Privacy Policy
Last updated: 2026-06-03
This Privacy Policy explains what personal information Car Scout collects, why, and what we do with it. Car Scout is an experimental research prototype operated by DLK Studio Technology Pty Ltd (ACN, ABN to be added once incorporated) — referred to below as “we”, “us”, or “DLK Studio”. We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).
1. Who we are
Car Scout is operated by DLK Studio Technology Pty Ltd, an Australian small business. Contact for privacy matters: dlkstudiotechnology@gmail.com.
2. What we collect
When you use car-scout.com.au we may collect:
- Email address — when you buy an AI question pass via Stripe, set up a watchlist alert, send feedback via the support widget, or restore a lost pass.
- Question text — questions you type into the AI Q&A feature. Stored to improve the service, identify common questions for editorial content, and detect abuse. A regex pre-filter strips any email or phone number patterns before insert.
- Truncated IP hash — your IP address is hashed with the current date (sha256, then truncated to 16 characters) and stored alongside visit logs, AI questions, and pass usage. This lets us count repeat visitors and prevent abuse without retaining identifying information. The hash rolls daily — we cannot link activity across days from the hash alone.
- Approximate geographic location — country, state/region, and city derived from your IP by Vercel's edge headers at the moment of request. Stored on visit logs for analytics.
- Referrer host — the domain (e.g. google.com) that linked you to the site, used for traffic-source analytics. We do not retain the full referring URL.
- Payment information — handled entirely by Stripe. We never see your card details. We receive a Stripe session ID and the email you used at checkout.
- Browser local data — pass tokens, dismissed banners, saved searches and admin login state are stored in your browser's localStorage. This data is local to your device; we do not receive copies.
3. Why we collect it
- To operate the service (deliver passes, answer AI questions, send watchlist alerts)
- To prevent abuse (rate limiting, brute-force detection, suspicious-pass-sharing detection)
- To improve the service (which questions are common, which features are used)
- To respond to your support requests
- To comply with Australian law
4. Who we share it with
We use the following third-party services to operate Car Scout. Each only receives what they need to perform their function:
- Stripe (payments — global, primarily US/IE) — credit card details, billing email, amount
- Anthropic (AI Q&A — US) — your question text, conversation history within the same session, no email or IP
- Vercel (hosting — US edge) — all request data, geo headers
- Cloudflare (bot protection — global) — Turnstile challenge tokens
- Neon (database — US) — all persisted data described above
- Upstash (rate limiting — US) — truncated IP hash + endpoint counter
- Sentry (error monitoring — US/EU) — error stack traces, anonymised request context
- Tavily / Firecrawl (web search for AI — US) — search query text only when the AI calls web_search
We do not sell or rent personal information. We do not run advertising trackers on the site.
5. International transfers
Most of our infrastructure providers (Vercel, Neon, Stripe, Anthropic, Upstash, Sentry) operate in the United States. By using Car Scout you consent to your personal information being transferred to and processed in the US. We rely on the contractual data-protection commitments of each provider.
6. How long we keep it
- Email + pass records: retained for tax and refund purposes (7 years for AU tax compliance)
- AI question logs: 90 days, then auto-pruned (no individual identification possible after IP hash rolls)
- Visit logs: 90 days
- Rate-limit counters (Upstash): 24 hours rolling
- Watchlist email alerts: until you unsubscribe (one-click link in every email) or 30 days of inactivity (no email opens), whichever first
7. Your rights
Under the Australian Privacy Principles you have the right to:
- Request access to the personal information we hold about you
- Request correction of inaccurate information
- Request deletion — we will delete what we can within our retention obligations
- Complain to the Office of the Australian Information Commissioner (OAIC) if you're not satisfied with our handling
Email dlkstudiotechnology@gmail.com with “Privacy request” in the subject. We respond within 30 days.
8. Cookies and local storage
Car Scout does not use third-party advertising cookies or trackers. We use first-party localStorage in your browser to remember:
- Your AI pass token (so you don't re-enter it every visit)
- Saved searches and dismissed banners
- Admin login state (for the operator only)
Clear your browser's site data to remove all of this immediately.
9. Children
Car Scout is not directed at children under 16. We do not knowingly collect personal information from anyone under that age. If you become aware that a child has provided information, contact us and we will delete it.
10. Changes
We may update this policy from time to time. Material changes will be flagged at the top of this page. Continued use after a change means you accept the updated policy.
11. Contact
DLK Studio Technology Pty Ltd
Email: dlkstudiotechnology@gmail.com
This policy is a starting draft suitable for an experimental research prototype operated as a sole-operator small business. It is not legal advice. Before scaling Car Scout into a commercial operation, have a privacy lawyer review and tailor this for your specific data flows and obligations.