Privacy Policy

Last updated: May 28, 2026

1. Introduction

This Privacy Policy explains how BK Garage Pro ("we", "us", "our") collects, uses, and protects information when you use the Automotive Repair Shop and Mobile Mechanic Management Software ("Software"). It applies to our website at bkgaragepro.com and all associated services.

We are the data controller of account and subscription information we collect directly from you. When you use the Software to store your customers' data, you act as the data controller of that information and we act as your data processor. See Section 14 for details on that relationship.

2. Information We Collect

We may collect the following categories of personal information:

Identifiers: name, email address, business name, IP address, account credentials
Business information: shop address, phone number, contact details
Commercial information: subscription plan, billing history, transaction records
Vehicle and customer data: names, phone numbers, addresses, VINs, make/model, service history � entered by you on behalf of your shop customers
Usage and device data: browser type, operating system, pages visited, activity logs
Payment data: processed entirely by Stripe � we never store or see card numbers

3. Lawful Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following lawful bases:

Contract performance � to provide the Software and manage your subscription
Legitimate interests � to improve our services, ensure security, and prevent fraud
Legal obligation � to comply with applicable laws and regulations
Consent � where you have given specific consent (e.g., marketing communications); you may withdraw consent at any time

4. How We Use Information

We use collected information to:

Provide, operate, and maintain the Software
Process transactions and manage subscriptions
Improve system functionality and performance
Communicate with you about updates, support, and account matters
Ensure security, detect fraud, and enforce our Terms of Service
Comply with legal obligations

5. Data Sharing and Sub-Processors

We do not sell, rent, or trade your personal information to any third party. We share data only with the following service providers (sub-processors) who process it strictly on our behalf:

Stripe (USA) � payment processing and subscription management. Stripe Privacy Policy
Vercel (USA) � website hosting and serverless compute. Vercel Privacy Policy
Neon (USA, AWS us-east-1) � managed serverless PostgreSQL database hosting. All business and customer data entered into the Software is stored in Neon's infrastructure. Neon is SOC 2 Type 2 certified and encrypts all data at rest (AES-256) and in transit (TLS). Neon Privacy Policy
Anthropic (USA) � AI language model provider powering the AI assistant and AI-assisted features. Messages submitted to AI features are processed by Anthropic. By default, Anthropic does not use API data to train its models. Anthropic Privacy Policy
Resend (USA) — transactional email delivery. Outbound emails including invoices, estimates, account notifications, and service communications are routed through Resend for delivery. Message content transits their infrastructure briefly and email logs are retained for a limited debugging window. Resend Privacy Policy

We may also disclose information to legal or regulatory authorities when required by law, or to protect our rights and the safety of others.

6. International Data Transfers (GDPR)

BK Garage Pro is based in the United States. Our sub-processors (Stripe, Vercel, Neon) are also US-based. If you access the Software from the EEA, UK, or other regions with data transfer restrictions, your personal data may be transferred to and processed in the United States.

Where required, we rely on appropriate safeguards for such transfers, including Standard Contractual Clauses (SCCs) adopted by the European Commission, and ensure our sub-processors maintain equivalent protections. By using the Software, you acknowledge and consent to this transfer.

7. Data Security

We implement reasonable administrative, technical, and physical safeguards including:

Encryption at rest: All data stored in our database (Neon) is encrypted at rest using AES-256
Encryption in transit: All data transmitted between your browser and our servers is encrypted via HTTPS/TLS
Password security: Passwords are hashed using bcrypt � they are never stored in plain text and cannot be reversed
Session security: HttpOnly, Secure session cookies prevent client-side script access
Payment security: Payment card data is handled entirely by Stripe and never touches our servers
Database security: Our database (Neon) is SOC 2 Type 2 certified with network-level access controls and automated backups
Multi-tenant isolation: Each shop's data is logically isolated and inaccessible to other shops at the application level

No system is completely secure. In the event of a data breach affecting your rights, we will notify you as required by applicable law � within 72 hours for GDPR-covered individuals and within applicable state law timeframes for other users.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Software and fulfill legal obligations. The following retention periods apply:

