Privacy Policy

1. Two Types of Data

Uyhah maintains a fundamental distinction between two categories of data:

Account data

Data tied to you as a person — your email address, skill level, tool inventory, demographic profile, and usage preferences. This data belongs to your account and is deleted or anonymised when your account is closed.

Vehicle data

Data tied to a Vehicle Identification Number (VIN) — diagnostic sessions, repair records, maintenance history, parts used, invoices, photos, outcomes, and cost logs. This data follows the vehicle, not the person. It persists beyond account closure in anonymised form and may transfer to subsequent vehicle owners. It is the foundation of Uyhah's repair intelligence platform and is treated as a permanent vehicle asset record.

2. What We Collect

Account and identity information

Your name and email address are collected via Google OAuth when you sign in. We do not store your Google password. Your name is used only for account identification internally and is never displayed publicly or shared with other users.

Optional demographic profile

You may optionally provide age range, general location, and gender. This information is used to personalise your experience and to generate anonymised aggregate insights about Uyhah's user base. You can update or remove your demographic profile at any time from your account settings. Providing demographic information is never required to use Uyhah.

Vehicle information

Year, make, model, trim, engine type, mileage, VIN, and any nickname you assign to a vehicle. This information anchors your vehicle's record and is used to generate vehicle-specific diagnostic and repair guidance.

Diagnostic submissions

Descriptions of vehicle problems, OBD-II fault codes, and photographs you submit when requesting a diagnosis. This content is processed by AI, stored against your vehicle's VIN record, and used to generate and improve diagnostic output.

Repair and maintenance records

Repair steps completed, parts used, labour performed, and repair outcomes you log. These records are appended to your vehicle's immutable VIN-linked ledger. They cannot be edited or deleted once submitted.

Maintenance invoices and third-party service records

Images of maintenance invoices or service records from mechanics, dealers, or other repair providers that you choose to upload. Uyhah may process these images using AI to extract and structure the repair data they contain, including dates, mileage, work performed, parts replaced, and costs. The original image is retained as a verification artifact in your vehicle's record.

Tool inventory

The tools you add to your toolshed. Used to assess repair feasibility and calibrate guidance to your specific capability.

Skill level

Your self-assessed mechanical skill level. Used to calibrate the complexity and safety framing of repair guidance.

Repair outcomes and feedback

Whether a diagnosis was accurate, whether a repair succeeded or failed, and any qualitative feedback you provide. This is among the most valuable data Uyhah collects — it is used to improve AI diagnostic accuracy and forms a core part of the platform's intelligence pipeline.

Consent records

For Tier 3 advanced repairs, your explicit consent is logged before repair guidance is displayed. Consent records include a timestamp, session identifier, vehicle VIN, repair type, and IP address. These records are retained indefinitely for legal and safety purposes and are never deleted, including upon account closure.

Usage and error data

Application performance data, error reports, and session activity collected via Sentry. This may include browser type, device type, and the sequence of actions leading to an error. This data is used solely for platform stability and improvement.

3. How We Use Your Data

— Provide, operate, and personalise the Uyhah diagnostic experience

— Generate vehicle-specific repair guidance calibrated to your vehicle, skill level, and tool inventory

— Build and maintain an immutable VIN-linked vehicle history record

— Train and improve Uyhah's AI diagnostic and repair intelligence models using anonymised data

— Develop anonymised aggregate data products for commercial partners as described in Section 7

— Monitor platform performance and resolve errors

— Maintain legally required consent records

— Send transactional communications about your account when necessary

4. Email Communications

Uyhah will only send you email for transactional purposes — account creation confirmation, material changes to these policies, security notices, and responses to your direct enquiries. We do not send marketing emails, promotional campaigns, newsletters, or any unsolicited commercial communications. Ever. You will not be added to any mailing list without your explicit opt-in consent.

5. VIN-Linked Data and Ownership Transfer

Vehicle repair and maintenance data is permanently linked to the vehicle's VIN. Each VIN has one active custodian — the current verified owner — who holds write access to that vehicle's record. All entries are append-only and immutable once submitted.

When a vehicle changes ownership, the prior custodian's entries remain on the VIN record in anonymised form. The new custodian will see the repair history attributed to "Previous Owner" rather than to any individual. Uyhah retains full internal attribution records for legal and dispute resolution purposes, which are never disclosed to subsequent owners.

