
Protect the rights and safety of DriveVerse and its users
Investigate and respond to legal requests or requirements

4. Third-Party Services and AI Processing

DriveVerse integrates with several third-party services to provide functionality. Your data may be shared with these providers:

4.1 Google Firebase

We use Firebase for:

Authentication and user account management (Firebase Auth)
Database storage for user profiles, posts, and app data (Firestore)
File storage for audio recordings and images (Cloud Storage)
Analytics to understand app usage (Firebase Analytics)
Performance monitoring to detect crashes and issues
Push notifications to alert you about app activity (FCM)

Firebase Privacy Policy: https://firebase.google.com/support/privacy

4.2 OpenAI and AI Services

We use OpenAI's APIs to power our AI diagnostic features:

Audio recordings are sent to OpenAI for transcription and analysis
Photos and vehicle data may be sent to OpenAI for diagnostic interpretation
Chatbot conversations are processed using OpenAI's language models (GPT-4, GPT-4.5, etc.)
OpenAI may use data to improve their models (subject to their data usage policies)

Important: When you upload audio or photos for AI analysis, this content is transmitted to and processed by OpenAI's servers. We recommend reviewing OpenAI's privacy policy:

OpenAI Privacy Policy: https://openai.com/privacy

4.3 Other Third-Party Services

VIN Decoder APIs: We use external APIs to decode VINs and retrieve vehicle specifications
Apple App Store: For in-app purchase processing and subscription management
Stripe: For web-based subscription payment processing
Cloud Infrastructure: We use cloud hosting services (AWS, Google Cloud) to store and process data
Analytics Tools: We may use analytics services to track app performance and user engagement

All third-party services are carefully selected and are required to protect your data. However, they operate under their own privacy policies, which we encourage you to review.

5. Data Security

We implement industry-standard technical and organizational measures to protect your personal information, including:

Encryption in transit: All data sent between your device and our servers uses TLS/SSL encryption
Encryption at rest: Sensitive data is encrypted when stored in our databases
Access controls: Limited employee access to personal data on a need-to-know basis
Authentication security: Passwords are hashed and never stored in plain text
Regular security audits: Ongoing monitoring for vulnerabilities and threats
Secure cloud infrastructure: Using trusted providers with strong security practices

However, please understand:

No method of transmission over the Internet is 100% secure
No electronic storage system is completely impenetrable
We cannot guarantee absolute security of your information
You are responsible for maintaining the security of your account credentials

If we discover a data breach that affects your personal information, we will notify you promptly in accordance with applicable laws.

6. Data Retention

We retain different types of data for varying periods based on necessity and legal requirements:

6.1 Retention Periods

Audio recordings: Stored for up to 90 days after upload, or until you delete them manually
Photos and images: Retained while your account is active, or until you delete them
AI analysis results: Retained as part of your diagnostic history while your account is active
Community posts and comments: Retained indefinitely unless you delete them (may be anonymized after account deletion)
Account data: Retained while your account is active
Subscription records: Retained for accounting and legal compliance purposes (minimum 7 years)
Terms of Service acceptance: Retained indefinitely for legal protection
Crash logs and analytics: Retained for up to 90 days

6.2 Account Deletion

When you delete your account:

Personal information (name, email, profile) is deleted within 30 days
Audio recordings and photos you uploaded are permanently deleted
AI diagnostic data linked to your account is anonymized or deleted
Community posts may remain but are anonymized (author shown as "Deleted User")
Some data may be retained longer if required by law or for legal defense

6.3 Backups

Deleted data may remain in backup systems for up to 90 additional days before being permanently purged.

7. Data Sharing and Disclosure

We do NOT sell your personal information to third parties. However, we may share your data in the following limited circumstances:

7.1 With Your Consent

When you explicitly authorize us to share information with third parties
When you post content publicly to the community

7.2 Service Providers

Third-party companies that help us operate DriveVerse (hosting, analytics, AI processing)
These providers are contractually obligated to protect your data and use it only for specified purposes

7.3 Legal Requirements

We may disclose your information if required to:

Comply with legal obligations, court orders, or government requests
Enforce our Terms of Service or investigate violations
Protect the rights, property, or safety of DriveVerse, our users, or the public
Respond to law enforcement requests or legal processes

7.4 Business Transfers

If DriveVerse is involved in a merger, acquisition, or sale of assets, your information may be transferred to the new owner. We will notify you before your data is transferred and becomes subject to a different privacy policy.

7.5 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you:

With researchers studying vehicle diagnostics or AI accuracy
To demonstrate product capabilities or industry trends
For marketing or business purposes

8. International Data Transfers

DriveVerse operates globally, and your information may be transferred to, stored in, and processed in countries outside your country of residence, including the United States.

These countries may have different data protection laws than your home country. By using DriveVerse, you consent to such international transfers.

