Privacy Policy

1. Who we are

MotoCare ("we", "our", or "the app") is a vehicle maintenance tracking application operated by Oleg Kosariev, as identified in the MotoCare listing on the Apple App Store. This policy explains how we collect, use, disclose, and protect information when you use the MotoCare iOS app and our related websites (such as this admin/marketing site). Our Terms of Use govern use of the service.

2. Information we collect

We collect only what is needed to run the service. On configured MotoCare iOS builds (with analytics keys in the app), we also use AppsFlyer as described in the AppsFlyer bullet below.

• Account data: email address and password (or equivalent credentials) processed by Supabase Auth when you register or sign in with email. If you use Sign in with Apple or Google Sign-In in the app, Apple or Google (as applicable) may share limited account identifiers and tokens with Supabase Auth so we can open your MotoCare session; we do not receive your Google or Apple account password. See Apple's privacy policy and Google's privacy policy.
• Vehicle and maintenance data: information you enter—make, model, year, mileage, service tasks, service history, notes, shop vs. self-service choices, and similar fields—to power schedules, reminders, and history. This data is stored in your Supabase-backed account (for example in the user_vehicles table as structured records). Data you create (vehicles, maintenance records, and related fields) is stored on our servers via Supabase and synced to your signed-in devices; a copy may also be cached on your device for offline use and faster startup.
• Location (when you use map features): if you use nearby service stations, the app may request approximate device location while in use to search within a short radius (e.g. about 5 km) via Apple MapKit. We do not sell this data.
• App version and coarse region on your account (optional): when you are signed in, the app may update your Supabase profiles record with your installed app marketing version and build number and a timestamp, to help with support and adoption. When location permission is already granted and a recent device location is available, we may also store a coarse city and country derived from that location (reverse geocoding). If location is not available, we may still store an approximate country from your device locale settings. We use this for operations and product improvement, not for sale; you can request correction or deletion with your account data (Section 7 and 12).
• Calendar (optional, Pro): if you use "Add to your calendar" / export, the app writes maintenance events to your device calendar using Apple's EventKit APIs. On recent iOS versions, Apple may show a broader "full access" style permission prompt for calendar access; MotoCare uses this access to create events you choose—we do not upload your calendar contents to our servers.
• Notifications: if you enable reminders (e.g. mileage checks), the app schedules local notifications on your device. You can turn them off in iOS Settings or in-app where offered. They are used for maintenance-related prompts, not unrelated marketing, unless we clearly disclose otherwise in the future. The app may also call Apple's register for remote notifications API where the build is entitled to do so; we do not rely on server-pushed marketing notifications in the current client.
• Purchases and Pro status: when in-app subscriptions are offered, purchases are processed by Apple. Your Pro / Free entitlement may be reflected in our Supabase profiles record (for example a plan field). When the RevenueCat SDK is enabled in your build, it may also process purchase receipts to help unlock Pro features. We do not receive your full payment card number from Apple.
• Analytics and attribution (AppsFlyer): current MotoCare iOS releases we distribute with valid configuration (for example APPSFLYER_DEV_KEY in the app bundle) initialize the AppsFlyer SDK. AppsFlyer helps us measure installs, sessions, and key in-app events (such as app launch) for product improvement and campaign attribution. AppsFlyer may process device identifiers and event payloads according to their service—see AppsFlyer's privacy policy. We do not use your MotoCare garage content for cross-app tracking or for third-party advertising purposes—we do not link your maintenance records across other companies' apps and websites for their ads, and we do not sell or rent your personal information for that purpose. The app does not show Apple's App Tracking Transparency (ATT) prompt for AppsFlyer today; if our practices change to include Tracking as Apple defines it, we will update this policy, App Store privacy labels, and use ATT where required. App Store Connect → App Privacy must match the data collected by the live binary.
• Maintenance schedules ("AI Schedule" in the app): the in-app flow with that label loads maintenance plans from MotoCare's Supabase-hosted service catalogs (make/model-specific plans where available) or from built-in template schedules on the device. That default flow does not send your garage data to Anthropic or other consumer LLM APIs. The app binary may ship with optional code to call Anthropic (api.anthropic.com) when an API key is configured; that path is not used by the standard AI Schedule control. If we ship a user-facing feature that calls Anthropic, the request would include vehicle-identifying details needed to generate a schedule (such as make, model, year); see Anthropic's privacy policy.
• Support contact form (this website): if you use the Contact form on our Support page, we collect the name, email, and message you submit so we can respond; an optional company field may also be sent if you fill it in. We use this information only to handle your request and improve support quality, and we assign a reference ID to your message.

