Privacy Policy – Car Help

1 Introduction & Scope

Car Help ("we", "our", "us") operates the Car Help mobile application available on Google Play and the Apple App Store. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and your rights as a user.

This policy applies to all users of the Car Help app — both Customers (people booking car services) and Vendors (service providers fulfilling orders). By using the app, you agree to the practices described in this policy.

      ⚠️ If you do not agree with any part of this policy, please discontinue use of the application.
    

2 Data Controller

Car Help operates as the data controller responsible for your personal information. Our services are currently offered in Kuwait and the surrounding region. All processing activities are conducted in accordance with applicable data protection laws.

For privacy-related inquiries, please contact us — see Section 11.

3 Personal Data We Collect

3.1 Account & Identity Data

Data Point	Collected From	Required?
Full name	Registration form / social sign-in	Required
Phone number	OTP verification during registration	Required
Email address	Registration / Google or Apple sign-in	Optional
Profile photo	User-uploaded from camera or gallery	Optional
Google / Apple account ID	When you use social sign-in	Optional

3.2 Vehicle Data (Customers)

Data Point	Purpose	Required?
Car make, model, year	Matching correct vendor & service	Required
Odometer / km reading	Service recommendations (e.g., oil change intervals)	Required
Car photos	Damage assessment, service records	Optional

3.3 Location Data

Car Help collects location data to connect customers with nearby vendors and to allow vendors to navigate to service locations. Below is a precise breakdown:

Scenario	Type	When
Customer — booking a service	Precise GPS (foreground)	While app is open and user is selecting a service location
Vendor — navigating to customer	Precise GPS (foreground)	While app is open during an active order
Vendor — active order tracking	Precise GPS (background)	Only during an active order, even when the app is minimised, so customers can track arrival in real time. Tracking stops automatically when the order ends.
Saved addresses	Named coordinates	When user saves a home/work address for convenience

      📍 Background Location Disclosure: Car Help collects background location data
      exclusively for Vendor accounts during an active service order. This data is used
      to display real-time vendor movement to the customer awaiting service. We do not
      collect background location from customers, and vendor background tracking is automatically
      disabled as soon as the order is completed or cancelled. You can revoke location permission
      at any time from your device settings.
    

3.4 Wallet & Transaction Data

Data	Purpose
Wallet balance	Display current credit in-app
Transaction history (debit / credit)	Order payments, refunds, loyalty point redemptions
Loyalty points / redeemed rewards	Reward programme tracking

Note: Car Help does not store raw payment card numbers. Payment processing is handled through secure third-party payment gateways.

3.5 Order & Support Data

Service type, date, time, and status of each booking
Vendor assigned to an order
Support tickets: title, description, category, and admin replies
Chat / messaging content within support tickets

3.6 Technical & Device Data

Firebase Cloud Messaging (FCM) device token — for push notifications
Device type, OS version, app version (for crash diagnostics)
Network connectivity status (online / offline)
Authentication tokens stored in encrypted secure storage on your device

4 How We Use Your Data

Purpose	Legal Basis
Create and manage your account	Contract performance
Match customers with suitable vendors via AI	Contract performance / Legitimate interest
Process bookings, payments, and refunds	Contract performance
Real-time vendor GPS tracking during active orders	Contract performance + explicit consent
Send push notifications (order updates, promotions)	Consent (requestable; revocable)
Loyalty points calculation and wallet management	Contract performance
Respond to support tickets	Legitimate interest
Improve app features and fix bugs	Legitimate interest
Prevent fraud and enforce Terms of Service	Legal obligation / Legitimate interest
Comply with applicable laws	Legal obligation

5 App Permissions Explained

📍 Fine & Coarse Location

Shows your position on map; finds nearby vendors. Used only when app is in foreground (customers) or during active orders (vendors).

📍 Background Location

Vendors only. Tracks GPS during an active order so customers see real-time arrival. Auto-stops when order ends.

🔔 Post Notifications

Delivers order status alerts, promotional offers, and system messages via Firebase Cloud Messaging.

⚡ Foreground Service

Required by Android to run the background location service with a visible notification while vendors are on an active order.

