Privacy Policy

Pitts ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights regarding that data. By using the Service, you agree to the practices described in this Policy.

2.1 Account Data

• Email address: required for authentication (passwordless magic links).
• Full name: optional; collected during onboarding or mechanic invite claim.
• Phone number: optional; collected if you enable WhatsApp or SMS notifications.
• Company name and fleet information: collected during onboarding for fleet/shop operators.
• Billing information: handled entirely by Stripe; we store only your Stripe customer ID and billing country.
• Language preference: stored as a cookie and in your profile to deliver the Service in your preferred language.

2.2 Vehicle and Case Data

• Vehicle year, make, model, VIN, mileage, and other details you provide.
• Symptom descriptions, OBD/scanner codes, and chat messages from diagnostic sessions.
• Audio recordings, images, and video clips you upload as evidence.
• Diagnostic reports generated by AI and reviewed by mechanics.
• Day-14 and Day-30 outcome survey responses.

2.3 Usage and Technical Data

• Log data: IP address, browser type, pages visited, timestamps.
• Error reports collected via Sentry.
• Analytics events (page views, feature usage) collected via PostHog.
• Notification delivery status (email opens, WhatsApp delivery receipts).

2.4 Call Data

If you use the live video call feature, call metadata (duration, timestamps) may be recorded. Video and audio streams are routed through Daily.co; please review their privacy policy for how call media is handled.

• Service delivery: processing your diagnostic intake, generating reports, and coordinating mechanic reviews.
• Authentication: sending magic-link sign-in emails via Supabase and Resend.
• Notifications: sending report-ready alerts, call notifications, and mechanic messages via email (Resend) and WhatsApp/SMS (Twilio).
• Billing: processing payments and managing subscriptions via Stripe.
• AI model improvement: anonymized and aggregated case data (symptoms, evidence, and mechanic corrections) may be used to improve our diagnostic models. Your personally identifiable information is removed before any such use.
• Legal compliance: retaining records as required by law.

We share data with trusted third-party providers only as necessary to deliver the Service:

We do not sell your personal data to any third party for marketing purposes.

We retain your data for as long as your account is active or as necessary to provide the Service. Specifically:

• Account and profile data: retained until account deletion.
• Vehicle and case data: retained indefinitely to maintain your vehicle history.
• Audio and video evidence: stored in Supabase Storage; retained with the case.
• Billing records: retained for 7 years to comply with financial regulations.
• Notification logs: retained for 90 days.

You may request deletion of your account and associated personal data by contacting us at privacy@pitts.app. Deletion may take up to 30 days. Some data may be retained longer where required by law.

Depending on your jurisdiction, you may have the following rights:

• Access: request a copy of the personal data we hold about you.
• Rectification: correct inaccurate data via your account settings or by contacting us.
• Erasure: request deletion of your personal data (subject to legal retention requirements).
• Portability: receive your data in a structured, machine-readable format.
• Objection: object to processing based on legitimate interests or for direct marketing.
• Restriction: request that we restrict processing while a dispute is resolved.

To exercise any of these rights, contact privacy@pitts.app. We will respond within 30 days.

We use cookies and similar technologies to operate the Service. For details, see our Cookie Policy.

The Service is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

Pitts is incorporated in the United States. If you access the Service from outside the US, your data may be transferred to and processed in the US or other countries where our service providers operate. By using the Service, you consent to these transfers.

For users in the European Economic Area (EEA), we rely on Standard Contractual Clauses and adequacy decisions where applicable to lawfully transfer personal data.

We implement industry-standard security measures including encryption in transit (TLS) and at rest, Row Level Security (RLS) on our database, and role-based access controls. However, no transmission over the internet is completely secure, and we cannot guarantee the absolute security of your data.

We may update this Privacy Policy periodically. We will notify you of material changes by email or a prominent notice in the Service. The "Last updated" date at the top reflects the most recent revision.

For privacy questions or requests, contact our privacy team at privacy@pitts.app.