Privacy Policy

1. Information We Collect

• Account information: email address, hashed password, and role type you provide during registration.
• Profile information: name, business name, bio, location, tags, and profile photo URL you add voluntarily.
• User-generated content: posts, comments, marketplace listings, and event listings you create.
• Authentication data: when you sign in with Google, Firebase Authentication (operated by Google) processes your Google account information. We receive only an authentication token.
• Usage data: Browser type, operating system, and server request logs retained for up to 90 days for security and reliability. For users who have consented, behavioral events (page views, feature interactions) are collected by our self-hosted analytics platform.
• Analytics data: Behavioral events (page views, navigation paths, feature clicks, platform activity counts) collected for users who have given explicit consent. No email address, full name, or message content is ever stored in analytics. See Section 10.
• Media files: images you upload are stored on cloud storage infrastructure. File URLs are saved to your account.

2. How We Use Your Information

• To create and manage your account and authenticate you securely.
• To provide, operate, and maintain the Service.
• To enable you to post content and interact with other users.
• To process subscription tier upgrades.
• To send transactional emails (e.g., password reset) — we do not send marketing email without your explicit consent.
• To detect and prevent fraud, abuse, and security incidents.
• To comply with applicable laws and legal obligations.
• To analyze platform usage patterns and improve user experience, for users who have given analytics consent.
• To generate aggregate, anonymized market intelligence for automotive industry partners. No individual user data is shared; only statistical summaries with a minimum group size of 5 users.

3. Authentication Storage

AutoGuildX stores a JSON Web Token (JWT) in your browser's localStorage to keep you signed in between sessions. This storage is strictly necessary for the Service to function. You may clear it at any time through your browser settings or by signing out.

Firebase Authentication (operated by Google) may store its own local storage entries to manage your Google sign-in session. These entries are governed exclusively by Google's Privacy Policy. AutoGuildX does not read or modify these entries.

4. Data Sharing and Third Parties

We do not sell your personal information to third parties. We share data only as described below:

• Analytics platform (PostHog, self-hosted): Our behavioral analytics system runs on our own servers — event data never leaves our infrastructure. PostHog processes data solely as a data processor under a Data Processing Agreement.
• Automotive industry partners (aggregate insights only): We share aggregate, anonymized market intelligence with vetted partners. All shared reports remove individual identifiers and suppress any group with fewer than 5 users. This is not a sale of personal data under GDPR or CCPA.
• Firebase / Google: identity and authentication services.
• Cloud storage provider (AWS S3 or equivalent): stores media files you upload.
• Hosting infrastructure: servers that run the Service may process request logs.
• Legal requirements: we may disclose information if required by law, subpoena, or to protect the rights of AutoGuildX or others.
• Business transfers: in the event of a merger or acquisition, user data may be transferred as a business asset.

5. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where required by law. Analytics event data is retained for 12 months and then automatically deleted. Server logs are retained for up to 90 days for security purposes. Publicly shared content may remain visible to other users until you explicitly delete it.

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: request a copy of the personal data we hold about you.
• Correction: update inaccurate or incomplete data through your profile settings.
• Deletion: request deletion of your account and associated personal data.
• Portability: receive your data in a structured, machine-readable format (GDPR Article 20).
• Opt out of analytics: You may withdraw analytics consent at any time via the cookie preferences link in the page footer or through your account settings. Withdrawing consent stops future collection and triggers deletion of your analytics records within 30 days.
• Opt-out of sale (CCPA): We do not sell personal data. Aggregate insights shared with partners do not constitute a sale under CCPA because they contain no individual identifiers.
• Withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise these rights, contact us at privacy@autoguildx.com. We will respond within 30 days.

7. Children's Privacy

The Service is not directed at children under the age of 18. We do not knowingly collect personal information from anyone under 18. If you become aware that a minor has provided us with personal data, please contact us and we will take steps to delete it.

8. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Material changes will be communicated via a notice on the Service or by email. Continued use of the Service after changes constitutes your acceptance of the updated policy.

9. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact:

10. Analytics and Behavioral Data

We use PostHog, an open-source analytics platform, deployed on our own servers. Your behavioral data never reaches any third-party analytics service.

What we collect (with consent):

• Page views and navigation paths across the platform.
• Feature interactions: button clicks, form submissions, search queries.
• Account properties: role type, subscription tier, verification status.
• Platform activity counts: number of listings, posts, and courses created.

What we never collect in analytics:

• Email addresses, full names, or phone numbers.
• The content of private messages.
• Payment card or financial details.
• Precise geolocation.

Analytics are strictly opt-in. A consent banner appears on first visit. If you decline, no behavioral events are captured. You can change your choice at any time via cookie preferences in the footer.

We honor the browser Do Not Track (DNT) signal: if DNT is enabled, analytics are disabled regardless of your stored consent preference.

11. Aggregate Market Insights

AutoGuildX may generate and share aggregate, anonymized market intelligence with vetted automotive industry partners (brands, suppliers, dealerships, researchers).

Before any insight leaves our systems: (1) all individual identifiers are removed; (2) any group with fewer than 5 users is suppressed; (3) no combination of attributes that could uniquely identify a person is included.

Examples of data we may share: "suspension parts are the most viewed category in Q1", "mechanics account for 60% of marketplace activity", "average listing price by vehicle category." These reports do not constitute a sale of personal data.

If you prefer your behavioral data not contribute to aggregate insights even in anonymized form, opt out of analytics via cookie preferences. Opting out excludes you from all aggregate computations.