Active accounts: data is retained for the duration of the subscription.
Post-cancellation export window: upon cancellation, your data remains accessible for export for 90 days. After that window, account data is deleted.
Verified deletion requests: for individual data deletion requests submitted under CCPA or GDPR, we will complete deletion within 30 days of verification, subject to the exceptions below.
Repair order and financial records: repair orders, invoices, and related financial records may be retained for up to 7 years to comply with state automotive repair regulations, tax law, and warranty obligations. Many states require repair shops to maintain service records for 3 or more years. We retain this data on your behalf as your data processor and will provide an export upon request.
Legal holds: we may retain data longer if required by a legal obligation, court order, or regulatory requirement.

9. Your Rights (GDPR � EEA & UK Users)

If you are located in the EEA or UK, you have the following rights under the General Data Protection Regulation (GDPR) and UK GDPR:

Right of access � request a copy of the personal data we hold about you
Right to rectification � request correction of inaccurate or incomplete data
Right to erasure ("right to be forgotten") � request deletion of your personal data
Right to restriction � request that we restrict processing of your data
Right to data portability � receive your data in a structured, machine-readable format
Right to object � object to processing based on legitimate interests
Right to withdraw consent � where processing is based on consent, withdraw it at any time without affecting prior processing
Right to lodge a complaint � you have the right to lodge a complaint with your local data protection supervisory authority (e.g., the ICO in the UK, or your EU member state authority)

We will respond to verifiable requests within 30 days as required by GDPR. To exercise any of these rights, email us at info@bkgaragepro.com.

10. Your Rights (CCPA � California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:

Right to know � request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, our business purpose for collecting it, and the categories of third parties with whom it is shared
Right to delete � request deletion of personal information we have collected from you, subject to certain exceptions
Right to correct � request correction of inaccurate personal information
Right to opt-out of sale or sharing � we do not sell or share your personal information with third parties for cross-context behavioral advertising
Right to non-discrimination � we will not deny you services, charge different prices, or provide a different quality of service because you exercised your CCPA rights

We will respond to verifiable consumer requests within 45 days as required by the CCPA. To submit a request, email us at info@bkgaragepro.com with "CCPA Request" in the subject line. We may need to verify your identity before processing your request.

11. U.S. State Privacy Rights

We honor privacy rights for all U.S. residents regardless of which state you live in. Rather than maintain a state-by-state list that changes as new laws are enacted, we apply the same core rights to every user as a matter of policy.

The following rights apply to you where your state law requires, and we extend them broadly to all U.S. residents:

Right to access — request a copy of the personal data we hold about you
Right to correction — request that we correct inaccurate personal data
Right to deletion — request deletion of personal data we have collected, subject to legal retention requirements
Right to data portability — receive your data in a portable, usable format
Right to opt out of sale or targeted advertising — we do not sell personal data or use it for targeted advertising
Right to opt out of profiling — we do not engage in automated profiling that produces legal or similarly significant effects
Right to appeal — if we deny your request, you may appeal by emailing us with "Privacy Appeal" in the subject line

To exercise any of these rights, email info@bkgaragepro.com and include your state and the specific right you are exercising in the subject line. We will respond within the timeframe required by your state’s law (typically 30–45 days) and may need to verify your identity before processing your request.

11a. Sensitive Personal Information

Some data processed through the Software may qualify as sensitive personal information under applicable law. This includes combinations of vehicle identification numbers (VINs) with owner identity, and employee-related records. We treat such data with heightened care: it is not sold, not used for advertising, not shared with third parties except as required to provide the Software, and is subject to the same security controls described in Section 7. California residents may direct us to limit the use of sensitive personal information by emailing us with "Limit Sensitive Data" in the subject line.

12. Cookies and Tracking

We use only the cookies necessary to operate this website. We do not use advertising cookies, cross-site tracking pixels, or behavioral profiling technologies of any kind.

