Privacy Policy

Last Updated: July 17, 2025

1. Introduction

CarPhotoWizard ("we", "our", or "us") respects your privacy and is committed to protecting your personal data in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA), the Canadian Privacy Act, and the General Data Protection Regulation (GDPR) where applicable. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

2. Information We Collect

2.1 Personal Information You Provide

  • Account Information: Name, email address, username when you register for an account.
  • Vehicle Data: Vehicle Identification Numbers (VIN), car images, descriptions, pricing information submitted for listing enhancement services.
  • Payment Information: Processed securely through Stripe—Card numbers, billing addresses. We do not store full card details on our servers.
  • Support Requests: Communications sent to us when you contact support, including any attachments or images shared in the correspondence.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, listing views, feature usage patterns to improve our service.
  • Device Information: Browser type, operating system, IP address, device identifiers for security and analytics purposes.
  • Cookies: Session cookies for authentication, persistent cookies for preference retention. You can manage cookie preferences in your browser settings and through our cookie banner.

3. How We Use Your Information

We use the collected information solely for the following purposes:

  • To process and deliver AI-powered listing enhancement services you request
  • To create, authenticate, and manage your CarPhotoWizard account
  • To process payments for subscription plans or credit packages
  • To communicate service updates, security alerts, and support messages
  • To monitor and improve AI model quality through anonymized usage analytics
  • To comply with legal obligations, prevent fraud, and protect our users

4. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area, we rely on the following legal bases:

  • Consent: You have explicitly agreed to processing your personal data (e.g., accepting Terms of Service)
  • Contract Performance: Processing is necessary to provide services you requested
  • Legitimate Interests: Improving our services, fraud prevention, and security monitoring
  • Legal Obligation: Compliance with tax, accounting, and law enforcement requirements

5. Data Sharing & Disclosure

We do not sell your personal information. We may share data only with:

  • Service Providers: Stripe (payments), cloud hosting providers, email service deliverability
  • LLM/AI Processing Partners: Images and vehicle data are transmitted to AI processing services solely for enhancement. These partners process data under strict non-disclosure agreements.
  • Legal Requirements: If required by law, regulation, legal process, or governmental request

6. Data Retention & Deletion

Data TypeRetention PeriodAction After Expiry
Active account dataIndefinite (until deletion requested)N/A
Deleted account images30 days (soft-delete window for recovery)Permanent deletion from storage
Audit logs1 yearSecure archival and deletion
Payment records7 years (per Canadian tax law)Secure archival

7. Your Rights (GDPR & PIPEDA)

You have the following rights regarding your personal data:

  • Right to Access: Request a copy of all personal data we hold about you.
  • Right to Rectification: Correct inaccurate or incomplete personal data. You can update basic profile information via Settings page or contact support for other corrections.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data. Submit a deletion request to support@carphotowizard.com. We will process this within 30 days, subject to legal retention obligations.
  • Right to Restrict Processing: Ask us to temporarily or permanently restrict processing of your personal data.
  • Right to Data Portability: Export your data in a structured, commonly used, machine-readable format (JSON). Request this at support@carphotowizard.com.
  • Right to Object: Object to processing based on legitimate interests. We will comply unless we demonstrate compelling legitimate grounds.

8. International Data Transfers

Your personal data may be transferred to and processed in countries other than your country of residence (including the United States). Such transfers are performed under appropriate safeguards including Standard Contractual Clauses or adequacy decisions where applicable.

9. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately and we will delete such information.

10. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:

  • AES-256 encryption for data at rest
  • TLS 1.3 for data in transit
  • Data Protection key rotation
  • Regular security assessments and vulnerability scans
  • Role-based access controls for all administrative interfaces

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by posting the updated policy on this page and, where appropriate, sending you an email notification.

12. Contact Us

If you have questions or concerns about this Privacy Policy or wish to exercise any of your rights:

  • Email:
  • Phone: support@carphotowizard.com