gvhp ("Vehicle Guardian", "we") operates a vehicle-maintenance companion application. We are the data controller for your personal data under EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR").
What we collect
- Identity — Firebase Auth UID, display name, email, preferred language.
- Vehicle data — make, model, year, VIN, license plate, mileage history.
- Service history — events, parts, providers, notes.
- Health issues — active and resolved issues on your vehicles.
- Conversations — chat history with the AI agents, mechanic diagnostic audit.
- Shop connections — businesses you've granted access to which vehicles.
- Consent log — versioned record of which legal docs you accepted and when.
Lawful basis
Running your account and delivering the core features: contract (Art. 6(1)(b)). Proactive health alerts: contract + legitimate interest (Art. 6(1)(f)). Sharing data with shops you explicitly connected: consent (Art. 6(1)(a)), revocable from /room. Security logging: legitimate interest. Compliance with EU regulations: legal obligation.
Who we share data with
Linked shops — only the tier you explicitly granted (LEVEL_1 = AI mechanic chat only, no raw rows; LEVEL_2 = service history excluding cost). Google Cloud (Vertex AI Gemini) for AI processing under Google's enterprise DPA — does not train on your data by default. Tavily Search, Groq STT/TTS, Google Cloud Text-to-Speech for the minimum text/audio needed per feature. Firebase Auth for identity only. We do not sell or rent personal data.
Retention
Account profile, vehicles, service history: until you delete them. Chat short-term memory: 7 days rolling. Mechanic audit (diagnostic explanations): 24 months from creation. Consent log: until account deletion. Operational logs: 30 days.
Your rights
You can at any time:
- Access (Art. 15) — request a ZIP of every file we hold on you.
- Rectification (Art. 16) — edit profile and vehicles directly.
- Erasure (Art. 17) — delete your account and cascade to all related records.
- Portability (Art. 20) — the export ZIP is the portability artifact.
- Object (Art. 21) — contact us.
- Withdraw consent (Art. 7(3)) — re-open the AI-disclosure modal from Settings and decline.
- Lodge a complaint with your national data-protection authority.
Automated decision-making (GDPR Art. 22)
The AI mechanic auto-logs diagnostic issues with urgency above MONITOR to your vehicle's health dashboard. You can dismiss any auto-logged entry with one click. The dismissal is recorded with human_override=true in our audit. The AI cannot prevent dismissal.
International transfers
Vertex AI Gemini calls run in Google's us-central1 region under the EU-US Data Privacy Framework. Cloud Run and Postgres remain in europe-north1 (Finland).
Security
TLS in transit. Row-Level Security in Postgres scopes every query to your authenticated identity. Defense-in-depth: BFF guards plus Postgres RLS. Secrets stored in Google Secret Manager. Security contact: SECURITY.md.
Changes
Material changes trigger a re-acceptance flow on your next login. Minor wording polish does not. The current version is always shown at the top of this page.
Children
gvhp is not directed at children under 16. If you believe a child has created an account, contact us and we will delete it.
Skeleton draft pending legal counsel review. Final wording may change without further notice.