Legal

Privacy Policy

Effective date: 13 June 2026 · Version 1.1

This document is a draft prepared for review. It should be reviewed and approved by qualified legal counsel before publication and may change before launch. Fields shown like [THIS] must be completed with the operating company's real details before publishing.

carseal helps you create independent, tamper-evident evidence of a rental car's condition at pickup and return, so a damage claim that was never yours never costs you a cent. This policy explains what personal data we collect, why, the legal basis for processing it, how long we keep it, who processes it on our behalf, and the rights you have over it — wherever in the world you live.

1. Who we are (data controller)

The carseal app and website (the "Service") are operated by carseal, a company incorporated in Romania (registration no. [REG. NUMBER][, VAT no. if applicable]), with its registered office at [REGISTERED ADDRESS] ("carseal", "we", "us"). We are the controller of the personal data described in this policy. Confirm the exact registered legal form (e.g. [Carseal S.R.L.]) before publishing.

For any privacy question, or to exercise your rights, contact us at privacy@carseal.ai or by post at the address above. This policy applies to the carseal mobile application (iOS and Android) and the carseal website, including independent verification pages.

2. What data we collect

We collect only what the evidence service needs to function, plus limited diagnostics. We do not sell your data and we do not use it for advertising.

2.1 Account data

Email address and, where provided, your name, obtained when you sign in with Google or Apple. We store the authentication provider ("google" or "apple") and a provider-issued account identifier. We do not receive or store your Google/Apple password.
App language preference (English or Romanian).

2.2 Rental and vehicle data you enter

The rental-company name and branch, the rental agreement number, and any notes you add.
The vehicle's licence plate, plate country, and colour.
The Vehicle Identification Number (VIN), which you may type or capture from a photo, and the decoded vehicle specification (make, model, year, body type) derived from the VIN.

2.3 Inspection evidence (the core of the service)

Photos and video keyframes of the vehicle captured during a walk-around or 360° scan, together with cryptographic hashes (SHA-256) of each file and capture timestamps.
Precise location (GPS latitude and longitude, plus accuracy) recorded per inspection and, where available, per keyframe, to evidence where and when the scan took place.
Device motion / heading data (from the compass and motion sensors) used while you scan, to guide camera coverage of each zone of the car. This is used on-device to steer the scan and is recorded as part of the scan ledger.
Vehicle condition data: odometer reading, fuel level/type, the zones covered, the scan ledger, and detected damage (type, severity, panel, confidence, and whether it appears pre-existing or new).

2.4 Disputes

If you analyse a charge from a rental company, we store the claim details you provide (such as the charged amount and currency), the comparison verdict, and any dispute document package generated for you.

2.5 Purchases

carseal sells protection credits as in-app purchases. Billing is handled entirely by the Apple App Store or Google Play; we never receive your card or payment details. We store your credit balance, the product purchased (for example a single protection or a 3-pack) and the date your last purchase was validated, so your protections are available across your devices.

2.6 Analytics and diagnostics

Firebase Analytics records a small set of in-app events (for example: a rental was created, a scan started or sealed, a report was viewed, a dispute was started) to help us understand and improve the product flow.
Firebase Crashlytics records crash and error diagnostics (device model, OS version, stack traces and app state at the time of a crash) so we can fix stability problems.

We do not knowingly collect special-category data (such as health, biometric identifiers, or political/religious data). Please do not capture such data into the Service. Photographs of a vehicle may incidentally include faces or bystanders; you are responsible for not scanning people or property you have no right to photograph (see our Terms).

