Privacy Policy

1. Introduction & Contact Information

Mobric, Inc. ("Mobric," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our commercial truck valuation platform.

Who We Are

Mobric provides AI-powered commercial truck valuation services to businesses in the automotive industry. Our platform analyzes vehicle data to generate accurate market valuations for commercial trucks.

Contact Information

• Company: Mobric, Inc.
• Website: mobric.org
• Email: support@mobric.org
• Privacy Questions: support@mobric.org

Effective Date: This Privacy Policy is effective as of January 29, 2026.

By using Mobric, you consent to the data practices described in this policy.

2. Types of Personal Information Collected

We collect the following types of personal information:

Account Information

• Full name
• Email address
• Company name and business information
• Phone number (optional)
• Password (encrypted)

Payment Information

• Credit card details (processed by Stripe - we do not store full card numbers)
• Billing address
• Transaction history

Vehicle & Valuation Data

• VIN (Vehicle Identification Numbers) you query
• Vehicle specifications (make, model, year, mileage, condition)
• Valuation history and saved reports
• Usage patterns and search queries

Technical Information

• IP address
• Device information (browser type, operating system)
• Location data (approximate, based on IP)
• Session information and cookies
• Log files and usage analytics

Communications

• Support inquiries and correspondence
• Feedback and survey responses
• Email communications with our team

How We Collect Information

We collect information in three ways:

• Directly from you: When you create an account, enter data, or contact support
• Automatically: Through cookies, logs, and analytics tools as you use our platform
• From third parties: VIN decoder APIs, payment processors, and authentication providers

3. How & Why We Collect Information

Legal Basis for Processing (GDPR)

For users in the European Union, we process your data based on:

• Contract Performance: To provide valuation services as agreed in our Terms of Service
• Legitimate Business Interest: To improve our services, prevent fraud, and ensure security
• Consent: For marketing communications and optional features (you can withdraw anytime)
• Legal Obligation: To comply with tax, accounting, and regulatory requirements

Purpose of Collection

We collect your information to:

• Provide truck valuations and generate reports
• Process payments and manage billing
• Create and maintain your account
• Communicate important updates and support responses
• Improve and optimize platform features
• Prevent fraud and ensure security
• Comply with legal and regulatory obligations
• Generate anonymized analytics and market trends
• Send marketing communications (with consent only)

Data Retention Periods

We retain different types of data for varying periods:

• Account data: Duration of service + 30 days after account deletion
• Payment records: 7 years (tax and legal compliance)
• Valuation history: Duration of service + 90 days after deletion
• Usage logs: 90 days
• Support communications: 3 years
• Anonymized analytics: Indefinitely (cannot be traced back to individuals)

Deleted data is purged from backups within 180 days.

4. How We Use Personal Information

We use your personal information for the following purposes:

Service Delivery

• Generate accurate truck valuations
• Process VIN queries and vehicle data
• Create and deliver valuation reports
• Maintain your account and preferences

Payment Processing

• Process subscription payments
• Generate invoices and receipts
• Handle billing inquiries and disputes
• Prevent payment fraud

Customer Support

• Respond to support inquiries
• Troubleshoot technical issues
• Provide account assistance
• Send service updates and notifications

Platform Improvement

• Analyze usage patterns to enhance features
• Test new valuation algorithms
• Improve accuracy and performance
• Optimize user experience

Security & Fraud Prevention

• Detect and prevent fraudulent activity
• Investigate security incidents
• Enforce Terms of Service
• Protect against abuse and illegal use

Analytics & Research

• Generate anonymized market trend reports
• Create aggregate industry benchmarks
• Improve valuation models with aggregated data
• Conduct internal research (no individual data disclosed)

Marketing (Consent Required)

• Send promotional emails about new features
• Share company updates and announcements
• Conduct surveys to gather feedback

You can opt out of marketing communications at any time via email preferences or unsubscribe links.

Legal Compliance

• Comply with tax and accounting regulations
• Respond to legal requests and court orders
• Meet regulatory reporting requirements
• Enforce our rights in disputes

5. Data Sharing & Third Parties

We share your information only with trusted service providers necessary to operate our platform:

Service Providers

• Stripe: Payment processing and subscription management
• Supabase: Database hosting and authentication services
• Vercel: Cloud hosting and infrastructure
• Resend: Transactional email delivery
• Anthropic: AI processing for valuation analysis
• VIN Decoder APIs: Vehicle specification data enrichment

Analytics Tools

We may use analytics services to understand platform usage:

• Google Analytics (if implemented)
• Mixpanel (if implemented)

These services collect anonymized usage data and are subject to their own privacy policies.

Legal Disclosures

We may disclose your information if required by law:

• In response to court orders or legal process
• To comply with government investigations
• To protect our rights or property
• To prevent fraud or illegal activity
• With your explicit consent

When possible, we will notify you before disclosing your information unless prohibited by law.

