Privacy Policy
Last updated: 2026-07-13
This policy explains what Miorly Auto collects, why, and what control you have over it. It is written in plain language for the current development stage of the product. It is a draft and has not yet been reviewed by qualified legal counsel.
Data we collect
- Account data: your login identifier and authentication metadata (once real authentication is connected).
- Profile data: display name, username, bio, avatar, country, city, website, and automotive interests you choose to add.
- Vehicle data: manufacturer, model, engine, mileage, and other specs you enter — including VIN and license plate, which are private by default.
- Posts, comments, and other content you choose to publish.
- Messages you send within the product, once messaging ships.
- Photos you upload, once photo upload ships.
- Service history you log for your vehicles.
- AI queries and the diagnostic responses generated for you, stored as your private conversation history.
- Technical logs (timestamps, error events, request metadata) used for reliability and abuse prevention.
- Cookies and local storage: used to remember your theme preference and session state — not for third-party ad tracking.
What we don't collect by default
- Precise, continuous geolocation — location fields are limited to what you type (country/city).
- Payment card details (no payment processing exists in this build).
Why we process it
- To operate your account, garage, and AI Assistant conversations.
- To generate AI diagnostic responses using your vehicle context and question, when you provide it.
- To keep the platform safe: processing reports, applying blocks/mutes, and preventing abuse.
- To improve the product, only where you've given optional consent (see Settings → Data).
AI providers
AI requests are processed server-side through a provider abstraction — the app never calls a model directly from your browser, and your API keys (if any) never reach the client.
In this build, the active provider is a deterministic mock that runs entirely offline; no data leaves the server. When a real external provider is connected, this section will name it and describe what is sent.
Storage and retention
Data is stored in a PostgreSQL database (via Supabase) protected by row-level security so each user can only read and write their own records, unless something is explicitly made public.
AI conversations, VIN, license plate, and service history are private by default and are never shown on your public profile.
Your rights
- Access and export: download a copy of your data from Settings → Data.
- Deletion: delete your AI conversation history at any time, or request full account deletion (processed after a 30-day grace period).
- Correction: edit your profile and vehicle data at any time.
- Consent withdrawal: turn off any optional consent (AI processing, analytics, personalization, AI training, marketing) independently — turning one off never affects the others.
Analytics and third parties
No third-party analytics or advertising SDKs are integrated in this build.
Hosting and infrastructure providers (e.g. Vercel, Supabase) process data on our behalf as processors, under their own security commitments.
Security
Sensitive fields (VIN, license plate) are private by default. Access to another user's private data is blocked both by application logic and database row-level security.
Secrets (API keys, service-role database credentials) are never stored in client-side code or committed to the repository.
Age requirements
Miorly Auto is not directed at children. You must meet the minimum age required by your country's law to create an account (typically 13 or 16 depending on jurisdiction).
International data transfers
Depending on where our hosting and database providers operate, your data may be processed in a country other than the one you live in. A full transfer-mechanism disclosure will be added once production infrastructure and its regions are finalized.
Contact
Privacy questions: privacy@REPLACE_WITH_REAL_DOMAIN (placeholder — fill in before launch)
This contact channel is a placeholder for the development stage and must be replaced with a real, monitored address before public launch.