3. How we use your data, and our legal basis

Under the EU General Data Protection Regulation and the UK GDPR we rely on the following legal bases (Article 6):

Purpose	Data used	Legal basis (GDPR / UK GDPR Art. 6)
Create your account and sign you in	Email, name, auth provider/ID	Performance of a contract — Art. 6(1)(b)
Produce and store tamper-evident condition evidence (the service you ask for)	Photos/keyframes, hashes, GPS, heading, VIN + spec, odometer/fuel, condition data	Performance of a contract — Art. 6(1)(b)
Detect and localise vehicle damage from photos using AI	Photos/keyframes (and the resulting damage findings)	Performance of a contract — Art. 6(1)(b); and our legitimate interest in fraud prevention and accurate damage detection — Art. 6(1)(f)
Decode a VIN into a vehicle specification	VIN	Performance of a contract — Art. 6(1)(b)
Sell and grant protection credits	Purchase/entitlement data	Performance of a contract — Art. 6(1)(b)
Understand product usage (analytics)	Firebase Analytics events	Consent — Art. 6(1)(a)
Diagnose crashes and keep the app stable	Crashlytics diagnostics	Legitimate interest in a working, secure product — Art. 6(1)(f) (consent where required by your platform)
Comply with legal obligations and defend or pursue legal claims	As relevant to the matter	Legal obligation — Art. 6(1)(c); legitimate interest — Art. 6(1)(f)

Where we rely on consent (for example analytics), you can withdraw it at any time in Settings without affecting processing already carried out. Where we rely on legitimate interests, you may object as described in Section 8.

4. Use of artificial intelligence to detect damage

To find and locate damage on your vehicle, carseal sends your inspection photos and keyframes to a third-party AI provider for visual analysis:

Anthropic, PBC ("Claude") is our default vision provider. It is used to read the VIN from a photo, to triage which frames may contain damage, and to localise and describe damage.
Google ("Gemini") may be used as an alternative or supplementary vision provider for the same purposes.

These providers process the images on our instruction, as our processors, solely to return damage findings to carseal. We do not authorise them to use your images to train their models. The output (the damage findings) is stored with your inspection. AI damage detection is an automated aid that informs the evidence record; it is not a legally binding determination, it does not by itself produce legal effects, and human review remains available in a dispute (see our Terms).

5. Who else processes your data (processors and sub-processors)

We share data only with service providers who process it on our behalf under contract, and only as needed:

Anthropic, PBC and/or Google LLC — AI vision analysis of inspection photos and VIN reading (see Section 4).
Google LLC (Firebase) — Analytics and Crashlytics diagnostics.
Apple Inc. and Google LLC — sign-in and in-app purchase billing (they act as independent controllers for the payment they process).
Our cloud hosting and storage provider ([HOSTING PROVIDER + REGION, e.g. Hetzner, EU]) — to run the carseal backend and store your evidence.

We use the U.S. National Highway Traffic Safety Administration's public vPIC VIN-decode service to translate a VIN into a vehicle specification. Only the 17-character VIN is sent; no personal account data is included.

We do not sell personal data and do not share it for cross-context behavioural advertising. We may disclose data if required by law, to enforce our Terms, or in connection with a merger, acquisition or sale of assets (in which case we will notify you and any successor will remain bound by this policy).

6. International data transfers

Some of our processors (including Anthropic, Google and Apple) are based in, or process data in, the United States and other countries outside the European Economic Area and the United Kingdom. Where personal data is transferred out of the EEA or the UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum), and, where applicable, the providers' certification under the EU–U.S. Data Privacy Framework and its UK extension. You can ask us for a copy of the safeguards in place.

7. How long we keep your data

For the rental lifecycle: inspection evidence and related data are retained for as long as the associated rental is active and the evidence may be needed (pickup through return and report).
Dispute / legal window: after a rental ends, sealed evidence and related records are retained for a defined period to support any damage dispute and to allow legal claims to be made or defended — by default up to 24 months after the rental ends, or longer where a dispute or legal matter is ongoing or where the law requires.
Account data is kept while your account exists.
Analytics and crash diagnostics are retained for a limited period in line with Firebase defaults and our configuration.

When you delete your account, we erase your data as described in Section 8. Note that integrity of the evidence relies on sealed records being unaltered while retained; deletion removes the record entirely rather than altering it.