3. How we use it

We use the information above to: operate accounts and sync your garage; compute due dates and show schedules; show maps and nearby results when you ask; export events you choose to your calendar; deliver optional reminders; process Pro entitlements; record coarse app version and region on your profile when the client sends it; measure product usage and marketing effectiveness when AppsFlyer is enabled in your installed build; load catalog-based schedules you request; respond to support requests; secure the service; and fix bugs. We do not sell your personal information.

Legal bases (EEA, UK, and similar regimes)

Where GDPR-style rules apply, we rely on the following (non-exclusive) bases, depending on context:

• Contract / service delivery: account authentication, storing and syncing your garage and maintenance data, subscription entitlement state we maintain, and support tied to your account.
• Legitimate interests: securing the service, preventing abuse, improving reliability, storing coarse app version and region on your profile for support and adoption analysis, and—only where AppsFlyer (or similar) is enabled in the shipped build—product analytics and install attribution (balanced against your rights; you can contact us with concerns)—where not overridden by consent requirements below.
• Consent and device permissions: approximate location (when you use map features), calendar access (when you export events), and notification permission are requested through iOS and used only for those purposes when you agree or enable them.

4. Where data is stored and subprocessors

AppsFlyer: when you install a MotoCare iOS build that includes a valid AppsFlyer configuration, AppsFlyer processes analytics and attribution data on our behalf as described in Section 2 (device identifiers and event metadata—not your full garage record contents as part of standard event payloads unless we explicitly document otherwise for a given event).

Account and app data are stored and processed using Supabase (hosted infrastructure). Primary copies of vehicles, maintenance history, and profile data live in our Supabase database (encrypted in transit over HTTPS) and are synced across devices when you are signed in. Your device may keep a local cache; clearing app data or deleting the app does not by itself erase server-side data—use account deletion in the app or contact us as below.

Your information may be processed in the United States and other regions where Supabase or its infrastructure providers operate.

Depending on features you use, we rely on service providers including: Supabase (auth and database); Apple (App Store, on-device OS, MapKit, In-App Purchase, Sign in with Apple, notifications platform); Google (Google Sign-In / OAuth identity when you choose that option in the app); AppsFlyer (analytics/attribution) for configured App Store and TestFlight builds of MotoCare; RevenueCat (optional subscription tooling when enabled); and Anthropic only if a build calls Anthropic APIs (not the default catalog-based AI Schedule flow). We choose vendors with appropriate security practices; see their policies for details they collect.

An internal admin panel is used for catalog data (makes, models, service plans) and limited user management (e.g. Pro flags). Only authorized operators may access it.

5. Retention

We keep information while your account is active and as needed to provide the service. If you delete your account from the app (where available), we remove your account and associated personal data from our systems subject to reasonable backup and legal retention windows. Support messages may be retained long enough to resolve your request and for ordinary business records.

6. Security

We use industry-standard protections such as encryption in transit (HTTPS/TLS) for client–server communication, authenticated access to backends, and reputable cloud hosting. No method of storage or transmission is 100% secure.

7. Your rights

You can access, correct, or delete much of your data in the app (e.g. edit vehicles, remove service entries where supported). You may delete your account in Settings where available. You may also request deletion, access, or correction by email (Section 12). If you are in the EEA, UK, or other regions with similar laws, you may have rights to access, portability, erasure, restriction, objection, and to lodge a complaint with a supervisory authority. We respond in line with applicable law.

8. International transfers

If you access MotoCare from outside the country where servers are located, your information may be transferred across borders. Where required, we rely on appropriate safeguards (such as standard contractual clauses offered by our processors).

9. California (U.S.)

California residents may have additional rights under the CCPA/CPRA (e.g. to know, delete, and opt out of certain "sale" or "sharing" of personal information). We do not sell personal information for money. We do not use or share personal information for cross-context behavioral advertising as described in the CPRA. For requests, contact us as below.

10. Children

MotoCare is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided data, contact us and we will delete it where appropriate.

11. Changes

We may update this policy. We will post the new version here and change the "Last updated" date. Continued use after changes means you accept the updated policy where the law allows. For material changes, we may notify you in the app or by email.

12. Contact

For privacy questions, to exercise access or correction rights, or to request account or personal data deletion if you cannot use the in-app flow: email oleg@moto-care.app or use the form on our Support page. You can also use the support URL listed for MotoCare on the App Store. Please include the email address associated with your account so we can verify requests.