Privacy Policy

Last updated: April 28, 2026

This Privacy Policy explains how Autodots ("we", "us", "our") collects, uses, stores, shares, and protects information when you use the Autodots platform — including our website at https://autodots.ioand our mobile applications on iOS and Android (together, the "Platform" or "Services").

Autodots has two types of users:
"Garage Partners" — businesses that subscribe to Autodots to manage garage operations.
"Customers" — individuals who use Autodots to book vehicle repair or maintenance services.
By accessing or using Autodots on any device or channel, you confirm that you have read and understood this Privacy Policy and agree to our data practices as described here. If you do not agree, please do not use our Services.

1. Our Approach to Privacy

We believe your data belongs to you. We collect only what we need to operate our Services, protect it rigorously, do not sell it to third parties, and give you meaningful control over it. Three principles guide our approach:

• We collect the minimum data needed. We regularly review what we collect and delete or anonymise data when it is no longer necessary.
• We protect your data from others. If a third party requests your data, we refuse unless you give us permission or we are legally required. When legally required, we will tell you in advance unless prohibited by law.
• We help our Garage Partners meet their privacy obligations. Garage Partners process data about their customers using Autodots tools. We make it easy for them to do so in a privacy-respecting way.

2. Who This Policy Applies To

This policy applies to:

• Garage Partners — individuals and businesses that create an Autodots account to manage their garage using our web platform or mobile app.
• Customers — individuals who use Autodots to search for garages and book services via the website or mobile app.
• Visitors — anyone who browses https://autodots.io without creating an account.

When Garage Partners use Autodots to manage data about their own customers (e.g. storing a vehicle owner's name and service history in the Autodots system), Autodots processes that data as a service provider on behalf of the Garage Partner. The Garage Partner is responsible for how they collect and use their customers' data. If you are a customer of a garage and have a privacy question, please contact that garage directly.

3. Information We Collect

3a. Information you provide to us

• Account registration: full name, email address, mobile number, and password.
• Garage Partner business details: business name, registered address, operating hours, service categories, GST/VAT/tax registration number, and government-issued photo ID for KYC verification.
• Bank and payment details: bank account number, IFSC code (India) or IBAN/sort code/routing number (international), provided for settlement purposes. These are stored by our payment partners (Razorpay / Stripe) using their secure infrastructure. Autodots does not store full bank account numbers or card details on its own servers.
• Booking information: vehicle registration number, make, model, fuel type, year, odometer reading, service type requested, preferred date and time, and any notes or photos you attach.
• Communications: messages between Customers and Garage Partners via the platform, support tickets submitted to Autodots, reviews, and any feedback or surveys you complete.
• Identity documents: for KYC-regulated Garage Partners, we may collect and retain copies of government-issued identity documents as required by applicable financial regulations.

3b. Information collected automatically — web and mobile

• Device and technical data: IP address, browser type and version, operating system, device identifiers (mobile device ID, advertising ID), screen resolution, and network type.
• Usage data: pages or screens viewed, features used, time spent per session, tap/click patterns, search queries entered, and navigation paths within the app or website.
• Location data: if you grant location permission on the mobile app (or inferred from IP address on web), we use this to show nearby garages and pre-fill your location. You can withdraw location permission at any time in your device settings.
• Log data: server access logs, error logs, and crash reports generated by the mobile app or web platform.
• Cookies and tracking technologies: see Section 10 below for full details.

3c. Information from third parties

• Payment partners: transaction confirmation, settlement status, fraud signals, and tokenised payment references from Razorpay (India) and Stripe (international).
• Social / third-party login: if you sign in with Google or another supported provider, we receive your name, email address, and profile picture from that provider.
• KYC and verification services: business registration and identity verification data for Garage Partners from authorised third-party verification providers.

4. How We Use Your Information

We process your data for the following purposes, relying on the legal bases noted:

• To create and manage your account and verify your identity. [Legal basis: contract performance]
• To enable Customers to find garages, make bookings, and pay for services. [Legal basis: contract performance]
• To process payments and transfer settlement amounts to Garage Partners. [Legal basis: contract performance; legal obligation]
• To send booking confirmations, appointment reminders, invoices, and receipts via email, SMS, or push notification. [Legal basis: contract performance]
• To provide customer support and facilitate dispute resolution. [Legal basis: contract performance; legitimate interest]
• To detect, prevent, and investigate fraud, security incidents, and abuse. [Legal basis: legitimate interest; legal obligation]
• To comply with legal obligations including KYC, anti-money laundering, tax reporting, and court orders. [Legal basis: legal obligation]
• To analyse usage patterns to improve the platform (using anonymised or aggregated data where possible). [Legal basis: legitimate interest]
• To send marketing communications about Autodots products and features. [Legal basis: consent — you may opt out at any time]