Name / Storage Key	Category	Purpose	Duration
`bkgp_session`	Strictly Necessary	Keeps you signed in to your account. Set as HttpOnly and Secure � cannot be accessed by browser scripts and is transmitted only over HTTPS.	7 days
`bkg_cookie_consent` (localStorage)	Strictly Necessary	Remembers your cookie consent choice so the banner does not reappear on every visit. Stored in browser localStorage � not transmitted to our servers.	Until browser data is cleared
Stripe cookies	Functional (Payment)	Set by Stripe on checkout pages for fraud prevention and payment security. Required to complete subscription purchases. See Stripe's Privacy Policy.	Varies (set by Stripe)
Vercel edge cookies	Strictly Necessary	Short-lived cookies set by our hosting provider (Vercel) for DDoS protection and routing. Not used for tracking.	Session

You can review or change your cookie preferences at any time using the Cookie Settings link in the site footer, or by clearing cookies in your browser settings. Removing the bkgp_session cookie will sign you out.

13. User Responsibilities as Data Controller

When you use the Software to store or process your shop customers' personal data (names, phone numbers, vehicle information, etc.), you become the data controller of that information under applicable law. You are responsible for:

Obtaining all necessary consents from your customers where required
Providing your customers with appropriate privacy notices
Complying with all applicable data protection laws in your jurisdiction
Protecting login credentials and restricting access to authorized personnel

14. Children's Privacy

BK Garage Pro is intended for business use by adults aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected such data, please email us immediately at info@bkgaragepro.com for deletion.

15. Data Processing Agreement (GDPR)

If you process personal data of individuals in the EEA or UK using our Software, you act as the data controller and we act as your data processor under Article 28 GDPR. By using the Software you agree that:

We will process such data only on your documented instructions (i.e., to provide the Software)
We will maintain appropriate technical and organizational security measures
We will assist you in responding to data subject requests where technically feasible
We will delete or return data upon termination of service
Our sub-processors (listed in Section 5) are engaged under equivalent obligations

If you require a formal signed Data Processing Agreement (DPA), email us at info@bkgaragepro.com.

16. Artificial Intelligence & Automated Processing

The Software includes an AI-powered support assistant ("AI Assistant") available on our website. This feature is powered by Anthropic's Claude language model. The following applies to your use of AI features:

Chatbot disclosure: The AI Assistant is an automated software agent � not a human. In compliance with applicable bot disclosure laws (including California SB 1001), we disclose that you are interacting with an AI when using this feature.
Data submitted to AI: Messages you send to the AI Assistant are transmitted to Anthropic for processing. Do not submit sensitive personal information, passwords, payment data, or confidential customer data through the AI Assistant.
No AI training on your data: By default, Anthropic does not use data submitted via the API to train or improve its models.
AI accuracy: Responses from the AI Assistant are informational only and may not always be accurate. We are not liable for decisions made based on AI-generated responses.
No automated decisions: We do not use automated processing, including AI, to make decisions about your account, subscription, or access to the Software that produce legal or similarly significant effects (GDPR Article 22).
AI features are limited to our support assistant on the public website. The Software itself does not use AI to process your shop customers' personal data.

18. Do Not Track

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. Because there is no consistent industry standard for responding to DNT signals, BK Garage Pro does not alter its data practices in response to DNT signals. We do not engage in cross-site behavioral tracking regardless.

19. Contact & Mailing Address

For all privacy-related inquiries, data deletion requests, or DPA requests, please contact us at:

BK Garage Pro
Jackson, Tennessee, United States
Email: info@bkgaragepro.com

20. Third-Party Services

The Software integrates with third-party tools including Stripe for payments. We are not responsible for the privacy practices of these services. Links to their privacy policies are provided in Section 5.

21. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and, where changes are material, notify you by email or a prominent notice in the Software. Continued use after changes are posted constitutes acceptance of the updated policy.

Privacy requests & questions
Email us at info@bkgaragepro.com for all privacy-related requests.
Please include "CCPA Request" or "GDPR Request" in the subject line as applicable.
We aim to respond within the legally required timeframe (30 days GDPR / 45 days CCPA).