Prior custodians may export a complete copy of their vehicle's repair history at any time before or after transfer. This export includes all entries they created and is provided in a portable format.

VIN-linked vehicle data persists in anonymised form indefinitely, including after account closure. This data constitutes the vehicle's permanent asset record and is integral to the Uyhah platform's value and intelligence pipeline.

6. Photo and Document Storage

All photos and document images you upload are stored in a private, access-controlled storage system. They are never publicly accessible. Access requires a time-limited signed URL generated specifically for your authenticated session.

Photos submitted with diagnostic sessions where you provide outcome feedback are retained as part of the vehicle's VIN record and may be used in AI model training in anonymised form. Photos from sessions with no outcome logged may be removed from active storage after 90 days, though the diagnostic record itself is retained.

7. Commercial Data Use

Uyhah reserves the right to develop and license anonymised, aggregated data products derived from vehicle repair and maintenance data collected on the platform. This includes but is not limited to: aggregate repair frequency data by make, model, and year; common fault code patterns; parts failure rates; regional maintenance trends; and repair cost benchmarks.

Any data shared with or licensed to commercial partners — including insurers, vehicle dealers, fleet operators, parts manufacturers, or automotive research organisations — will be anonymised and aggregated. No personally identifiable information, no individual VIN records, and no individual account data will ever be sold or shared with third parties for commercial purposes.

We will never sell your name, email address, or any directly identifying information to any third party under any circumstances.

8. Third-Party Service Providers

Uyhah uses the following third-party services to operate the platform:

— Google OAuth — account authentication

— Google Gemini AI — AI diagnostic and repair processing. Your vehicle descriptions, fault codes, and photos are transmitted to Google's Gemini API to generate diagnoses. Google's API terms and data handling policies apply to this processing.

— Supabase — primary database and file storage, hosted on AWS infrastructure

— Railway — application hosting and deployment

— Redis Cloud — temporary diagnostic response caching, hosted on AWS

— Sentry — error monitoring and performance tracking

Each provider operates under its own privacy policy and data processing terms. We select providers with strong data protection practices. We do not authorise any provider to use your data for their own commercial purposes beyond delivering their service to us.

9. Data Retention

Account data — retained while your account is active. Upon account deletion, your personal identifying information is removed within 30 days.

VIN-linked vehicle data — retained indefinitely in anonymised form regardless of account status. This data is a permanent vehicle asset record.

Consent records — retained indefinitely and never deleted, including after account closure. These records exist for legal and safety purposes.

Diagnostic photos — retained as part of the VIN record where outcome feedback has been provided. Photos from sessions with no outcome may be removed from active storage after 90 days.

Error and performance data — retained for up to 90 days in Sentry and then purged.

10. Your Rights and Controls

You have the following rights regarding your personal data:

Access — you may request a copy of the personal data we hold about you.

Correction — you may request correction of inaccurate account data.

Deletion — you may request deletion of your account and personal identifying information. Note that VIN-linked vehicle data and consent records are not subject to deletion requests as described in Section 9.

Demographic opt-out — you may remove or update your optional demographic profile at any time from account settings.

Vehicle history export — you may export your vehicle's complete repair history at any time in a portable format.

To exercise any of these rights, contact us at rob@uyhah.com. We will respond within 30 days.

11. International Users

Uyhah is currently operated for users in the United States. If you access Uyhah from outside the United States, your data will be transferred to and processed in the United States, where data protection laws may differ from those in your country.

We are aware of our obligations under international frameworks including the EU General Data Protection Regulation (GDPR) and will update this policy and our data practices as we expand to international markets. International users accessing Uyhah prior to that expansion do so with the understanding that full compliance with their local data protection framework is not yet in place.

12. Children

Uyhah is not intended for users under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has created an account, contact us at rob@uyhah.com and we will remove the account promptly.

13. Security

We implement industry-standard security measures including encrypted data transmission, access-controlled storage, authenticated API endpoints, and regular security monitoring. No system is perfectly secure. In the event of a data breach that affects your personal information, we will notify you via the email address associated with your account within 72 hours of becoming aware of the breach.

14. Changes to This Policy

We may update this Privacy Policy at any time. Material changes will be communicated via the email address associated with your account at least 14 days before taking effect. The updated date at the top of this page reflects the most recent revision. Continued use of Uyhah after changes take effect constitutes your acceptance of the updated policy.

15. Contact

Privacy questions, data requests, or concerns: rob@uyhah.com