4b. Marketing Communications

We would be sending you updates and promotions through RCS and other means on the mobile numbers that you have registered with us. Specifically, we may send marketing messages over the following channels:

• RCS (Rich Communication Services) — sent to the mobile number you registered with us, displayed in your default messaging app.
• SMS — sent to the same registered mobile number where RCS is unavailable.
• WhatsApp — sent through Autodots' verified WhatsApp Business account to the registered mobile number.
• Voice Call — outbound calls from our team or our IVR partner.
• Email — sent to the email address you registered with us.

How we obtain consent:we only send these marketing communications after you affirmatively opt in by ticking a clearly worded consent checkbox on our contact, demo, or signup forms. Pre-checked boxes are never used. The exact consent text — “You agree to receive communication messages via RCS, SMS, WhatsApp, Voice Call & Email.” — is recorded with the date, time, and IP address of your click as a permanent audit trail. [Legal basis: consent.]

How to opt out — at any time, free of charge:

• RCS / SMS: reply STOP to any message you receive from us. We will stop sending immediately.
• WhatsApp: reply STOP or block our WhatsApp Business account.
• Voice Call: tell our agent during the call that you do not wish to be contacted again, or email us (below).
• Email: click the unsubscribe link in any marketing email.
• All channels at once: email [email protected] with “Withdraw marketing consent” in the subject. We action requests within 7 working days.

Withdrawing your marketing consent does not affect the lawfulness of processing that occurred before withdrawal. It also does not stop transactional messages related to your bookings, invoices, payments, or vehicle service history — those are sent under contract performance, not marketing consent.

Frequency & content:we cap marketing messages at a reasonable frequency (typically no more than 2 per week per customer) and only send content related to the Autodots automotive marketplace and our garage partners' services. We do not share your phone number or email with third-party advertisers.

5. How We Share Your Information

Autodots does not sell, rent, or trade your personal data. We share it only in the following circumstances:

5a. With Garage Partners (for Customers)

When a Customer makes a booking, we share the Customer's name, contact number, vehicle details, and service request with the assigned Garage Partner solely to enable the service to be performed.

5b. With Customers (for Garage Partners)

Garage Partners' business name, address, operating hours, service offerings, and ratings are displayed to Customers on the Platform to enable bookings.

5c. With payment processors

We share necessary payment and identity information with Razorpay (India) and Stripe (international) to process transactions and settle funds to Garage Partners. Both are certified PCI DSS-compliant payment processors operating under their own privacy and security frameworks.

5d. With technology service providers

We work with cloud infrastructure providers, communication platforms (SMS and email delivery), push notification services, fraud detection tools, and analytics providers. These providers act as data processors on our behalf and are contractually prohibited from using your data for their own purposes.

5e. For legal compliance

We may disclose your information if required to do so by applicable law, court order, regulatory authority, or government demand. Where permitted by law, we will notify you before complying with such a request.

5f. To protect rights and safety

We may share data to protect the rights, property, or safety of Autodots, our users, or the public — for example, in connection with fraud investigations or to enforce our Terms of Service.

5g. In a business transfer

If Autodots is involved in a merger, acquisition, restructuring, or sale of assets, user data may be transferred to the successor entity. We will notify affected users before their data becomes subject to a materially different privacy policy.

6. Payment Data and Settlement

When a Customer pays for a garage booking through Autodots, the payment is collected by Autodots acting as the merchant of record. Autodots retains a Platform Service Fee (displayed at checkout) and transfers the remainder to the Garage Partner's bank account via Razorpay Route (India) or Stripe Connect (international).

We retain transaction records — including amounts, dates, booking references, and payment status — for accounting, tax compliance, and dispute resolution purposes. We do not store full card numbers, CVVs, or sensitive banking credentials on our own servers.

7. International Data Transfers

Autodots operates globally across 13 countries including India, the United States, Canada, the United Kingdom, Australia, the UAE, Saudi Arabia, Germany, France, South Africa, Brazil, and Singapore. To operate our Services, we may transfer your data to countries other than the one in which you reside.

For transfers of personal data from the EU or UK to countries that the European Commission or UK government has not recognised as providing an adequate level of protection, we implement appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent mechanisms under applicable law.

By using Autodots from any jurisdiction, you acknowledge that your data may be processed in India and other countries where our service providers operate.

