Privacy Policy

Introduction

Crash CODEX ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our automotive intelligence platform and related services.

By using our services, you consent to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our services.

Information We Collect

Personal Information

We may collect personal information that you voluntarily provide when:

• Registering for an account or API access
• Submitting support requests or feedback
• Participating in surveys or promotional activities
• Communicating with us via email or other channels

Automatically Collected Information

When you use our services, we automatically collect certain information, including:

• IP addresses and device information
• Browser type and version
• API usage patterns and performance metrics
• Log files and error reports
• Geographic location (general)

Vehicle and Damage Information

Through our API services, we process:

• Vehicle identification numbers (VINs)
• Vehicle specifications and details
• Damage descriptions and assessments
• Repair estimates and related data
• Images and documentation (when provided)

How We Use Your Information

We use the collected information for the following purposes:

• Service Provision: To provide, maintain, and improve our automotive intelligence services
• API Processing: To generate estimates, analyze damage, and provide intelligent insights
• Account Management: To create and manage your account, process payments, and provide customer support
• Communication: To respond to inquiries, send service updates, and provide technical support
• Analytics: To analyze usage patterns, improve our algorithms, and enhance user experience
• Security: To detect, prevent, and address technical issues and security threats
• Legal Compliance: To comply with applicable laws, regulations, and legal processes

Information Sharing and Disclosure

We Do Not Sell Your Data

We do not sell, trade, or rent your personal information to third parties for commercial purposes.

Limited Sharing

We may share information in the following limited circumstances:

• Service Providers: With trusted third-party services that help us operate our platform (cloud infrastructure, analytics, support)
• Legal Requirements: When required by law, court order, or governmental request
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Protection: To protect our rights, safety, or the rights and safety of others
• Consent: With your explicit consent for specific purposes

Data Security

We implement comprehensive security measures to protect your information:

• Encryption: Data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Strict authentication and authorization mechanisms
• Monitoring: Continuous security monitoring and threat detection
• Compliance: SOC 2 Type II compliant infrastructure
• Regular Audits: Periodic security assessments and penetration testing
• Employee Training: Regular security awareness training for all personnel

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but commit to implementing industry-standard practices.

Data Retention

We retain your information for different periods based on the type of data and business needs:

• Account Data: Retained while your account is active and for up to 3 years after closure
• API Logs: Stored for 90 days for debugging and analytics purposes
• Vehicle Data: Processed data is anonymized and may be retained for algorithm improvement
• Support Records: Maintained for 2 years for service improvement and legal compliance
• Financial Records: Kept for 7 years as required by law

Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal requirements)
• Portability: Request transfer of your data in a machine-readable format
• Objection: Object to certain processing activities
• Restriction: Request limitation of processing under certain circumstances

To exercise these rights, please contact us at sudo@hxcode.xyz. We will respond to your request within 30 days.

Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your session and preferences
• Analyze website usage and performance
• Provide personalized experiences
• Enhance security and prevent fraud

You can control cookie settings through your browser preferences. However, disabling certain cookies may affect the functionality of our services.

International Data Transfers

Our services may involve transferring your information to countries outside your jurisdiction. We ensure appropriate safeguards are in place:

• Data Processing Agreements with adequate protection clauses
• Compliance with applicable data protection frameworks
• Use of approved transfer mechanisms (Standard Contractual Clauses, adequacy decisions)

Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child without proper consent, we will delete such information immediately.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting the updated policy on our website
• Sending email notifications to registered users
• Displaying prominent notices on our platform

Your continued use of our services after any changes constitutes acceptance of the updated Privacy Policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Regional Privacy Rights

European Union (GDPR)

If you are located in the EU, you have additional rights under the General Data Protection Regulation (GDPR), including:

• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority
• Right to data portability in commonly used formats
• Right to object to automated decision-making

California (CCPA)

California residents have specific rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect and how it's used
• Right to delete personal information (with certain exceptions)
• Right to opt-out of the sale of personal information (we don't sell data)
• Right to non-discrimination for exercising privacy rights