← Back to Home

Privacy Policy

Last updated: December 2024

Introduction

ReportCar ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our dangerous driver reporting service.

We take privacy seriously, especially when handling sensitive information like photos and location data. This policy outlines our practices in detail.

Information We Collect

1.1 Information You Provide

When you submit a report, we collect:

  • Vehicle Information: License plate number, make, model, color, behavior type
  • Location Data: GPS coordinates of where the incident occurred
  • Photos: Images you upload of the vehicle or incident
  • Description: Optional text description of the incident
  • Device ID: A unique identifier for your device (for spam prevention)

1.2 Automatically Collected Information

We automatically collect certain information when you use ReportCar:

  • Usage Data: Pages viewed, features used, time spent
  • Device Information: Device type, operating system, browser type
  • IP Address: Your internet protocol address (not stored long-term)
  • Cookies: Small data files for authentication and preferences

1.3 Payment Information

When you make a purchase, payment processing is handled by Stripe. We do not store your credit card information. We only receive:

  • Transaction confirmation
  • Last 4 digits of card (for reference)
  • Payment status

⚠️ How We Handle Images (Critical Privacy Protection)

2.1 Automatic Face Blurring

All uploaded images are automatically processed to protect privacy:

  • We blur the top 1/3 of every image where faces typically appear
  • This happens automatically before storage - you cannot disable it
  • Original unblurred images are immediately discarded
  • Only the blurred version is stored in our database

2.2 Image Compression

To optimize storage and performance:

  • Images are resized to maximum 1920x1080 pixels
  • JPEG compression is applied (85% quality)
  • Metadata (EXIF data) is stripped for privacy

2.3 Image Storage

Processed images are stored securely:

  • Storage Provider: Supabase (encrypted at rest)
  • Access: Public URLs but with unique, non-guessable filenames
  • Retention: Images are kept indefinitely unless a report is removed
  • Deletion: You can request image deletion by contacting support

How We Use Your Information

We use collected information for:

3.1 Core Service Operations

  • Processing and displaying dangerous driver reports
  • Calculating risk scores for license plates
  • Detecting and preventing spam/abuse
  • Providing plate lookup functionality

3.2 AI Processing

We use artificial intelligence to:

  • License Plate OCR: Extract license plate text from images (Google Cloud Vision)
  • Vehicle Classification: Identify make and model (Replicate BLIP)
  • Color Detection: Determine vehicle color (local processing)

These AI services temporarily process your images but do not store them. Images are sent via secure HTTPS connections.

3.3 Service Improvement

  • Analyzing usage patterns to improve features
  • Monitoring performance and fixing bugs
  • Conducting research on road safety trends (aggregated data only)

Information Sharing and Disclosure

4.1 Public Information

The following information from reports is publicly visible:

  • License plate number
  • Vehicle make, model, and color
  • Behavior type (e.g., "speeding," "tailgating")
  • GPS location (approximate area, not exact coordinates)
  • Blurred photos
  • Date and time of incident

NOT publicly visible: Your device ID, IP address, or any personally identifying information.

4.2 Third-Party Services

We share limited data with trusted third-party services:

  • Supabase: Database and image storage (encrypted)
  • Stripe: Payment processing (they have their own privacy policy)
  • Google Cloud Vision: Temporary image processing for OCR
  • Replicate: Temporary image processing for vehicle classification
  • Vercel: Hosting and CDN services

4.3 Legal Requirements

We may disclose information if required by law, such as in response to:

  • Court orders or subpoenas
  • Law enforcement requests with proper legal authority
  • Protection of our rights, property, or safety

Data Security

We implement industry-standard security measures:

  • Encryption: All data transmitted via HTTPS (SSL/TLS)
  • Database: Encrypted at rest with Supabase
  • Access Control: Limited employee access to user data
  • Password Protection: Admin accounts secured with strong passwords
  • Regular Updates: Software and dependencies kept up-to-date

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

Your Privacy Rights

6.1 Access and Deletion

You have the right to:

  • Request access to data we hold about you
  • Request deletion of your reports or data
  • Object to processing of your data
  • Request data portability

To exercise these rights, contact us at privacy@yourdomain.com

6.2 California Privacy Rights (CCPA)

California residents have additional rights under the CCPA, including the right to know what personal information is collected and the right to opt-out of data sales. We do not sell personal information.

6.3 European Privacy Rights (GDPR)

If you are in the European Economic Area, you have additional rights under GDPR, including the right to data portability and the right to lodge a complaint with a supervisory authority.

Children's Privacy

ReportCar is not intended for children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

Data Retention

We retain data as follows:

  • Reports: Kept indefinitely unless flagged as spam or deleted upon request
  • Images: Stored long-term but can be deleted on request
  • Payment Records: Kept for 7 years for tax/legal purposes
  • Usage Logs: Deleted after 90 days
  • Spam/Banned Devices: Device IDs kept permanently for abuse prevention

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or prominent notice on our website. Continued use of the Service after changes constitutes acceptance.

Contact Us

If you have questions about this Privacy Policy or our data practices:

Email: privacy@yourdomain.com

Data Protection Officer: dpo@yourdomain.com

Terms of ServiceAbout UsHome