8. Your rights (EU / EEA and UK)

If you are in the European Economic Area or the United Kingdom, under the GDPR / UK GDPR you have the right to access, rectify, erase, restrict and object to processing of your personal data, the right to data portability, and the right to withdraw consent at any time (for example, analytics consent) without affecting prior processing. You also have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects; carseal's damage detection is an aid only and is not such a decision.

carseal builds two of these rights directly into the app:

Export my data — open Settings → Export my data. This calls /me/export and returns a machine-readable JSON copy of everything we hold for you: your profile, rentals, inspections (including GPS, odometer, fuel and the scan ledger), media metadata (file hashes, timestamps, locations — not the raw image bytes), detected damage, claims and dispute documents. This implements your right to data portability (Art. 20) and access (Art. 15).
Delete account — open Settings → Delete account. This calls DELETE /me and permanently erases your account and all associated rentals, inspections, photos, damage findings, claims and dispute artifacts. This implements your right to erasure (Art. 17). Deletion is irreversible.

You can also exercise any right by emailing privacy@carseal.ai. We will respond within one month. You have the right to lodge a complaint with your data protection authority: in Romania this is the National Supervisory Authority for Personal Data Processing (ANSPDCP); in the UK it is the Information Commissioner's Office (ICO); in other EEA countries, your local authority.

9. Your United States privacy rights (California and other states)

This section applies to residents of U.S. states with comprehensive privacy laws, including California (CCPA as amended by the CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA) and others as they take effect.

We do not "sell" your personal information and we do not "share" it for cross-context behavioural advertising as those terms are defined under California law, and we have not done so in the preceding 12 months. We do not use or disclose sensitive personal information for purposes that would require a right to limit.

In the past 12 months we have collected the categories of personal information described in Section 2 (identifiers such as email; commercial information such as purchases; geolocation; audio/visual information i.e. your vehicle photos; internet/usage activity i.e. analytics and crash diagnostics; and inferences in the form of damage findings). We collect it for the business purposes in Section 3 and disclose it only to the processors in Section 5.

Subject to your state's law and verification, you have the right to:

Know / access the personal information we have collected about you and how we use and disclose it;
Delete the personal information we hold about you;
Correct inaccurate personal information;
Opt out of any sale or sharing for targeted advertising (not applicable — we do none);
Not be discriminated against for exercising your rights.

You can exercise the access, correction and deletion rights directly in the app (Settings → Export my data and Settings → Delete account) or by emailing privacy@carseal.ai. You may use an authorised agent. We will verify your request through your account sign-in. If we deny a request you may appeal by replying to our response; California residents may also contact the California Privacy Protection Agency or Attorney General.

10. Security

Sealed evidence is stored using write-once, tamper-evident techniques (cryptographic hashing and Merkle-rooted records) and access to your data is restricted to your authenticated account. We apply technical and organisational measures appropriate to the sensitivity of the data, but no system is perfectly secure. If a personal-data breach is likely to result in a risk to your rights, we will notify the relevant authority and, where required, you, without undue delay.

11. Children

carseal is intended for users who are old enough to enter a car-rental agreement (at least 18) and is not directed to children. We do not knowingly collect personal data from children under 16 (or under 13 where U.S. COPPA applies). If you believe a child has provided us data, contact privacy@carseal.ai and we will delete it.

12. Users outside the EU, UK and US

If you use carseal from any other country, this policy still applies to you and we handle your data to the standard described here. You may also have rights under your local data-protection law; contact privacy@carseal.ai to exercise them and we will comply to the extent that law requires.

13. Changes to this policy

We may update this policy. We will change the effective date above and, for material changes, notify you in the app. Continued use after an update means you accept the revised policy.

14. Contact

Questions or requests: privacy@carseal.ai, or by post to carseal, [REGISTERED ADDRESS].