Privacy Policy — eVHC

1. Who we are

FleyLab LLC (“Fleylab”, “we”) is a software company registered in Baku, Azerbaijan. eVHC is deployed for individual dealerships under separate service agreements; the dealership is the data controller for customer and inspection data, and Fleylab acts as a processor under those agreements. Privacy questions: privacy@fleylab.com.

2. What this policy covers

This policy applies to eVHC web and mobile applications that we operate for dealerships. It describes data Fleylab handles as a processor on the dealership's instructions, and data we hold as a controller (account access, billing, security telemetry).

3. Data we collect on the dealership's behalf

3.1 Customer data

• Customer name, phone number, email (if provided)
• Vehicle identification: make, model, year, VIN, license plate, mileage
• Customer signature captured at inspection time
• Service history entered by dealership staff

3.2 Inspection data

• Inspection results (status of each checked item, technician notes)
• Photos of vehicle components captured during inspection
• Recommendations, estimates, and approvals
• Timestamps and the technician / advisor who created each record

3.3 Dealership staff data

• Email and password hash for staff accounts (Supabase Auth)
• Role, dealership branch, contact details for support
• Action audit log (who did what, when)

4. How data is used

All customer and inspection data is processed strictly to deliver the vehicle health check service for the dealership: producing inspection reports, sending estimates, generating PDFs, sending SMS / email / WhatsApp links to customers (when the dealership configures these), and providing the dealership with analytics on its own operations. We do not use customer or inspection data for any other purpose, do not share it with third parties beyond the sub-processors listed below, and do not use it for training AI models.

5. Sub-processors

• Supabase (Postgres, Auth, Storage; AWS eu-central-1, Frankfurt) — primary data store.
• Cloudflare — DNS, CDN, attack mitigation, no cookies.
• Resend — outbound transactional email (e.g. customer reports).
• WhatsApp Business / Twilio / SMS providers — only if the dealership enables messaging delivery for inspection reports.
• Sentry — error reporting (payloads scrubbed of personal data).

6. Retention

Inspection records and customer data are retained per the dealership's instructions or until the dealership's contract with Fleylab ends, after which we delete or return data within 90 days. Audit logs and security telemetry are retained for 12 months. Backups are overwritten within 30 days.

7. Customer rights

If you are a customer of a dealership using eVHC and want to access, correct, or delete your data, contact the dealership directly — they are the controller. We will assist them in fulfilling your request as quickly as the technical architecture allows. Fleylab can also be reached at privacy@fleylab.com for escalation.

8. Security

• HTTPS / TLS 1.2+ for all traffic.
• Per-dealership data isolation via Postgres row-level security.
• 2FA for staff accounts where supported by the dealership.
• Photos and PDFs are stored in Supabase Storage with signed-URL access only.
• Tokens and secrets encrypted at rest, never logged.

9. Children

eVHC is a B2B product for the automotive aftermarket. It is not directed at children and we do not knowingly collect children's data.

10. Contact

Privacy: privacy@fleylab.com
Legal: legal@fleylab.com
Mailing address: FleyLab LLC, Baku, Azerbaijan.