Privacy Policy

CarWashPilot ("we", "us", "our") operates the CarWashPilot platform (carwashpilot.com), a Software-as-a-Service solution for car wash businesses. We are committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, and protect your personal data.

Data Controller

The controller responsible for data processing is:

CarWashPilot — Altin Etemaj — Lessingstraße 4b — 25335 Elmshorn — Germany — Email: [email protected] — Phone: +49 176 82311297

Scope

This Privacy Policy applies to data processed through the CarWashPilot platform (carwashpilot.com), including account registration, platform administration, and payment processing. For data collected by individual car wash businesses using our platform, please refer to the respective business's own privacy policy.

Data We Collect

Account Data

When you register for CarWashPilot, we collect your name and email address. We use a one-time password (OTP) sent to your email for authentication — we do not store passwords.

Business Data

As a platform operator, you may provide business information such as your business name, address, phone number, operating hours, and service offerings. This data is used to configure your public-facing booking page.

End-Customer Data

When customers book services through your car wash business on our platform, data such as name, email, phone number, and vehicle information is collected and stored. This data is processed on behalf of the car wash business (the data controller for their customers). CarWashPilot acts as a data processor in this context.

Payment Data

We use Stripe, Inc. for payment processing (subscriptions and booking payments). Payment card details are transmitted directly to Stripe and are never stored on our servers. We store transaction references (Stripe IDs), amounts, and payment status for invoicing purposes. Stripe's privacy policy applies to payment data: https://stripe.com/privacy.

Technical Data

We automatically collect server log data including IP address, browser type, operating system, referring URL, and access timestamps. This data is used for security, performance monitoring, and abuse prevention.

Cookies

We use essential cookies for session management and CSRF protection. These are strictly necessary for the platform to function. We do not use tracking or advertising cookies on the main platform. Individual car wash booking pages may use additional cookies as configured by the business.

Third-Party Services

We use the following third-party services to operate CarWashPilot:

  • Stripe, Inc. — Payment processing and subscription management (US-based, EU-US Data Privacy Framework certified)
  • Resend — Transactional email delivery (OTP codes, booking confirmations)
  • Cloudflare, Inc. — DNS, CDN, and DDoS protection
  • Hosting provider — Server infrastructure located in Nuremberg, Germany

Legal Basis for Processing

  • Contract performance (Art. 6(1)(b) GDPR) — Processing necessary to provide the CarWashPilot service as agreed upon registration.
  • Legitimate interest (Art. 6(1)(f) GDPR) — Security monitoring, fraud prevention, and service improvement.
  • Legal obligation (Art. 6(1)(c) GDPR) — Tax and accounting record retention as required by law.

Your Rights

Under the GDPR, you have the right to:

  • Access your personal data (Art. 15 GDPR)
  • Rectify inaccurate data (Art. 16 GDPR)
  • Request erasure of your data (Art. 17 GDPR)
  • Restrict processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)
  • Lodge a complaint with a supervisory authority (Art. 77 GDPR)

To exercise any of these rights, please contact us at [email protected].

Data Retention

We retain your account data for as long as your account is active. After account deletion, we retain financial records (invoices, transaction data) for the legally required period (typically 6-10 years for tax purposes). Technical logs are retained for a maximum of 90 days.

Data Security

We protect your data through SSL/TLS encryption for all data in transit, secure server infrastructure with regular updates, access controls and authentication mechanisms, and regular security reviews. Despite our best efforts, no method of transmission over the Internet is 100% secure.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email. The "Last updated" date at the bottom of this page indicates when this policy was last revised.

Contact

For questions about this Privacy Policy or our data practices, please contact us:

CarWashPilot — Altin Etemaj — Lessingstraße 4b, 25335 Elmshorn, Germany — Email: [email protected] — Phone: +49 176 82311297

Last updated: 14.03.2026