Vehicode

Privacy

Privacy Policy

This policy explains how Vehicode handles account, API, billing, contact, and AI enrichment data.

Last updated: July 15, 2026

Overview

This Privacy Policy explains what data Vehicode collects when you use the public website, subscriber portal, API, contact forms, and administrative correction workflows.

We collect only the information needed to operate the service, secure accounts, process billing, improve VIN decoding quality, and respond to requests.

Data We Collect

Account data may include email address, name, company, authentication provider, selected plan, API client membership, and account activity.

API data may include VIN requests, timestamps, client ID, API key ID, response status, usage counters, decode quality metadata for internal review, and issue reports submitted by clients.

Public forms may collect email, name, company, message content, source page, IP address or hashed IP, browser, operating system, country code, and user agent for anti-spam and lead review.

Website analytics may collect page views, approximate location, device and browser information, referrer/source, campaign parameters, and interaction events to help us understand traffic and improve the product. Analytics is loaded only after you allow analytics cookies.

Billing and Authentication Providers

Payments and subscription events may be processed by Stripe or another payment provider. We store billing identifiers, subscription status, plan metadata, and webhook events needed to keep your account accurate.

Authentication may be handled through Supabase and optional identity providers such as Google. Those providers may process login-related data according to their own policies.

AI-Assisted Enrichment

When enabled, VINs and relevant decode context may be sent to an AI provider to fill missing vehicle fields or support internal review. We use cache, budget controls, and validation before applying AI output.

AI prompts, responses, usage, errors, and manual imports may be logged for auditing, quality improvement, and cost control. Public API responses do not expose internal AI prompts or diagnostics.

How We Use Data

We use data to provide VIN decoding, authenticate subscribers, enforce usage limits, generate API keys, process billing, detect abuse, improve vehicle rules, and handle support or sales requests.

We may aggregate operational and analytics data to understand coverage, decoder quality, API reliability, website traffic, acquisition sources, and product demand.

Cookie and Analytics Consent

We use a small browser-side consent setting to remember whether you accepted or declined analytics. This preference is stored locally in your browser.

If you decline analytics, Google Analytics is not loaded by the site. You can clear browser site data to reset the choice.

Retention

We retain account, billing, API usage, issue report, and AI audit data for as long as needed to operate the service, comply with obligations, resolve disputes, and improve decoder quality.

We may delete or anonymize data when it is no longer needed, unless retention is required for security, accounting, or legal reasons.

Your Rights

Depending on your location, you may have rights to access, correct, delete, restrict, or export your personal data. You may also object to certain processing.

Contact us if you want to exercise privacy rights related to your account or submitted forms. We may need to verify your identity before acting on a request.

Security

We use technical and organizational safeguards such as hashed API keys, server-side service access, role-based admin flows, and usage monitoring.

No online service is perfectly secure. You are responsible for protecting your API keys and using the API from trusted environments.

Questions

For questions about these terms or your account, contact us through the contact form.