🔄 Receive Boot Completed

Restarts the vendor location service after device reboot only when an order is active and the device was restarted mid-order.

🌐 Internet

All API calls, map tiles, image loading, and real-time order updates require network access.

📷 Camera / Gallery

Used only when you explicitly choose to upload a profile photo or car image. We never access the camera silently.

🔋 Wake Lock

Prevents the CPU from sleeping while the vendor location service is actively transmitting coordinates during an order.

6 Third-Party Services

Car Help integrates the following third-party services. Each provider has its own Privacy Policy.

🗺️ Google Maps Platform

🔥 Firebase (Google)

🔑 Google Sign-In

🍎 Sign in with Apple

📡 Pusher Channels

📸 Google Fonts (Cairo)

What each service receives:

Service	Data Shared	Purpose
Google Maps Platform	GPS coordinates, search queries	Map display, directions, place search
Firebase Cloud Messaging	FCM device token, notification payload	Push notifications for orders & alerts
Firebase Authentication	Email / Google / Apple identity tokens	Social sign-in verification
Google Sign-In	Google account name, email, profile picture URL	One-tap account creation / login
Sign in with Apple	Apple ID token (email may be hidden relay address)	Secure Apple-based authentication
Pusher Channels	Encrypted order & presence events	Real-time order status & vendor position updates

We do not share your data with advertising networks, data brokers, or any third party for the purpose of selling or profiling your personal data.

7 Data Retention

Data Category	Retention Period
Account & profile information	Until account deletion + 30 days grace period
Order history	5 years (financial record requirement)
Wallet & transaction records	5 years (financial record requirement)
Live GPS coordinates (vendor tracking)	Not persistently stored — transmitted in real time; not logged on servers beyond order completion
Saved addresses	Until you delete them or delete your account
Support tickets	3 years after closure
Device / auth tokens	Deleted immediately on logout
Notification tokens	Refreshed automatically; old tokens purged within 60 days

8 Data Security

We take the security of your data seriously and implement the following measures:

Encrypted Secure Storage: Authentication tokens and sensitive keys are stored using flutter_secure_storage (AES-256 on Android, Keychain on iOS).
HTTPS / TLS: All API communication is encrypted in transit using TLS 1.2+.
Token-Based Auth: Bearer tokens are used for all API requests; tokens are invalidated on logout.
Automatic Logout on 401: If an authentication token expires or is revoked server-side, the app automatically clears local credentials and logs the user out.
No Raw Credentials Logged: Our logging system never records passwords, tokens, or full location histories in plain text.

Despite our efforts, no system is 100% secure. In the event of a data breach that affects your rights, we will notify you as required by applicable law.

9 Your Rights

Depending on your jurisdiction, you may have the following rights over your personal data:

Right	What it means	How to exercise
Access	Request a copy of all personal data we hold about you	Submit a support ticket or email us
Correction	Correct inaccurate name, phone, or email in your profile	Edit directly in the app's Profile section
Deletion	Request deletion of your account and associated personal data	Contact us via support — we process within 30 days
Portability	Receive your data in a structured, machine-readable format	Submit a data export request via support ticket
Withdraw Consent	Revoke location or notification permission at any time	Device Settings → Apps → Car Help → Permissions
Object	Object to processing based on legitimate interest (e.g., analytics)	Email or in-app support ticket

We will respond to verified requests within 30 days. We may need to verify your identity before processing a deletion or access request.

10 Children's Privacy

Car Help is not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a child has created an account without parental consent, please contact us immediately and we will delete the account and associated data promptly.

11 Contact Us

If you have questions, concerns, or requests relating to your privacy or this policy, please reach us through any of the channels below.

Email

support@carhelp.com

App

Support → New Ticket (in-app)

Business Hours

Sun – Thu: 8AM – 8PM
Fri – Sat: 10AM – 6PM

Region

Kuwait & GCC

12 Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Update the "Last Updated" date at the top of this page
Send a push notification to all active users
Display an in-app banner for 7 days after the change

Continued use of Car Help after the effective date of a revised policy constitutes your acceptance of the updated terms.