Your data. Your rules.

When you use AutoSync, we collect three types of information:

Account Information

Your name, email address, phone number, shop name, address, and billing details. We need this to create your account, bill you, and send you product-critical communications.

Shop Operational Data

Customers, vehicles, work orders, invoices, parts inventory, labor rates, employee records you enter into AutoSync. This is your data — we store it, secure it, and make it available to you, but we never use it for any other purpose.

Usage Data

Anonymous analytics (page views, feature usage, error logs) help us improve the product. IP addresses and user agents are logged for security/fraud prevention and deleted after 90 days.

We use your information only to:

• Provide, maintain, and improve the AutoSync service
• Process your payments and send invoices
• Send product updates and security alerts (you can unsubscribe from marketing emails anytime)
• Respond to support requests
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations (tax records, subpoenas, court orders)

We never use your shop's customer data to train AI models, sell to advertisers, or share with any third party beyond the processors described below.

We share data only with these service providers, who are contractually bound to protect it:

• Stripe — payment processing (card data never leaves Stripe)
• Square — optional alternative payment processor
• Twilio — SMS delivery for appointment reminders and Text-to-Pay links
• SendGrid — transactional email delivery
• Amazon Web Services / Cloudflare — cloud infrastructure and DDoS protection
• Tawk.to — live chat widget on our marketing site (not in your shop admin)
• CARFAX, NHTSA, Nexpart — VIN decoding and parts lookup (only vehicle VIN and part numbers — no customer PII is shared)

We will disclose information to law enforcement only in response to a valid legal request (subpoena, court order, or search warrant) and will notify you unless legally prohibited.

When your shop uses AutoSync, you are the "data controller" for your customers' information and we are the "data processor." You decide what to collect, how long to keep it, and how to respond to customer data requests.

AutoSync acts as a neutral pipeline — we don't analyze, sell, or use your customer data for anything beyond operating the platform for you. If your customers request data access, correction, or deletion, you are responsible for honoring those requests (we provide tools in the UI to do so).

We retain your operational data as long as your account is active. If you cancel, we retain data for 90 days so you can export it, then permanently delete it unless you request earlier deletion.

Billing records (invoices, payment history) are retained for 7 years as required by US tax law, even after account deletion.

Server logs (IPs, user agents, request traces) are retained for 90 days for security purposes, then deleted.

We protect your data with:

• TLS 1.3 encryption for all data in transit
• AES-256 encryption for data at rest
• Per-shop isolated databases — no cross-shop data access
• Bcrypt password hashing with per-user salts
• Mandatory 2FA for all Anthropic employees accessing production
• 24/7 intrusion monitoring and automated anomaly detection
• Annual third-party penetration testing

No system is 100% secure. If we discover a breach affecting your data, we will notify you within 72 hours and provide full details of what was affected and what we're doing about it.

You can, at any time:

• Access — view or export any data in your account
• Correct — update information directly in the UI
• Delete — cancel your account and request full data deletion
• Object — opt out of marketing emails or usage analytics
• Port — export your data in CSV or JSON for migration to another service

California residents: you have additional rights under CCPA including the right to know what personal information we've collected and the right to opt out of any sale (we don't sell data anyway).

EU residents: you have GDPR rights including the right to a copy of your data in a portable format and the right to lodge a complaint with your national data protection authority.

To exercise any of these rights, email privacy@autosyncshopmanager.com.

We use cookies for authentication (session cookies) and preferences (remembered filters, theme). We do not use third-party advertising cookies or tracking pixels.

On our marketing pages only, we use privacy-respecting analytics (Plausible) which does not set cookies or track you across sites.

AutoSync is designed for businesses and is not intended for use by individuals under 18. We do not knowingly collect personal information from children. If we learn we have collected information from a child under 13, we will delete it immediately.

If we make material changes to this privacy policy, we will email you at least 30 days before the changes take effect. Continued use of AutoSync after changes take effect constitutes acceptance of the new policy.

Minor wording changes (typo fixes, clarifications that don't change meaning) will not trigger a notification but will update the "Last updated" date above.

Questions about this policy or your data?

Email: privacy@autosyncshopmanager.com
Mail: AutoSync, Attn: Privacy, [Your Address]
For GDPR inquiries from the EU: specify "GDPR Request" in subject line for expedited handling.