PrivacyPolicy
OBD PORTAL - PRIVACY POLICY
Effective Date: January 29, 2026
Last Updated: January 29, 2026
This Privacy Policy describes how OzcarElectronics ("Company", "we", "us", "our"), operating the OBD Portal platform at shop.obdportal.com ("Website"), collects, uses, stores, and protects your personal information when you use our Website, Software, and Services.
By using our Website, purchasing our Products, or creating an Account, you consent to the data practices described in this policy.
1. Information We Collect
1.1 Information You Provide Directly
- Account Information: Username, email address, password (stored as a bcrypt hash, never in plain text).
- Purchase Information: Billing name, billing address, payment method details (processed by Shopify Payments - we do not store credit card numbers).
- Support Communications: Messages, emails, and debug logs you send to our support team.
1.2 Information Collected Automatically
- Device Information: Operating system, software version, PassThru device type, hardware identifiers.
- Connection Data: IP address, connection timestamps, session duration.
- Usage Data: Procedures executed, tokens consumed, diagnostic operations performed, VIN (Vehicle Identification Number) of connected vehicles.
- Diagnostic Data: CAN bus communication frames (TX/RX) sent and received during procedures, ECU response data, error logs.
1.3 Information from Third Parties
- Shopify: Order information, payment confirmation, and customer details when you make a purchase through our store.
- Payment Processors: Transaction confirmation and fraud detection data.
2. How We Use Your Information
We use the collected information for the following purposes:
- Service Delivery: To authenticate your Account, deliver procedures, manage tokens, and provide the core functionality of the Software.
- Technical Support: To diagnose issues, debug software problems, and provide customer assistance.
- Software Improvement: To improve procedures, fix bugs, and enhance software reliability based on anonymized diagnostic data.
- Security: To detect unauthorized access, prevent fraud, and protect our intellectual property.
- Communication: To send important service notifications, software updates, and support responses.
- Legal Compliance: To comply with applicable laws and respond to lawful requests from authorities.
3. Data Sharing and Disclosure
We do NOT sell your personal data to third parties. We may share information only in the following circumstances:
3.1 Service Providers
- Shopify: E-commerce platform that processes your orders and payments.
- Payment Processors: To process your token and product purchases securely.
- Cloudflare: For website security, DDoS protection, and content delivery.
3.2 Legal Requirements
We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
3.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction. You will be notified via email or prominent notice on our Website.
4. Data Storage and Security
4.1. Your data is stored on secured servers. Passwords are hashed using bcrypt with salt rounds and are never stored in plain text.
4.2. All communications between the Software and our Server are encrypted.
4.3. We implement rate limiting, login attempt tracking, account lockout mechanisms, CSRF protection, and session timeout controls to protect your Account.
4.4. While we implement industry-standard security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
5. Data Retention
5.1. Account Data: Retained for as long as your Account is active. Upon Account deletion request, personal data will be deleted within 30 days, except where retention is required by law.
5.2. Transaction Records: Retained for a minimum of 5 years to comply with accounting and tax regulations.
5.3. Diagnostic Logs: Procedure logs and CAN bus data are retained for up to 12 months for support and debugging purposes, then automatically anonymized or deleted.
5.4. Support Communications: Retained for up to 24 months after the last interaction.
6. Your Rights
Depending on your location, you may have the following rights:
6.1 General Rights (All Users)
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate personal data.
- Deletion: Request deletion of your personal data (subject to legal retention requirements).
- Data Export: Request your data in a portable, machine-readable format.
6.2 European Economic Area (EEA) Users - GDPR Rights
If you are located in the EEA, you have additional rights under the General Data Protection Regulation (GDPR):
- Lawful Basis: We process your data based on: (a) contractual necessity (to provide the Service), (b) legitimate interest (to improve and secure the Service), and (c) your consent (for marketing communications).
- Right to Restrict Processing: You may request that we restrict processing of your data in certain circumstances.
- Right to Object: You may object to processing based on legitimate interest.
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time.
- Right to Lodge a Complaint: You may file a complaint with your local data protection supervisory authority.
6.3 California Users - CCPA Rights
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):
- Right to Know: You may request details about the personal information we have collected about you.
- Right to Delete: You may request deletion of your personal information.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
- Do Not Sell: We do NOT sell personal information. No opt-out is required because we do not engage in the sale of personal data.
To exercise any of these rights, contact us at: contact.obdportal@gmail.com
7. Cookies and Tracking
7.1. Our Website uses cookies and similar technologies for the following purposes:
- Essential Cookies: Required for Website functionality, shopping cart, and checkout (set by Shopify). These cannot be disabled.
- Session Cookies: Used to maintain your login session on the User Dashboard. These expire when you close your browser or after 60 minutes of inactivity.
- Analytics Cookies: Used to understand how visitors interact with our Website (e.g., page views, traffic sources). These are anonymized.
7.2. You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent the Website from functioning correctly.
8. Children's Privacy
8.1. The Product is intended for professional automotive use and is not directed to children under the age of 16.
8.2. We do not knowingly collect personal information from children under 16. If we discover that we have collected data from a child under 16, we will delete it promptly.
8.3. If you believe a child has provided us with personal information, please contact us at contact.obdportal@gmail.com.
9. International Data Transfers
9.1. Your data may be processed and stored in countries outside your country of residence. When transferring data internationally, we ensure appropriate safeguards are in place in accordance with applicable data protection laws.
9.2. By using our Service, you consent to the transfer of your data to countries where our servers and service providers operate.
10. Changes to This Privacy Policy
10.1. We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date.
10.2. Material changes will be communicated through the Website or via email to registered users.
10.3. Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.
11. Contact Us
For privacy-related questions, data access requests, or concerns, contact:
OzcarElectronics - Data Protection
Email: contact.obdportal@gmail.com
Website: shop.obdportal.com
We will respond to all legitimate requests within 30 days.
By OzcarElectronics © 2026. All rights reserved.