Privacy Policy
Your Garage LLC — Automotive Services Platform
Effective: February 15, 2026
Version 3.0
Your Garage LLC (“we,” “us,” “our”), a limited liability company registered in the State of Qatar, operates the Your Garage automotive services platform. This Privacy Policy describes how we collect, use, store, share, and protect your personal information when you use our website at yourgarage.qa, our mobile applications, our Garage Buddy AI assistant, and any related services (collectively, the “Platform”).
We are committed to protecting your privacy in compliance with Qatar's Personal Data Protection Law (PDPL — Law No. 13 of 2016), GDPR where applicable, and international best practices. By using the Platform, you agree to this Privacy Policy.
1. Information We Collect
When you register, we collect:
- Full name and display name
- Email address (or Google/Apple account email)
- Phone number with country code (for OTP verification)
- Profile photo (optional)
- Date of birth (optional, for loyalty program eligibility)
- Preferred language (Arabic, English, or other supported locales)
- QNAS (Qatar National Address System) verified addresses
- Multiple delivery/service addresses with GPS coordinates
We maintain a comprehensive vehicle database. When you add vehicles to your garage, we store:
- Year, make, model, and sub-model/trim
- VIN (Vehicle Identification Number) when provided for precise part matching
- Engine type, displacement, and fuel type
- Transmission type (automatic, manual, CVT)
- License plate number and registration region
- Mileage readings and service history
- Custom vehicle nicknames
- Vehicle photos
All payments are processed in the local currency of your region through our payment processors (Stripe, Rapyd, PayPal, or Sadad — depending on your region). We store:
- Payment processor customer ID (your actual card numbers are never stored on our servers)
- Last four digits and card brand for display purposes
- Billing address for card verification
- Transaction history including amounts, dates, and order references
- Wallet balance and transaction ledger (credits, refunds, loyalty redemptions)
- Authorization hold records for service bookings
- Apple Pay / Google Pay token identifiers (no card details)
- Refund records with reasons and processing status
Location data is essential for our on-demand services:
- GPS coordinates when you request mobile services or breakdown assistance
- Delivery addresses for parts, product orders, and convenience deliveries
- Service location history for repeat bookings
- Real-time location sharing during active services — breakdown/recovery, convenience delivery, and mobile service dispatch (driver tracking)
- Google Maps API for address autocomplete and route calculations
- Distance calculations for service fee determination
Location is collected only when actively using location-dependent features. We do not track your location in the background.
Our AI automotive assistant (Garage Buddy) collects:
- Text and voice conversation transcripts for context continuity
- Vehicle diagnostic queries and recommendations provided
- Uploaded images of vehicle issues for visual diagnosis
- Voice recordings processed through ElevenLabs for text-to-speech responses
- Conversation history for improving AI accuracy (anonymized after 90 days)
- Service recommendations generated and whether you acted on them
AI conversations are processed by OpenAI (GPT-4.1) and Google (Gemini 2.5 Pro). Voice synthesis uses ElevenLabs. All providers are contractually bound to not use your data for training their models.
Automatically collected when you use the Platform:
- Device type, operating system, and browser version
- IP address and approximate geographic location
- Pages viewed, features used, and time spent
- Search queries and filter selections
- App crash reports and error logs (via Sentry)
- Performance metrics (page load times, API response times)
- Push notification interaction data (delivered, opened, dismissed)
- Referral source and marketing campaign identifiers
2. How We Use Your Information
Service Delivery
›
Process bookings for mobile/home services (mechanics, locksmiths, detailing, tinting), car washes, garage appointments, breakdown/recovery, and convenience delivery›
Match you with compatible parts using your vehicle specifications›
Calculate service fees based on your location and service type›
Manage authorization holds and payment capture through our payment processors›
Track order status from placement through delivery
Personalization
›
Display vehicle-specific part compatibility ("Fits Your Vehicle")›
Provide AI-powered vehicle diagnostics through Garage Buddy›
Remember your preferences, addresses, and favorite services›
Deliver content in your preferred language (Arabic/English RTL support)›
Manage your loyalty tier (Bronze, Silver, Gold, Platinum) and points
Communication
›
Send order confirmations, status updates, and delivery notifications›
Real-time chat with service providers via Ably messaging›
Push notifications for promotions, order status, and loyalty milestones›
Email receipts and refund confirmations›
SMS OTP codes for phone verification
Safety & Compliance
›
Verify identity during registration (Firebase Auth)›
Prevent fraud and unauthorized transactions›
Comply with Qatar PDPL and financial regulations›
Maintain audit trails for disputes and chargebacks›
Cloudflare Turnstile bot protection on critical endpoints
3. Legal Basis for Processing
| Legal Basis | Processing Activities |
|---|---|
Contract Performance | Account creation, order processing, payment handling, service delivery, refunds |
Consent | Marketing emails, analytics cookies, AI conversation storage, push notifications |
Legitimate Interest | Fraud prevention, platform improvement, error monitoring, security measures |
