Privacy Policy

1. Scope of this Policy

This Privacy Policy explains how autoGMS collects, uses, stores, shares, and protects personal data when you visit our website, contact us, request a demo, use our platform, receive support, or otherwise interact with autoGMS.

autoGMS is a business-to-business garage management platform. Most data processed in the platform is business operational data entered by garages, workshops, staff, or authorised users. Where a garage enters data about its own customers, vehicles, vendors, staff, bookings, job cards, invoices, estimates, reminders, or messages, that garage remains responsible for deciding what data is entered and how it is used.

2. Our Role and Your Role

For account, billing, website, sales, marketing, security, analytics, and support data, autoGMS generally acts as the controller of the personal data we collect and use for our own business purposes.

For customer, vehicle, booking, invoice, estimate, inventory, staff, message, and other operational data that you or your users enter into the Service, autoGMS generally acts as a service provider or processor on behalf of the subscribing business, unless we expressly state otherwise in a written agreement.

You are responsible for ensuring that you have the right to collect, enter, upload, send, disclose, and process any personal data you place into the Service, including obtaining any required customer, staff, vendor, or recipient consents.

3. Information We Collect

We may collect the following categories of information depending on how you use autoGMS:

• Account and user information, such as names, business email addresses, phone numbers, job titles, login credentials, roles, permissions, and authentication data
• Business information, such as garage name, trade name, address, country, billing details, tax details, subscription plan, payment status, and account settings
• Operational data entered into the Service, such as customer records, vehicle records, bookings, job cards, inspections, estimates, invoices, payments, inventory, parts, labour records, reminders, messages, notes, attachments, photos, and documents
• Support and communications data, such as emails, chat messages, call notes, support tickets, recordings or videos you provide, screenshots, diagnostic details, and issue history
• Website and usage data, such as IP address, device information, browser type, pages visited, referring pages, session data, clicks, feature usage, logs, cookies, analytics identifiers, and approximate location derived from technical data
• Payment and transaction data processed through payment providers, such as subscription status, invoice references, payment method metadata, transaction identifiers, and billing events
• Marketing and demo data, such as form submissions, lead source, campaign parameters, preferences, and communications with our sales or onboarding teams

4. How We Use Information

We use information to operate, secure, support, improve, and provide autoGMS. This includes using information to:

• create, administer, authenticate, and secure user accounts
• provide the platform, features, workflows, reports, integrations, reminders, messages, and documents requested by customers
• process subscriptions, invoices, payments, renewals, cancellations, and account administration
• provide onboarding, training, support, troubleshooting, diagnostics, bug investigation, service notices, and product updates
• monitor performance, reliability, abuse, fraud, security threats, unauthorised access, and technical issues
• improve product functionality, user experience, documentation, analytics, and business operations
• send product, service, billing, legal, security, marketing, and administrative communications where permitted
• comply with legal obligations, enforce agreements, resolve disputes, and protect the rights, safety, and security of autoGMS, customers, users, and third parties

5. Customer Operational Data

Customers control the operational data they enter into the Service. We process that data to provide the Service, perform support, maintain security, troubleshoot issues, enable integrations, generate outputs requested by users, and comply with applicable legal or contractual obligations.

We do not sell customer operational data. We do not use a garage customer list, vehicle records, job records, invoice records, or message recipient list to market unrelated third-party products to those individuals.

If you ask us to access, inspect, repair, migrate, import, export, or support operational data, you authorise us to process that data as reasonably necessary to perform the requested work.

6. Messaging and Communications Data

The Service may allow customers to send or trigger emails, SMS, WhatsApp messages, reminders, review requests, status updates, invoices, estimates, and other communications. We process message content, recipient details, delivery metadata, templates, logs, and provider responses to provide and support those communication features.

The subscribing business is responsible for message content, recipient lists, consent, opt-outs, unsubscribe handling, sender identification, timing restrictions, and compliance with anti-spam, telecommunications, privacy, and marketing laws.

Delivery depends on third-party providers, carriers, recipient devices, number status, content filtering, and local rules. We may retain message logs and delivery records for support, security, audit, billing, abuse prevention, and legal purposes.

