Privacy Policy

Introduction

Cartoq ("we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, share, and protect information when you use our automotive intelligence platform at cartoq.com (the "Platform").

By using the Platform, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our services.

Information We Collect

1. Information You Provide Directly

Account Registration:

• Email address
• Password (encrypted and stored securely)
• Name (optional)
• Mobile number (optional, for WhatsApp updates)
• Location/City (for personalized pricing)

Research Activity:

• Models you view and save
• Comparisons you create
• Intelligence pages you access
• Preferences you set
• Notes you add to your research

Communications:

• Messages sent through contact forms
• Support ticket content
• Feedback and survey responses
• Email correspondence

2. Information Collected Automatically

Usage Data:

• Pages visited and time spent
• Click patterns and navigation paths
• Device type and operating system
• Browser type and version
• IP address and general location
• Referral source (how you found us)

Technical Data:

• Cookies and similar technologies
• Session information
• Error logs and diagnostics
• Performance metrics

3. Information from Third Parties

Social Media: If you choose to sign in through social media accounts (Facebook, Google), we receive basic profile information as permitted by your privacy settings on those platforms.

Analytics Providers: We use Google Analytics, Google Tag Manager, Facebook Analytics, Marfeel, Comscore and other tools to understand platform usage patterns. These services collect data according to their own privacy policies.

How We Use Your Information

We use collected information for the following purposes:

1. Platform Functionality

• Create and manage your account
• Save and sync your research across devices
• Provide personalized recommendations
• Enable comparison tools and intelligence features
• Track your decision progress and confidence scoring

2. Communication

• Send account-related notifications
• Provide research updates via WhatsApp (with consent)
• Respond to your inquiries and support requests
• Send important platform updates

3. Improvement & Analytics

• Analyze usage patterns to improve features
• Understand which models are most researched
• Identify technical issues and bugs
• Develop new features based on user behavior
• A/B test platform improvements

4. Content & Recommendations

• Personalize model recommendations
• Tailor intelligence insights to your preferences
• Show relevant comparisons
• Suggest next steps in your research journey

5. Business Operations

• Facilitate OEM/Dealer connections when you're ready to purchase
• Provide aggregated insights to OEM partners (anonymized)
• Detect and prevent fraud or abuse
• Comply with legal obligations

6. Marketing (With Consent)

• Send promotional content about platform features
• Notify you about relevant new car launches
• Share automotive market insights
• Promotional campaigns and offers

You can opt out of marketing communications at any time through your account settings or by clicking "unsubscribe" in emails.

How We Share Your Information

We respect your privacy and do not sell your personal information to third parties.

1. Service Providers

We share information with trusted service providers who help us operate the Platform:

• Hosting Services: DigitalOcean (infrastructure)
• Email Services: For account and transactional emails
• Analytics: Google Analytics, Facebook Analytics, Marfeel, ComScore and other tools
• Content Delivery: For images and media
• Support Tools: For customer service

These providers are contractually obligated to protect your data and use it only for the services they provide to us.

2. Automotive Partners (With Your Consent)

OEM/Dealer Partnerships: When you express purchase intent and consent to connect with OEMs/Dealers, we share:

• Your contact information (name, email, phone)
• Models you're interested in
• Your research summary (decision readiness level)

We only share information with authorized OEMs/Dealers and OEM partners after you explicitly consent. You control when and how this sharing occurs.

Aggregated Data: We provide anonymized, aggregated insights to automotive partners (e.g., "30% of users comparing SUVs prefer diesel variants"). This data cannot identify you individually.

3. Legal Requirements

We may disclose information when required by law or to:

• Comply with legal processes (court orders, government requests)
• Enforce our Terms of Use
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Respond to emergencies involving personal safety

4. Business Transfers

If Cartoq is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email and/or Platform notice before your information is transferred and becomes subject to a different privacy policy.

5. With Your Consent

We may share information for purposes not listed here when we have your explicit consent.

Data Security

We implement industry-standard security measures to protect your information:

Technical Safeguards:

• Encrypted data transmission (SSL/TLS)
• Secure password storage (hashed and salted)
• Regular security audits
• Firewalls and intrusion detection
• Secure database access controls

Organizational Safeguards:

• Limited employee access (need-to-know basis)
• Confidentiality agreements for staff
• Regular security training
• Incident response procedures

User Responsibility: You are responsible for maintaining the confidentiality of your password. Do not share your login credentials with others. Notify us immediately at [email protected] if you suspect unauthorized access to your account.

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Your Rights & Choices

You have the following rights regarding your personal information:

1. Access & Portability

• Right to Access: Request a copy of the personal information we hold about you
• Right to Data Portability: Request your research data in a portable format (PDF export available)

How to Exercise: Contact us at [email protected] or export from your account settings.

2. Correction

Right to Rectification: Update or correct inaccurate personal information.

How to Exercise: Edit directly in your account settings or contact [email protected].

3. Deletion

Right to Erasure: Request deletion of your account and personal information.

How to Exercise:

• Delete your account from account settings, OR
• Email [email protected] with your request

Important: Deletion removes all saved research and cannot be undone. We may retain some information as required by law or for legitimate business purposes.