Legal Obligation | Tax records, financial reporting, regulatory compliance, law enforcement requests |
4. Who We Share Data With
We never sell your personal data. We share information only with trusted service providers who need it to deliver our services:
| Provider | Data Shared | Purpose |
|---|---|---|
Payment Processors (Stripe, Rapyd, PayPal, Sadad) | Payment details, billing address, transaction amounts | Payment processing, fraud detection (processor varies by region) |
Firebase / Google Cloud | Auth credentials, user profiles, app data | Authentication, database, cloud functions |
OpenAI | Conversation text, vehicle queries | Garage Buddy AI responses (GPT-4.1) |
Google AI | Conversation text, vehicle queries | Garage Buddy AI responses (Gemini 2.5 Pro) |
ElevenLabs | Text for speech synthesis | Voice responses for Garage Buddy AI |
Google Maps | Addresses, GPS coordinates | Location services, routing, distance calculation |
Ably | User ID, message content | Real-time chat and live order tracking |
Cloudflare | IP address, browser fingerprint | CDN, DDoS protection, bot prevention |
Sentry | Error logs, device info, user actions | Error tracking and performance monitoring |
Google Analytics | Anonymized usage data, page views | Platform analytics and reporting |
Firebase Cloud Messaging | Device tokens, notification content | Push notifications delivery |
Vercel | Request logs, deployment data | Application hosting and edge functions |
Service Providers & Partners: When you book a service, relevant information (your name, vehicle details, service location) is shared with the assigned service provider (mechanic, locksmith, detailer, tinting specialist, car wash operator, breakdown/recovery driver, convenience driver, delivery driver) to fulfil your order. Partner businesses (garages, car service centres, spare parts dealers, breakdown companies, car dealers, insurance companies) receive relevant order and customer information to fulfil bookings and product orders. All providers and partners operate under contractual obligations to protect your data.
5. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
Account data | Until account deletion + 30 days | Service continuity and recovery window |
Transaction records | 7 years | Financial regulations and audit requirements |
AI conversations | 90 days (identifiable), then anonymized | Service improvement and context continuity |
Location data | 12 months | Service history and dispute resolution |
Error logs / analytics | 24 months | Platform stability and performance analysis |
Marketing consent | Until withdrawn | Regulatory compliance (proof of consent) |
Support tickets | 3 years | Quality assurance and dispute reference |
Vehicle data | Until vehicle removal from garage | Part compatibility and service history |
6. Data Security
Encryption
All data in transit is encrypted via TLS 1.3. Sensitive data at rest is encrypted using AES-256. Our payment processors (Stripe, Rapyd, PayPal) handle PCI-DSS Level 1 compliant card storage.
Authentication
Multi-factor authentication via Firebase Auth. Support for email/password, Google, Apple Sign-In, phone OTP, and biometric authentication (Face ID, Touch ID).
Infrastructure
Hosted on Vercel (edge network) and Google Cloud. Firestore security rules enforce per-user data isolation. Cloudflare provides DDoS protection.
Access Controls
Role-based access control across admin portal, partner portal, and driver applications (breakdown, convenience, delivery, mobile service). API endpoints protected by Firebase Auth tokens and Cloudflare Turnstile.
7. Your Rights
Under Qatar's PDPL and applicable regulations, you have the following rights. To exercise any of these, contact us at privacy@yourgarage.qa:
Right of Access
Request a copy of all personal data we hold about you
Right to Rectification
Correct inaccurate or incomplete data in your profile
Right to Erasure
Request deletion of your account and associated data
Right to Restrict Processing
Limit how we use your data while disputes are resolved
Right to Data Portability
Receive your data in a structured, machine-readable format
Right to Object
Opt out of processing based on legitimate interest or marketing
Right to Withdraw Consent
Revoke consent at any time without affecting prior processing
Right to Complain
Lodge a complaint with the Qatar Data Protection Authority
We will respond to all data rights requests within 30 days. Complex requests may take up to 60 days with prior notification. Identity verification is required for all requests to protect your data.
8. International Data Transfers
Some of our service providers process data outside Qatar (primarily in the United States and European Union). We ensure adequate protection through:
- Standard contractual clauses (SCCs) with all international processors
- Data processing agreements (DPAs) that meet Qatar PDPL standards
- Ensuring all processors maintain at least equivalent security measures
- Regular audits of third-party compliance with data protection obligations
9. Children's Privacy
The Platform is not intended for children under 18. We do not knowingly collect personal data from minors. If we discover that a child under 18 has provided personal information, we will delete it promptly. If you believe a child has provided us with personal data, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated through in-app notifications, email, or a prominent notice on the Platform. We encourage you to review this policy periodically. Your continued use of the Platform after changes constitutes acceptance of the updated policy.
Contact Us
For privacy-related questions, data requests, or concerns:
Privacy
privacy@yourgarage.qa
Support
support@yourgarage.qa
Phone
+974 6698 6891
Address
Bani Hajer, Al Rayyan, Doha, Qatar