Data Transfer Agreements

All third-party service providers are contractually required to:

• Maintain confidentiality of your data
• Use your data only to provide services to Mobric
• Comply with applicable data protection laws
• Implement appropriate security measures

6. Data Security & Protection

We implement industry-standard security measures to protect your data:

Encryption

• In Transit: All data transmitted to/from Mobric is encrypted using TLS 1.2+ (HTTPS)
• At Rest: Sensitive data is encrypted using AES-256 encryption
• Passwords: Hashed using bcrypt with salt

Access Controls

• Multi-factor authentication (2FA) available for all accounts
• Role-based access controls for internal team members
• Regular access audits and permission reviews
• Secure password requirements

Infrastructure Security

• Hosting on secure cloud infrastructure (Vercel, Supabase)
• Regular security updates and patches
• Firewall protection and intrusion detection
• Automated backups with encryption

Monitoring & Testing

• Regular security audits and vulnerability assessments
• Continuous monitoring for suspicious activity
• Incident response procedures
• Employee training on data privacy and security

Data Breach Notification

In the event of a data breach affecting your personal information:

• We will notify you within 72 hours (as required by GDPR)
• Notification will include: nature of breach, data affected, potential impact, remedial steps
• We will report to relevant authorities as required by law
• We will take immediate action to contain and remediate the breach

Report Security Issues: If you discover a security vulnerability, please report it immediately to support@mobric.org.

7. Data Retention & Deletion

Retention Periods

We retain your data for as long as necessary to provide services and comply with legal obligations:

• Account data: Duration of active account + 30 days after deletion request
• Payment records: 7 years (tax and legal compliance)
• Valuation history: Duration of account + 90 days
• Usage logs: 90 days
• Support communications: 3 years
• Marketing consent records: Until consent withdrawn + 3 years

Account Deletion

When you request account deletion:

• Account access is immediately revoked
• Personal data is deleted within 30 days
• Backup copies are purged within 180 days
• Payment records are retained for 7 years (legal requirement)
• Anonymized data may be retained indefinitely

Legal Holds

Data may be retained beyond normal periods if:

• Required for ongoing legal proceedings
• Necessary to resolve disputes
• Mandated by law enforcement or regulatory agencies

Request Deletion

To delete your account and data, email support@mobric.org with your request. We will confirm your identity and process deletion within 30 days.

8. Cookies & Tracking Technologies

What Are Cookies?

Cookies are small text files stored on your device to track activity and remember preferences. We use both session cookies (expire when you close your browser) and persistent cookies (remain after your session ends).

Types of Cookies We Use

Third-Party Cookies

We may use third-party services that set their own cookies:

• Google Analytics (if implemented): _ga, _gid - tracks page views and usage patterns (2 years)
• Stripe: Payment processing cookies

Managing Cookies

You can control cookies through your browser settings:

• Chrome: Settings → Privacy and security → Cookies and other site data
• Firefox: Settings → Privacy & Security → Cookies and Site Data
• Safari: Preferences → Privacy → Manage Website Data

Note: Disabling cookies may affect platform functionality (e.g., staying logged in).

Do Not Track (DNT)

We honor Do Not Track signals when technically feasible. To enable DNT, adjust your browser settings.

9. User Rights & Choices

You have the following rights regarding your personal data:

Right to Access

You can request a copy of all personal data we hold about you.

Right to Correction

You can update or correct inaccurate information through your account settings or by contacting support.

Right to Deletion

You can request deletion of your data, subject to legal retention requirements (e.g., tax records).

Right to Restriction

You can request that we restrict processing of your data in certain circumstances.

Right to Data Portability

You can request an export of your data in a machine-readable format (JSON/CSV).

Right to Opt-Out of Marketing

You can unsubscribe from marketing emails via the unsubscribe link or by contacting support.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

How to Exercise Your Rights

To exercise any of these rights, email support@mobric.org with:

• Your full name and email address
• Description of your request
• Verification of identity (we may request additional information)

Response Time: We will respond to your request within 30 days (45 days for complex requests).

10. GDPR/CCPA Compliance

For EU Users (GDPR)

If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to lodge a complaint with your local data protection authority
• Right to object to processing based on legitimate interests
• Right to withdraw consent for processing based on consent
• Right to data portability in a structured format

Our legal basis for processing your data is outlined in Section 3.

For California Users (CCPA)

California residents have specific rights under the California Consumer Privacy Act (CCPA):

• Right to Know: What personal information we collect and how we use it
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We do not sell personal information, so this right does not apply
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise CCPA rights, email support@mobric.org with "CCPA Request" in the subject line.

11. Business Transfers

If Mobric is involved in a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity.

In such events:

• We will notify you via email before your data is transferred
• The new entity will be required to honor this Privacy Policy
• You will have the right to opt out before the transfer
• Material changes to data practices will require your consent

12. Third-Party Links

Our platform may contain links to third-party websites and services (e.g., VIN decoder APIs, payment processors, external resources).

We are not responsible for the privacy practices of third-party sites. Each third party has its own privacy policy, and we encourage you to review them before providing any information.

13. Children's Privacy

Mobric is not intended for use by children under the age of 18. We do not knowingly collect personal information from children.

If you believe we have collected information from a child under 18, please contact us immediately at support@mobric.org and we will delete the information promptly.

COPPA Compliance: We comply with the Children's Online Privacy Protection Act (COPPA) for U.S.-based users.

14. Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations.

How We Notify You

• Email notification to all active users
• In-app banner when you log in
• Blog post announcement (for major changes)
• Updated "Last Updated" date at the top of this policy

Material Changes: For significant changes that affect your rights, we will obtain your explicit consent before the changes take effect.

Review Regularly: We encourage you to review this policy periodically to stay informed about how we protect your information.

15. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: