Privacy Policy

AutoConnect AI is operated by Credminds Ltd, registered in the United Kingdom. For privacy matters, contact privacy@autoconnect.example.

This is placeholder copy. The final policy will reflect our registered company details, ICO registration number, and full controller / processor split before launch.

• Name, business email, phone, and role.
• Dealership name, address, opening hours, and AI settings.
• Authentication identifiers (hashed password, JWT session tokens).
• Audit metadata (when you logged in, what you changed).

We use this data to provide the service and to keep an audit trail for FCA / GDPR compliance.

When you use AutoConnect, your customers' enquiries — name, email, phone, vehicle of interest, message contents, consent flags — flow through the platform so the AI can reply and your team can follow up.

For this data you are the controller and we are the processor. We process it only on your documented instructions, in the UK / EEA, and we do not sell or share it for marketing.

• Contract — to deliver AutoConnect under our services agreement.
• Legitimate interest — for security logging, fraud prevention, and product improvement (de-identified).
• Consent — for any optional marketing emails to dealership users (opt-in).

We use the following sub-processors. The current list is available on request and will be kept up to date here at launch.

• AWS (eu-west-2) — hosting and database
• OpenRouter — LLM inference for AI replies
• Resend — transactional email delivery
• Cloudinary — image storage (logos, attachments)
• Google Calendar — appointment sync (only if connected by you)

• Customer enquiries inactive for 30 days are auto-anonymised; the lead row is kept for analytics, contact details are scrubbed.
• Audit logs are retained for the lifetime of your subscription plus 90 days for accountability.
• On termination of the agreement, all customer data is deleted within 30 days unless you request export first.

UK GDPR grants you (and the customers you process data about) the rights to access, rectify, erase, restrict, port, and object to processing of personal data. Exercise these by emailing privacy@autoconnect.example.

You can also lodge a complaint with the UK Information Commissioner's Office at ico.org.uk.

Data is encrypted in transit (TLS 1.3) and at rest. Tenant scoping ensures one dealership cannot read another's data. Sensitive credentials (IMAP/SMTP passwords, OAuth tokens) are encrypted at the application layer using a separate field-encryption key.

We'll notify dealership administrators by email at least 30 days before any material change to this policy.