πŸ”’ Data Security & Privacy

Your trust is paramount. Learn how Automotive DIY protects your personal information, vehicle diagnostics, and community data with industry-leading security measures.

πŸ“… Last Updated: January 15, 2024

πŸ›‘οΈ Security Overview

At Automotive DIY, we understand that you trust us with sensitive informationβ€”from your personal details to diagnostic data from your vehicle. We are committed to maintaining the highest standards of data security and privacy.

Our security practices comply with industry regulations including GDPR, CCPA, and PCI-DSS. We employ a multi-layered security approach to ensure your data remains confidential, intact, and available only to authorized systems.

⚠️ Security Commitment

We conduct regular security audits, penetration testing, and maintain 24/7 monitoring of our infrastructure. If a security incident occurs, we are committed to transparent and timely notification in accordance with legal requirements.

πŸ” Security Measures

We implement comprehensive technical and organizational measures to protect your data:

πŸ”’

End-to-End Encryption

AES-256 encryption for data at rest and TLS 1.3 for data in transit.

πŸ”‘

Multi-Factor Auth

Optional MFA for all user accounts with support for hardware keys.

πŸ”

Regular Audits

Quarterly third-party security audits and annual penetration tests.

πŸ›‘οΈ

DDoS Protection

Enterprise-level DDoS mitigation and Web Application Firewall.

πŸ“‘

Secure APIs

OAuth 2.0 authentication and rate limiting on all API endpoints.

🧹

Data Minimization

We only collect what's necessary and auto-delete data per retention policies.

πŸ“ Data We Collect

We collect information only when necessary to provide our services. Here's what we collect and why:

Data Category Examples Purpose
Account Information Name, email, username, password hash Account creation, authentication, support
Profile Data Vehicle models owned, skill level, preferences Personalized guides and recommendations
Communication Support tickets, forum posts, messages Customer support and community interaction
Usage Data Page views, search queries, tool usage stats Service improvement and analytics
Device Info IP address, browser type, OS, device ID Security, fraud prevention, compatibility

πŸš— Vehicle & OBD2 Data

If you use our diagnostic tools, OBD2 scanners, or vehicle-specific guides, we may process vehicle data:

Diagnostic Data Processing

  • Local Processing: Most OBD2 scans are processed locally on your device. Your vehicle data does not leave your scanner unless you explicitly choose to upload it for community sharing or expert analysis.
  • Cloud Sync: If you enable cloud backup, diagnostic logs are encrypted and stored securely. You can disable this at any time in settings.
  • Anonymous Aggregation: We may use anonymized, aggregated vehicle data to improve our guide database and identify common issues across vehicle models. This data cannot be traced back to you or your specific vehicle.

πŸš™ Your Vehicle, Your Data

We never sell your vehicle diagnostic data to third parties, insurance companies, or manufacturers. You maintain full ownership and control over your vehicle data.

πŸ‘₯ Community Data

Our community forums and project galleries are protected with privacy-focused features:

  • Content Moderation: All public posts are moderated for security threats and personal information exposure.
  • Privacy Controls: You can control the visibility of your projects, posts, and profile information.
  • Reporting System: Community members can report suspicious activity or privacy violations.
  • GDPR Compliance: Full data portability and right to erasure for all community contributions.

πŸ’³ Payment Security

When you purchase tools, courses, or subscriptions:

  • PCI-DSS Compliant: All payment processing is handled by PCI-DSS Level 1 certified providers.
  • No Card Storage: We never store your full credit card details on our servers. Tokenization is used for recurring billing.
  • Fraud Detection: Advanced machine learning fraud detection monitors transactions in real-time.
  • Secure Checkout: All payment pages use TLS 1.3 encryption and secure payment gateways.

βœ… Your Rights

Depending on your location, you have specific rights regarding your personal data:

  • Access: Request a copy of all personal data we hold about you.
  • Rectification: Correct inaccurate or incomplete personal data.
  • Erasure: Request deletion of your personal data (Right to be Forgotten).
  • Portability: Receive your data in a machine-readable format.
  • Restriction: Limit how we process your personal data.
  • Objection: Object to processing based on legitimate interests or direct marketing.
  • Automated Decision-Making: Not subject to decisions based solely on automated processing.

To exercise these rights, contact our Data Protection Officer at dpo@automotivediy.com or use the self-service tools in your account settings.

πŸ› Vulnerability Disclosure Program

We value security researchers who help us improve our security posture. If you discover a vulnerability:

  • Report it responsibly to security@automotivediy.com
  • Do not exploit the vulnerability or access user data
  • Provide detailed reproduction steps
  • We will acknowledge receipt within 48 hours
  • Qualified reports may be eligible for our bug bounty program

πŸ” Responsible Disclosure

We appreciate ethical researchers who help keep Automotive DIY secure. We will never pursue legal action against researchers who act in good faith and follow responsible disclosure practices.

πŸ“§ Questions About Data Security?

Our security team is available to answer your questions and address your concerns.

βœ‰οΈ Email Security Team πŸ“‹ Contact DPO 🎧 Support Center