8. Data Retention

• Account data: retained for the duration of your active account plus 5 years after closure to meet audit and legal obligations.
• Transaction and payment records: retained for a minimum of 7 years for financial record-keeping and tax compliance.
• Booking history and vehicle records: retained for 3 years to support service continuity, warranty follow-up, and dispute resolution.
• KYC documents: retained for the period required by applicable financial regulations (typically 5-7 years).
• Marketing preferences and consent records: retained until you withdraw consent.
• Inactive accounts: flagged after 24 months of inactivity and permanently deleted after 36 months, following email notice to the registered address.

9. Your Rights

Depending on your country of residence, you have some or all of the following rights regarding your personal data:

• Right to access: request a copy of the personal data Autodots holds about you.
• Right to rectification: ask us to correct any inaccurate or incomplete information.
• Right to erasure: ask us to delete your data, subject to legal retention obligations.
• Right to restriction: ask us to limit how we use your data in certain circumstances.
• Right to data portability: receive your data in a structured, machine-readable format to transfer to another provider.
• Right to object: object to our processing of your data where we rely on legitimate interest as the legal basis.
• Right to withdraw consent: where we rely on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before the withdrawal.
• Right to complain: lodge a complaint with your local data protection authority.

To exercise any right, submit a request to [email protected] with your full name, registered email address, and a clear description of your request. We will respond within 30 days. For complex requests, we may extend by a further 30 days with notice.

We may ask you to verify your identity before processing a data rights request to protect your account security.

10. Cookies and Tracking Technologies

Autodots uses cookies and similar tracking technologies on our website and mobile applications. This section covers what we use, why, and how you can control them. This serves as Autodots' cookie disclosure.

10a. What are cookies?

Cookies are small text files stored on your device when you visit a website or use an app. They help the platform recognise you, remember your preferences, and understand how you use our Services. Similar technologies include web beacons, pixel tags, mobile SDKs, and local storage.

10b. Cookies we use

• Strictly necessary — These cannot be disabled as they are required for core platform functionality:
  • Session authentication and login tokens.
  • Security tokens (CSRF protection) to prevent request forgery.
  • Load balancing to route your requests to the correct server.
  • Your cookie consent preference.
• Performance and analytics — These help us understand usage patterns to improve the platform. Data is aggregated and anonymised where possible:
  • Google Analytics — tracks page views, session duration, bounce rates, and usage flows. You can opt out at https://tools.google.com/dlpage/gaoptout.
  • Internal event tracking — monitors in-app feature usage and crash data to guide product improvements.
• Functional — These remember your preferences to improve your experience:
  • Language and region selection.
  • Your last garage search location.
  • Notification and display preferences.
• Marketing and advertising — Placed only with your explicit consent:
  • Google Ads / Remarketing — to show relevant ads based on your interaction with Autodots.
  • Meta (Facebook) Pixel — to measure ad performance and show relevant promotions.

10c. Mobile app tracking

In our mobile applications, we may use mobile analytics SDKs (such as Firebase) to collect app performance data, crash logs, and usage analytics. Advertising identifiers (IDFA on iOS, GAID on Android) may be used for analytics and marketing attribution where you have given consent. You can reset or opt out of ad tracking in your device settings.

10d. Third-party cookies

Some cookies are set by third-party services embedded in the Platform. These parties operate under their own privacy policies:

• Google Analytics: https://policies.google.com/privacy
• Razorpay: https://razorpay.com/privacy/
• Stripe: https://stripe.com/privacy
• Meta: https://www.facebook.com/privacy/policy/

10e. Managing your preferences

When you first visit Autodots, a consent banner will let you accept all cookies, reject non-essential ones, or customise by category. You can update your preferences at any time via the Cookie Settings link in the footer of our website.

You can also manage or delete cookies through your browser settings. Note that disabling strictly necessary cookies will prevent core platform features from working. Key browser options:

• Chrome: Settings > Privacy and Security > Cookies
• Firefox: Options > Privacy and Security
• Safari: Preferences > Privacy
• Edge: Settings > Privacy, Search, and Services

10f. Cookie retention periods

• Session cookies: deleted automatically when you close your browser.
• Persistent cookies: stored for a defined period depending on their purpose (typically 30 days to 2 years).
• Your consent record: stored for up to 12 months and refreshed when you update your preferences.

