Privacy Policy
MechMap ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and the choices you have regarding your personal data when you use the MechMap mobile application and services.
1. Who We Are
MechMap, Inc. ("MechMap," "we," "our," or "us") operates the MechMap mobile application and website at https://marketplace-builder-dufflebagboy77.replit.app — a two-sided marketplace that connects customers seeking automotive services with independent mobile mechanics and detailers ("Providers"). For privacy matters, contact us at privacy@mechmap.app.
2. Information We Collect
We collect information in three ways: Information you provide directly: • Account registration: full name, email address, password (hashed), phone number, and role (customer or provider). • Provider profile: business name, bio, service categories, hourly rate, years of experience, and profile photo. • Vehicle information: make, model, year, color, license plate, and VIN you add to your garage. • Booking details: service requested, scheduled date/time, address, and notes. • Messages: text content of conversations between customers and providers. • Reviews: star ratings and written comments you submit. • Support communications: emails or messages you send to our support team. Information collected automatically: • Device location (with your permission): GPS coordinates used to show nearby providers and calculate distances. We do not store your location history. • Device identifiers: push notification tokens to deliver booking alerts and messages. • Usage data: screens visited, features used, error logs, and app performance data. • IP address and device type for security and fraud detection. Information from third parties: • Stripe, Inc.: transaction status and payment intent identifiers (we never store full card numbers). • RevenueCat: subscription tier, entitlement status, and purchase history.
3. How We Use Your Information
We use the information we collect to: • Create and manage your account and connect customers with nearby providers. • Process bookings, payments, and refunds. • Facilitate messaging between customers and providers. • Send push notifications for booking confirmations, status updates, and new messages. • Detect, investigate, and prevent fraud, abuse, and violations of our Terms of Service. • Analyze aggregated usage patterns to improve app features and performance. • Comply with applicable laws and enforce our legal rights.
4. Legal Basis for Processing (GDPR / EEA Users)
If you are located in the European Economic Area, our legal bases for processing your personal data are: • Contract performance: processing necessary to provide the MechMap service. • Legitimate interests: fraud prevention, security, and improving our services. • Consent: sending marketing communications — you may withdraw consent at any time. • Legal obligation: retaining transaction records as required by tax and financial regulations.
5. How We Share Your Information
We do not sell your personal information. We share information only: • With other users as necessary (e.g., your name and address with a provider you book). • With service providers: Stripe (payments), RevenueCat (subscriptions), Cloudinary (images), Expo (push notifications). • For legal reasons when required by applicable law or to protect rights and safety. • In connection with a merger, acquisition, or sale of assets (with notice to you).
6. Payment Processing
All payment processing is handled by Stripe, Inc., a PCI DSS Level 1 certified payment processor. MechMap never stores full card numbers, CVV codes, or bank account details. Stripe's handling of your payment data is governed by stripe.com/privacy.
7. Location Data
We request 'When In Use' location permission to show nearby providers and calculate distances. We do not store precise GPS history. You can revoke location permission at any time in Settings > Privacy > Location Services.
8. Push Notifications
With your permission, we send push notifications for booking updates, new messages, and review requests. You may disable push notifications at any time in your device settings.
9. Data Retention
We retain your data while your account is active. Account data is deleted within 30 days of an account deletion request. Booking records are retained for 7 years for financial compliance. You may request deletion at any time via Profile > Delete Account or by emailing privacy@mechmap.app.
10. Your Rights and Choices
All users may access, correct, or delete their data. EEA/UK users have additional GDPR rights (portability, restriction, objection). California users have CCPA rights including the right to know and the right to delete. To exercise any right, email privacy@mechmap.app.
11. Security
We use TLS 1.2+ for data in transit, bcrypt for password hashing, signed JWTs for authentication, and restrict database access to our application servers. Despite these measures, no internet transmission is completely secure.
12. Children's Privacy
MechMap is not directed to individuals under 18 years of age. If you believe your child has created an account, contact privacy@mechmap.app and we will delete it promptly.
13. International Data Transfers
MechMap is operated from the United States. If you are located outside the United States, your information is transferred to and processed in the United States. For EEA transfers, we rely on Standard Contractual Clauses.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via push notification and in-app notice. Continued use of MechMap after the effective date constitutes acceptance of the updated policy.
15. Contact Us
MechMap, Inc. Email: privacy@mechmap.app Support: support@mechmap.app Response time: within 5 business days for general inquiries; within 30 days for formal data rights requests.