7. Cookies, Analytics and Tracking

We may use cookies, pixels, SDKs, local storage, analytics tools, and similar technologies to operate the website and Service, remember preferences, understand usage, measure campaigns, improve product performance, prevent fraud, and secure accounts.

You can control cookies through browser settings and, where available, consent tools. Some cookies or storage technologies may be required for authentication, security, preferences, or core service functionality.

8. How We Share Information

We share information only where reasonably necessary to provide, operate, secure, support, improve, or enforce autoGMS, or where required by law. We may share information with:

• hosting, cloud infrastructure, database, backup, monitoring, and security providers
• payment processors, billing providers, tax systems, and financial service providers
• email, SMS, WhatsApp, notification, communication, and support providers
• analytics, product telemetry, marketing, CRM, and website tooling providers
• integration partners or third-party systems that you choose to connect to the Service
• professional advisers, auditors, insurers, banks, regulators, courts, authorities, or law enforcement where appropriate
• successors or parties involved in a merger, acquisition, financing, restructuring, sale, or transfer of all or part of our business

We require service providers to process information only for authorised purposes and to use reasonable safeguards appropriate to the nature of the information.

9. Third-Party Services and Integrations

The Service may connect with third-party services such as payment processors, accounting systems, messaging providers, vehicle data sources, analytics tools, identity providers, AI or automation services, hosting providers, and customer-selected integrations.

Third-party services may process data under their own terms and privacy notices. We are not responsible for third-party privacy practices, security, availability, errors, outages, API changes, account restrictions, or data handling outside our control.

10. Security

We use reasonable technical and organisational measures designed to protect information against unauthorised access, loss, misuse, alteration, disclosure, or destruction. These measures may include encryption in transit, access controls, authentication controls, logging, monitoring, backups, and administrative safeguards.

No system, network, transmission, storage method, or security measure is completely secure. Customers are responsible for using strong credentials, protecting devices, managing staff access, configuring permissions carefully, and notifying us promptly of suspected unauthorised access or account misuse.

11. Data Retention

We retain information for as long as reasonably necessary to provide the Service, operate accounts, support customers, maintain security, comply with legal obligations, resolve disputes, enforce agreements, maintain backups, and support legitimate business purposes.

Operational data may be retained while an account is active and for a reasonable period after cancellation, expiry, suspension, or termination, unless deletion is required earlier by law or agreed in writing. Backup copies may persist for a limited period before being overwritten or deleted in the ordinary course.

We may retain anonymised, aggregated, diagnostic, billing, security, audit, and legal records where they no longer identify an individual or where retention is necessary for legitimate business, compliance, or dispute purposes.

12. International Transfers

autoGMS may process and store information in the United Arab Emirates, the United Kingdom, the United States, the European Economic Area, or other countries where we or our service providers operate.

Where required, we use reasonable safeguards for cross-border transfers, such as contractual protections, service provider due diligence, access controls, and other measures appropriate to the data and processing activity.

13. Your Privacy Rights

Depending on your location and applicable law, you may have rights to request access, correction, deletion, restriction, objection, portability, withdrawal of consent, or information about how personal data is processed.

If your request relates to data controlled by one of our customer garages, such as a garage customer record, vehicle record, booking, invoice, or message, we may direct you to that garage because the garage decides how that data is used. We may support the garage in responding where appropriate.

We may need to verify your identity and authority before processing a privacy request. Some requests may be limited by legal obligations, security needs, backup retention, dispute requirements, fraud prevention, or the rights of others.

14. Marketing Communications

We may send marketing communications to business contacts where permitted by law. You can opt out of marketing emails by using the unsubscribe link or contacting us. We may still send non-marketing communications such as billing, security, legal, service, support, and account notices.

15. Children

autoGMS is intended for business use and is not directed to children. You must not knowingly enter children's personal data into the Service unless you have a lawful basis and all required consents or authorisations to do so.

16. Changes to this Policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised last-updated date. Continued use of the website or Service after an update means the updated policy applies from the effective date, subject to applicable law.

17. Contact

For privacy questions or requests, contact us at:

privacy@myautogms.com