11. How We Protect Your Information

We implement industry-standard technical and organisational security measures to protect your data, including:

• TLS/SSL encryption for all data in transit between your device and our servers.
• Encryption at rest for sensitive data stored on our infrastructure.
• Multi-factor authentication (MFA) required for all administrative access.
• Role-based access controls — employees access only the data necessary for their role.
• Regular penetration testing, vulnerability assessments, and security audits.
• PCI DSS-compliant payment data handling through Razorpay and Stripe.

No system is completely immune from security incidents. In the event of a data breach that affects your rights and freedoms, Autodots will notify you and the relevant regulatory authority within the timeframes required by applicable law (72 hours for GDPR/UK GDPR regulated breaches; as required by applicable law in other jurisdictions).

12. Children

Autodots is not directed at, and does not knowingly collect personal information from, children under the age of 18. If we become aware that a child under 18 has provided us with personal data, we will delete it promptly. If you believe a minor has submitted data to Autodots, please contact us at [email protected].

13. Do Not Track

Some browsers transmit "Do Not Track" (DNT) signals. Because there is no universally accepted standard for what DNT means or requires, Autodots does not currently alter its data collection practices in response to DNT signals. We will review this position if a clear industry or regulatory standard emerges.

14. Region-Specific Disclosures

• India — Digital Personal Data Protection Act, 2023: Indian users have rights under the DPDP Act 2023 including the right to access, correct, and erase personal data, and the right to nominate a representative. Autodots processes personal data of Indian users as a Data Fiduciary. Our Data Protection Officer can be reached at [email protected].
• European Union — GDPR: For users in the European Economic Area (EEA), our lawful bases for processing are: contract performance (booking and payment services), legal obligation (KYC, tax), legitimate interest (fraud prevention, analytics), and consent (marketing). You have the right to lodge a complaint with your national supervisory authority. For data transfer queries, contact [email protected].
• United Kingdom — UK GDPR:UK users have the same rights as EEA users under UK GDPR. You may lodge a complaint with the Information Commissioner's Office (ICO) at https://ico.org.uk.
• United States — California (CCPA/CPRA): California residents have rights under the California Consumer Privacy Act including the right to know, delete, correct, and opt out of the sale or sharing of personal information. Autodots does not sell personal information. To submit a CCPA/CPRA request: [email protected].
• Australia — Privacy Act 1988: Australian users may access and seek correction of personal information held by Autodots. Complaints may be submitted to the Office of the Australian Information Commissioner (OAIC).
• Canada — PIPEDA and Quebec Law 25: Canadian users may access, correct, and withdraw consent for non-essential processing. Quebec residents have additional rights under Law 25, including data portability and the right to de-indexation in certain circumstances.
• UAE — Federal Decree-Law No. 45 of 2021: UAE users have rights including access, correction, and withdrawal of consent under the UAE Personal Data Protection Law. Autodots processes UAE user data in compliance with this law.
• Saudi Arabia — Personal Data Protection Law (PDPL):Saudi users have rights under the PDPL including access, rectification, and erasure in applicable circumstances. Consent is obtained for all non-essential processing of Saudi users' data.
• Germany and France — GDPR plus national law: GDPR applies to users in Germany and France. French users additionally have rights under the French Data Protection Act (loi Informatique et Libertes) including the right to define instructions for handling of their data after death.
• Brazil — Lei Geral de Protecao de Dados (LGPD):Brazilian users have rights under the LGPD including access, correction, deletion, portability, and withdrawal of consent. Autodots' Data Protection Officer for Brazil-related requests: [email protected].
• South Africa — Protection of Personal Information Act (POPIA): South African users are protected under POPIA. You may request access, correction, and deletion of your personal information. Complaints may be referred to the Information Regulator (South Africa).
• Singapore — Personal Data Protection Act 2012 (PDPA): Singapore users have access and correction rights under the PDPA. Mandatory data breach notifications are reported to the Personal Data Protection Commission (PDPC) where required by the Act.

15. Updates to This Policy

Autodots may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. For material changes, we will notify you via email or an in-app/in-platform notification at least 30 days before the change takes effect. For minor clarifications, we may update the policy without individual notice.

Your continued use of Autodots after the effective date of any update constitutes your acceptance of the revised policy. The current version is always available at https://autodots.io/legal/privacy.

16. Contact Us

• Privacy and data rights: [email protected]
• Legal and compliance: [email protected]
• Registered address: 610, RK World Tower, Near Sheetal Park, 150 Feet Ring Road, Rajkot, Gujarat, India – 360006
• Website: https://autodots.io/legal/privacy

This Privacy Policy is written in English. If it is translated into another language for convenience, the English version controls in the event of any conflict or inconsistency.