Retention After Deletion:

• Transaction records: 7 years (legal requirement)
• Aggregated analytics: Retained (anonymized)
• Support tickets: 3 years (business records)

4. Restriction & Objection

• Right to Restrict Processing: Request limitations on how we use your data
• Right to Object: Object to certain processing activities, particularly for marketing

How to Exercise: Contact [email protected] with specific objections.

5. Marketing Opt-Out

• Email Marketing: Unsubscribe link in all marketing emails or update preferences in account settings
• WhatsApp Updates: Opt out through account settings or reply STOP to messages

6. Cookie Management

Control cookies through your browser settings. Note that disabling cookies may limit Platform functionality.

Response Time: We respond to privacy requests within 30 days.

Data Retention

We retain your information for different periods based on purpose:

Active Account Data:

• Retained while your account is active
• Research and preferences: Indefinitely (until you delete)
• Login activity: 24 months

Deleted Account Data:

• Personal information: Deleted within 30 days
• Anonymized analytics: Retained permanently
• Legal records: 7 years (as required by law)

Backup Systems: Data may persist in backup systems for up to 90 days after deletion from active systems.

Cookies & Tracking Technologies

Types of Cookies We Use

1. Essential Cookies (Required):

• Authentication and session management
• Security features
• Platform functionality
• Cannot be disabled without losing core features

2. Analytics Cookies (Performance):

• Google Analytics (usage patterns)
• Marfeel Analytics (content performance)
• Error tracking and diagnostics
• Can be controlled through browser settings

3. Advertising Cookies (Marketing):

• Facebook Pixel (social media advertising)
• Google Ads (targeted advertising)
• Conversion tracking
• Can be managed through your browser or opt-out links

4. Preference Cookies (Functional):

• Language preferences
• Display settings
• Saved filters
• Enhance user experience

Managing Cookies

Browser Controls: Most browsers allow you to refuse cookies or delete existing cookies. Visit your browser's help section for instructions.

Third-Party Opt-Out:

• Google Analytics Opt-out: tools.google.com/dlpage/gaoptout
• Facebook Pixel: Manage through Facebook Ad Preferences
• Industry Opt-out: www.networkadvertising.org/choices

Impact of Disabling Cookies: Disabling cookies may prevent you from accessing certain features, including saved research and personalized recommendations.

Third-Party Links & Services

The Platform may contain links to third-party websites, services, or content (e.g., manufacturer websites, video embeds, social media).

We Are Not Responsible For:

• Privacy practices of third-party sites
• Content on external websites
• Data collection by linked services

Your Responsibility: Review the privacy policies of any third-party sites you visit. Their practices are not covered by this Privacy Policy.

Third-Party Services We Use:

• Google Maps API (location services)
• YouTube (video embeds)
• Social media platforms (content embeds)
• Firebase (authentication services)

Each service has its own privacy policy governing data collection.

Children's Privacy

Cartoq is not directed to children under 18 years of age. We do not knowingly collect personal information from minors.

If You Are Under 18: Do not create an account or submit personal information. If you are a parent/guardian researching for your family, you must create the account yourself.

If We Learn We Have Collected Information from a Minor: We will delete it promptly upon discovery or parental notification.

Contact Us: If you believe we have inadvertently collected information from a minor, contact [email protected] immediately.

Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or Platform features.

How We Notify You:

• Material Changes: Email notification to your registered address and prominent Platform notice
• Minor Changes: Updated "Last Updated" date at the top of this policy

Your Continued Use: Continued use of the Platform after policy changes constitutes acceptance of the updated terms. If you disagree with changes, please discontinue use and delete your account.

Previous Versions: We maintain an archive of previous policy versions. Contact [email protected] to request historical versions.

Legal Basis for Processing

Under the Information Technology Act, 2000, and related rules, we process your personal information based on:

1. Consent: When you create an account, subscribe to updates, or consent to OEM/Dealer connections, you provide explicit consent for data processing.
2. Contractual Necessity: Processing required to provide Platform services you've requested (account management, research tools, intelligence features).
3. Legitimate Interests: Analytics, fraud prevention, and platform improvement serve our legitimate business interests while respecting your rights.
4. Legal Obligations: Compliance with applicable Indian laws, regulations, and court orders.

You may withdraw consent at any time by deleting your account or contacting us, though this may limit Platform functionality.

International Users

Cartoq primarily serves users in India. If you access the Platform from outside India:

• Data Storage: Your information is stored on servers located in India (DigitalOcean infrastructure).
• Data Transfers: Some service providers (Google Analytics, Facebook) may transfer data internationally. These transfers are governed by their respective privacy policies.
• Your Responsibility: Ensure your use of the Platform complies with your local laws. We do not guarantee compliance with non-Indian privacy regulations.

Contact Us

For privacy-related questions, concerns, or requests:

What to Include in Your Request:

• Your registered email address
• Description of your request or concern
• Specific information you're requesting (for access requests)
• Proof of identity (may be required for certain requests)

Grievance Redressal

Redressal Mechanism: Any complaints or concerns with regards to the processing of information provided by you or breach of these terms shall be immediately informed to the designated Grievance Officer via email to [email protected]

What You Can Report:

• Privacy violations
• Unauthorized data access
• Data breach concerns
• Misuse of personal information
• Non-compliance with this policy