Icon

26. Our Privacy Policy

Our Privacy Policy outlines how we collect, use, and protect your personal information. Your privacy and security are our priorities.

Icon

Privacy Policy

26. Our Privacy Policy

Our Privacy Policy outlines how we collect, use, and protect your personal information. Your privacy and security are our priorities.

Icon

Privacy Policy

26. Our Privacy Policy

Our Privacy Policy outlines how we collect, use, and protect your personal information. Your privacy and security are our priorities.

Icon

Last Updated on June, 10, 2025

26.1 Types of Data Collected

We may collect:

  • Personal Information (e.g., name, email, IP address, device ID)


  • Uploaded Content (e.g., vehicle images, PDFs, contracts)


  • Chat Prompts and AI Responses


  • Payment & Purchase History (via Apple/Google only)


  • Usage Logs, Clicks, Session Duration


  • App Performance and Crash Reports



26.2 How Data is Collected

Via:

  • Direct user input


  • Background app tracking (limited to app activity)


  • Third-party SDKs (RevenueCat, Supabase, OpenAI, Google)


  • Analytics tools (e.g., Firebase, Amplitude)



26.3 Location Data

With your permission, Chariot may access GPS/location data to assist with valuation, regional compliance, or fraud prevention.



26.4 Camera and File Access

When you upload content, Chariot accesses your camera roll, document library, or live camera (with OS-level permissions).



26.5 Why We Collect Data

To deliver AI-powered insights


To generate vehicle reports


To detect abuse, fraud, and misuse


To improve the app through analytics


To support billing, receipts, and customer service



26.6 AI Prompt and Image Logging

We log user prompts, images, and AI model responses for:

  • Abuse prevention


  • Quality improvement


  • Billing/auditing usage


  • Training or fine-tuning where allowed



26.7 How Long We Store It

Prompts, chats, and usage logs: up to 12 months


Reports: 90 days standard, 1 year for annual plans


Uploaded files: 7–90 days depending on feature


Billing/identifiers: indefinitely per financial record laws



26.8 Who We Share With

We may share with:

  • Infrastructure vendors (Supabase, OpenAI, Railway, Cloudflare)


  • Analytics providers (Amplitude, Firebase)


  • Payment processors (Apple, Google)


  • Law enforcement or regulatory bodies (if legally compelled)



26.9 No Sale of Personal Data

Chariot does not sell your personal data to third parties.



26.10 Affiliate or Business Transfers

If Chariot is sold, merged, or acquired, user data may be transferred as part of the business assets.



26.11 GDPR Rights (EU Users)

Right to access, correct, delete, or port data


Right to object to processing


Right to withdraw consent at any time



26.12 CCPA Rights (California Users)

Right to know what we collect and why


Right to request deletion


Right to opt out of any sale of personal data (we do not sell)



26.13 Data Export

Users may request an export of their personal data in a portable format by emailing privacy@chariotreport.com.



26.14 Deletion Requests

Users may request permanent account and data deletion through the app or support email. Some data may be retained for legal or billing reasons.



26.15 How We Secure Data

Data encryption at rest and in transit


Rate limiting, role-based access controls


Scoped tokens for AI usage


Secure infrastructure via Supabase, Railway, Cloudflare



26.16 Breach Notification

If a data breach occurs, we will notify affected users within 72 hours in compliance with applicable law.



26.17 Children’s Privacy

We do not knowingly collect data from users under 13. If we learn this has occurred, we delete the account immediately.



26.18 Biometric/Facial Data

We do not store or analyze facial recognition, biometric IDs, or license plate extraction. Uploaded images are used for car structure only.



26.19 Use of AI Providers

When using AI (e.g., OpenAI or Anthropic), your prompts and content may be routed through their APIs. Chariot enforces provider-specific data boundaries.



26.20 International Data Transfer

Your data may be processed outside of your home country. We implement safeguards to protect personal data per global standards.



26.21 No Guarantee of Erasure from Backups

Deletion from active databases does not guarantee deletion from backup archives, which are rotated periodically.



26.22 Advertising Policy

Chariot does not run personalized ads. App performance and monetization are strictly through subscription and purchases.



26.23 Consent at Signup

By creating an account or uploading content, you consent to this Privacy Policy and agree to all terms within.



26.24 Updates to Privacy Policy

Chariot may update this section periodically. Material changes will be communicated via in-app alert or email.



26.25 Continued Use = Acceptance

Continued use of Chariot after a Privacy Policy update means you accept the changes.



Contact Us

If you have any questions or concerns about our Privacy Policy or the handling of your personal information, please contact us at hello@appit.com