Legal · GDPR

Privacy Policy

Last updated: May 14, 2026

This Privacy Policy explains how AutoFindr ("we", "us") collects and uses personal data when you use autofindr.net(the "Service"). It is written in plain English and reflects our obligations under the EU General Data Protection Regulation (Regulation (EU) 2016/679, the "GDPR").

1. Data controller

The data controller for personal data collected through the Service is Zlatin Etimov, registered at Grigor Bozhkov 8 vh.G apt.23, Plovdiv 4023, Bulgaria. You can reach our privacy contact at privacy@autofindr.net.

2. What we collect & why

2a. When you browse the Service

We use Vercel Analytics and Vercel Speed Insights to measure page views, browser/device aggregates and Core Web Vitals. This data is processed in aggregate; we do not see IP addresses, cookies, or any personally identifying information from these tools.

2b. When you submit the AI Analyzer form

The car details you enter (brand, model, year, mileage, price, optional fuel/drivetrain/body/engine/transmission) are sent to the Service and to a third-party large-language model (currently Groq via Llama 3.3) to generate the analysis. We do not store the inputs unless you submit them with an email address (e.g. Full Analysis).

2c. When you purchase a Full Analysis

We collect: your name (optional), your email address (required), and the car details from the form. We store these in our database to deliver the report and respond to any follow-up question you send us.

Once Stripeis enabled for paid purchases, payment data is processed directly by Stripe; we never see card numbers or bank details. We receive only a confirmation token + the customer's country (for VAT). Stripe's own privacy notice applies to the data you provide them at checkout.

2d. When you submit a lead form (inspection / parts / deal)

We collect your name, phone number, email and the car details so we can connect you with the relevant specialist. We may share these details with a specific partner you have requested an introduction to. We do not sell your data.

3. Legal bases

Performance of a contract (Art. 6(1)(b) GDPR) — for delivering a Full Analysis you have purchased or a lead-form referral you have requested.
Legitimate interests (Art. 6(1)(f) GDPR) — for running and improving the Service, security, fraud prevention, and analytics in aggregate form.
Legal obligation (Art. 6(1)(c) GDPR) — for storing invoice and tax records as required by applicable EU member-state law (typically 7–10 years for invoices).
Consent (Art. 6(1)(a) GDPR) — for any optional marketing communications. You can withdraw consent at any time.

4. How long we keep your data

Lead submissions (deep_analysis / inspection / parts / deal): up to 24 months, then deleted.
Invoices and payment records: 10 years (statutory).
Analytics aggregates: indefinitely, but the data is not personal.

5. Sub-processors

We rely on the following sub-processors. Each is contractually bound to GDPR-compatible data handling. Several are located outside the EEA; transfers occur under the European Commission's Standard Contractual Clauses (SCCs) or an Adequacy Decision where applicable.

Sub-processor	Purpose	Region
Vercel Inc.	Hosting + analytics + Speed Insights	EU / US (SCCs)
Supabase Inc.	Database + auth	EU / US (SCCs)
Groq Inc.	Large-language-model inference	US (SCCs)
Stripe, Inc. / Stripe Payments Europe Ltd.	Payment processing	EU (Ireland) for EEA payments
Frankfurter (FX API)	EUR↔USD reference rates	EU

6. Your rights under GDPR

You have the right to:

Access the personal data we hold about you (Art. 15);
Rectify inaccurate data (Art. 16);
Erase ("right to be forgotten") — subject to retention obligations (Art. 17);
Restrict processing (Art. 18);
Port your data in a structured machine-readable format (Art. 20);
Object to processing based on legitimate interests (Art. 21);
Withdraw consent at any time where consent is the legal basis (Art. 7);
Lodge a complaint with a supervisory authority in your EU member state of residence. A list of national authorities is available at edpb.europa.eu.

Most rights can be exercised by emailing privacy@autofindr.net. We aim to respond within 30 days as required by Art. 12 GDPR.

7. Cookies

We use the minimum cookies necessary to operate the Service (e.g. functional cookies for caching). Vercel Analytics and Speed Insights run without cookies by default. If we add any non-essential cookies in future, we will display a consent banner before they are set.

8. Children

The Service is not directed at children under 16. If we discover that we have collected data from a child under 16 without verifiable parental consent, we will delete it.

9. Changes to this Policy

We will update this Policy when our practices change. Material changes are notified via a homepage banner for at least 14 days. The "Last updated" date at the top always reflects the current version.

This document is provided as a baseline. It does not constitute legal advice.