We take steps to ensure your data receives adequate protection regardless of where it is processed, including:

Using third-party services that comply with international data protection frameworks
Implementing standard contractual clauses where applicable
Following GDPR, CCPA, and other privacy law requirements

9. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

9.1 Access and Portability

View your data: You can access your profile, posts, and diagnostic history in the app
Export your data: Contact us to request a copy of your data in a portable format

9.2 Correction and Updates

Update your profile: Edit your name, bio, vehicle information, and preferences in app settings
Correct inaccuracies: Contact us to correct inaccurate or incomplete data

9.3 Deletion

Delete content: Remove individual posts, comments, audio recordings, or photos
Delete your account: Permanently delete your account and associated data through app settings

9.4 Restrict or Object to Processing

Opt out of analytics: Disable analytics tracking in app settings
Limit AI training use: Contact us to request your data not be used for AI training (may limit service functionality)

9.5 Withdraw Consent

Revoke permissions: Disable location access, notifications, or other permissions in device settings
Unsubscribe: Opt out of promotional emails using the unsubscribe link

9.6 Notification Preferences

Manage push notifications: Control notification types in app settings
Email preferences: Choose which emails you receive from us

9.7 Exercising Your Rights

To exercise any of these rights, contact us at:

Email: thedriveverse@gmail.com
In-app: Use the "Contact Support" option in Settings

We will respond to your request within 30 days (or as required by applicable law).

10. Children's Privacy

10.1 Age Restrictions

DriveVerse is not intended for children under 13 years old. We do not knowingly collect personal information from users under 13. If we discover we have collected data from a child under 13, we will delete it immediately.

10.2 Parental Consent

Users between 13 and 15 years old may only use DriveVerse with verifiable parental or guardian consent. Parents or guardians of users in this age range can:

Review what information we collect from their child
Request deletion of their child's information
Request we stop collecting or using their child's information

10.3 Users 16 and Older

Users 16 years and older may use DriveVerse without parental consent, as this aligns with typical driving age requirements.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

11.1 Right to Know

You have the right to request:

Categories of personal information we collect
Specific pieces of personal information we hold about you
Sources from which we collected your information
Purposes for collecting or selling your information
Categories of third parties with whom we share information

11.2 Right to Delete

You can request deletion of your personal information, subject to certain exceptions.

11.3 Right to Opt-Out of Sale

We do not sell your personal information. If this changes, we will provide a clear way to opt out.

11.4 Right to Non-Discrimination

You have the right to not receive discriminatory treatment for exercising your CCPA rights.

11.5 Exercising CCPA Rights

To exercise your CCPA rights, email us at thedriveverse@gmail.com with "CCPA Request" in the subject line.

12. European Union Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

12.1 Legal Basis for Processing

We process your data based on:

Consent: When you agree to data collection (e.g., uploading audio for AI analysis)
Contract performance: To provide services you've requested (e.g., AI diagnostics, subscriptions)
Legitimate interests: To improve our services, prevent fraud, and analyze usage
Legal obligations: To comply with applicable laws

12.2 GDPR Rights

Right to access your personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing
Right to withdraw consent at any time

12.3 Contact for GDPR Inquiries

For GDPR inquiries, contact us at: thedriveverse@gmail.com

12.4 Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your rights under GDPR.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

Changes to our data practices
New features or services
Legal or regulatory requirements
Third-party service updates

13.1 Notification of Changes

When we make material changes, we will:

Update the "Last updated" date at the top of this policy
Notify you via push notification or email
Display an in-app notice when you next open DriveVerse
For significant changes, we may require you to review and accept the updated policy

13.2 Your Acceptance

Your continued use of DriveVerse after a Privacy Policy update constitutes your acceptance of the changes. If you do not agree with the updated policy, you must stop using the service and may delete your account.

14. Do Not Track Signals

Some browsers and devices offer "Do Not Track" (DNT) signals. Currently, there is no industry standard for responding to DNT signals. DriveVerse does not respond to DNT signals at this time. If an industry standard emerges, we will update this policy accordingly.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: thedriveverse@gmail.com
In-app: Settings → Contact Support

We aim to respond to all inquiries within 30 days.

16. Summary: Key Points

What We Collect:
Account info, vehicle data, audio recordings, photos, usage data

How We Use It:
AI diagnostics, app improvement, subscription management, support

Who We Share With:
OpenAI (for AI processing), Firebase (for infrastructure), payment processors

Your Rights:
Access, delete, export, correct your data anytime

Data Security:
Encrypted storage and transmission, industry-standard protections

Retention:
Audio/photos: 90 days; Account data: while active; Some legal records: up to 7 years

Children:
Under 13: Not allowed; 13-15: Parental consent required; 16+: Full access

Contact:
thedriveverse@gmail.com for any privacy questions

Version: 2.0.0
Effective Date: December 25, 2024
Previous Version: 1.0 (May 3, 2025)