Privacy Policy
Last updated: April 2026
1. Introduction
garageview.ai ("we", "our", "the Service") is a car search aggregation tool that helps users compare vehicles from online marketplaces. This Privacy Policy explains how we collect, use, and protect your information in compliance with the EU General Data Protection Regulation (GDPR).
By using our Service, you acknowledge that you have read and understood this Privacy Policy. We are committed to protecting your privacy and processing your data lawfully, fairly, and transparently.
2. Data Controller
The data controller responsible for processing your personal data is:
garageview.ai
Email: [email protected]
Website: https://garageview.ai
3. Information We Collect
Account Information: When you sign in with Google, we receive your name, email address, and profile picture from your Google account.
User Preferences: Language, currency, location preferences, and theme settings you configure within the app.
Usage Data: Car searches, collections you create, ratings you assign, and interactions with AI features.
Technical Data: Browser type, device information, and IP address collected automatically through server logs.
Analytics Data: With your consent, we collect page views, session information, and feature usage through Google Analytics and PostHog.
4. Legal Basis for Processing
We process your personal data based on the following legal grounds under GDPR Article 6(1):
| Processing Activity | Legal Basis |
|---|---|
| User authentication (Google OAuth) | Art. 6(1)(b) -- Contract performance |
| Car collection management | Art. 6(1)(b) -- Contract performance |
| AI car analysis and chat | Art. 6(1)(b) -- Contract performance |
| Transactional emails | Art. 6(1)(b) -- Contract performance |
| Web analytics (GA, PostHog) | Art. 6(1)(a) -- Consent |
| Listing scraping from mobile.de | Art. 6(1)(f) -- Legitimate interest |
| CDN and DDoS protection | Art. 6(1)(f) -- Legitimate interest |
5. How We Use Your Information
We use your information to:
- Provide and maintain the Service
- Authenticate your identity via Google OAuth
- Save your car searches, comparisons, and preferences
- Power AI-assisted features (car ratings, deep research, chat)
- Send transactional emails (invitations, account notifications)
- Calculate travel times and distances to car sellers
- Improve the Service and fix issues (with your consent, via analytics)
6. Cookies and Tracking Technologies
We use cookies to operate the Service and, with your consent, to analyze usage. The following cookies may be set:
| Cookie Name | Category | Purpose | Duration |
|---|---|---|---|
| _session_id | Necessary | Rails session identifier for authentication | Session |
| cc_cookie | Necessary | Stores cookie consent preferences | 365 days |
| _ga | Analytics | Google Analytics client identifier | 730 days |
| _ga_ZLRFVLLGG4 | Analytics | Google Analytics session state | 730 days |
| ph_* | Analytics | PostHog session and identity tracking | 365 days |
You can manage your cookie preferences at any time using the cookie settings banner or by clicking "Cookie Settings" in the page footer.
We also use browser localStorage to store your theme, language, and currency preferences. These are never transmitted to our servers.
7. Chrome Extension
The Garageview Chrome extension enhances your experience on mobile.de by adding "Save to Garageview" buttons directly on car listings. The extension:
- Reads car listing data (title, price, mileage, images) from mobile.de pages you visit to display save controls and send data to your Garageview account.
- Uses cookies from garageview.ai to authenticate your session so you stay logged in while browsing mobile.de.
- Stores locally your API endpoint preference and last-used collection ID using Chrome's storage API. This data stays on your device.
- Does not track your browsing history, collect data on pages other than mobile.de, or send any data to third parties.
8. Sub-Processors
We use the following third-party services to provide and improve the Service:
| Service | Purpose | Data Processed | Hosting Location |
|---|---|---|---|
| Google OAuth | Authentication | Email, name, avatar | US |
| OpenAI | AI ratings, deep research, chat | Car data, user location, chat messages | US |
| Mailtrap | Transactional email | Email addresses, names, tokens | US |
| Apify | Listing scraping | mobile.de listing URLs | US/EU |
| Google Analytics | Web analytics | Page views, sessions, device info | US |
| PostHog | Product analytics | User ID, email, feature usage events | EU (Frankfurt) |
| Hetzner | Application hosting | All application data | EU (Germany) |
| Cloudflare | CDN, DNS, DDoS protection | All HTTP traffic | US (global edge) |
| Nominatim/OSM | Geocoding | Geographic coordinates | Public (no account) |
| Project-OSRM | Route calculation | Geographic coordinates | Public (no account) |
| Carto | Map tile rendering | Map viewport coordinates | US |
| Docker Hub | Container image registry | Container images (no user data) | US |
9. Data Retention
We retain your personal data for the following periods:
| Data Category | Retention Period |
|---|---|
| Account data (name, email, avatar) | Until account deletion |
| Collections and saved cars | Until account deletion |
| AI ratings and deep research | Until account deletion |
| Search filters | Until account deletion |
| Chat messages | Until account deletion |
| Server logs (IP, user agent) | 90 days |
| Analytics data (GA, PostHog) | GA: 14 months; PostHog: per configuration |
10. International Data Transfers
Some of our sub-processors are located in the United States. Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs) as required by GDPR Chapter V.
PostHog, our product analytics provider, is configured to process data exclusively in the EU (Frankfurt, Germany).
11. Your Rights Under GDPR
Under the General Data Protection Regulation, you have the following rights regarding your personal data:
- Right of Access (Art. 15) -- You can request a copy of all personal data we hold about you.
- Right to Rectification (Art. 16) -- You can request correction of inaccurate or incomplete personal data.
- Right to Erasure (Art. 17) -- You can request deletion of your personal data ("right to be forgotten"). You can delete your account in Account settings.
- Right to Restriction of Processing (Art. 18) -- You can request that we limit how we process your data.
- Right to Data Portability (Art. 20) -- You can download all your data in a machine-readable format (JSON) from Account settings using the "Download my data" feature.
- Right to Object (Art. 21) -- You can object to processing of your data based on legitimate interest.
- Right to Withdraw Consent (Art. 7(3)) -- You can withdraw your consent for analytics cookies at any time via Cookie Settings. Withdrawal does not affect the lawfulness of processing before withdrawal.
- Right to Lodge a Complaint -- You have the right to lodge a complaint with a supervisory authority. For Germany: Die Bundesbeauftragte fuer den Datenschutz und die Informationsfreiheit (BfDI).
To exercise any of these rights, email us at [email protected] or use the relevant feature in Account settings.
12. Data Storage and Security
Your data is stored on secured servers hosted by Hetzner in Germany (EU). We employ the following security measures:
- Encryption in transit via HTTPS (Let's Encrypt SSL)
- Encrypted database storage
- SSH key-only server access
- Firewall and DDoS protection (Cloudflare)
- Automated backups
We do not sell your personal information to third parties.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.
14. Contact
For questions about this Privacy Policy or to exercise your data protection rights, please contact us at [email protected].