Privacy Policy

1. Scope and Applicability

This Privacy Policy applies to information collected when you access the Site, browse our content, register for a subscription, communicate with us, or otherwise interact with our Services. It does not apply to third-party websites linked from the Site.

2. How Our Service-Provider Structure Affects Your Data

The Company is a small data-aggregation business built to rely on established service providers for parts of the experience involving sensitive personal data.

2.1 Account Credentials — Stored and Managed by Memberstack

When you create an account or sign in, authentication is handled by Memberstack, who stores your name, email address, encrypted password, and account metadata. The Company does not maintain its own password database. We can see your account email and non-sensitive status information to administer your subscription and respond to inquiries. Memberstack is SOC 2 certified, encrypts data in transit and at rest, and stores data in the United States. Review their policy at Memberstack’s Privacy Policy.

2.2 Payment Information — Collected and Stored by Stripe

All payments are processed by Stripe. When you submit payment information it goes directly to Stripe; the Company does not receive, view, or store your full card number, CVC, bank account number, or other sensitive credentials. We may receive limited transaction information from Stripe (last four digits, card brand, billing ZIP, transaction amount/status, Stripe customer ID) to administer subscriptions, reconcile billing, prevent fraud, and respond to support inquiries. Stripe is a Level 1 PCI-DSS-certified provider. Review their policy at stripe.com/privacy.

2.3 Your Relationship with Each Provider

Memberstack and Stripe act as independent data controllers for the data they hold. To exercise rights with respect to data held by them, contact those providers directly. The Company will cooperate with reasonable requests related to data we have access to, but cannot delete, export, or modify data exclusively under the control of Memberstack or Stripe.

3. Information the Company Itself Collects

3.1 Information You Provide Directly

• Information submitted through a contact form, support ticket, email, or Correction Notice (name, email, message content, supporting documentation);
• Search queries, vehicle identifiers, and other inputs entered into the Site’s tools;
• Feedback, ratings, or other content you voluntarily submit; and
• Any other information you choose to send us.

3.2 Information Collected Automatically

When you visit the Site, our hosting provider, CDN, and analytics providers may automatically collect: IP address; device identifiers, browser type, OS, and language settings; approximate geolocation from IP; pages viewed, time spent, links clicked, and referring URLs; date and time of access; and server logs and diagnostic data. We use this to operate, secure, and improve the Site and detect abuse.

3.3 Cookies and Similar Technologies

The Site uses cookies for authentication (with Memberstack), session management, security, fraud prevention, analytics, and preferences. Some cookies are set by us; others by our service providers. You can control cookies through your browser settings; however, disabling certain cookies may prevent the Site from functioning properly.

4. How We Use the Information We Have Access To

The Company uses the limited information it collects or has access to for the following purposes:

• Operating, maintaining, and improving the Site and our automotive data services;
• Authenticating your account (with Memberstack) and providing subscribed Services;
• Administering subscriptions, processing payments (through Stripe), and handling billing inquiries;
• Communicating with you about your account, support inquiries, and material changes to our Services or legal terms;
• Detecting, preventing, and responding to fraud, abuse, scraping, unauthorized automated access, account sharing, and violations of our End User License Agreement;
• Generating aggregate, de-identified analytics about how the Site is used;
• Reviewing Correction Notices and evaluating data-quality submissions under our Legal Disclaimers; and
• Complying with applicable law and responding to lawful requests from government or judicial authorities.

The Company does not sell your personal information to third parties for money. The Company does not share your personal information with advertisers for cross-context behavioral advertising.

5. How and With Whom We Share Information

Service Providers. We share information with providers who operate the Site on our behalf, including Memberstack (account management), Stripe (payments), our hosting and CDN provider, analytics provider, and email delivery provider. These providers are authorized to use the information only as needed to perform services for us.

Compliance and Legal Requests. We may disclose information when required by applicable law, regulation, legal process, or governmental request, or when we believe disclosure is reasonably necessary to enforce our End User License Agreement, investigate suspected violations, or protect the rights, property, or safety of the Company or others.

Business Transfers. If the Company is involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction, subject to standard confidentiality protections.

With Your Consent. We may share information for other purposes when you have specifically consented.

We do not otherwise sell, rent, or share your personal information with third parties for their own independent commercial purposes.

6. Data Retention

The Company retains the limited information it directly holds only as long as reasonably necessary to provide the Services, comply with legal obligations, resolve disputes, prevent fraud and abuse, and enforce our agreements. Server logs are typically retained for a short rolling period. Support and Correction Notice correspondence may be retained longer for legal and operational reasons.

Account data is retained by Memberstack and payment data by Stripe in accordance with their respective retention practices. Consult their privacy policies for details on retention and deletion requests.

7. Security

The Company takes commercially reasonable measures to protect information it directly handles, including encryption of data in transit (HTTPS), access controls, and reliance on reputable service providers with industry-recognized security certifications. However, no system is perfectly secure and the Company cannot guarantee the absolute security of any information transmitted to or from the Site. By using the Site, you acknowledge that information transmission over the internet involves inherent risk.

Because account credentials and payment information are stored by Memberstack and Stripe respectively, the security of that information depends primarily on those providers. Both have represented that they maintain industry-standard security measures; Memberstack has represented that it is SOC 2 certified.

8. Your Rights and Choices

Depending on your jurisdiction, you may have certain rights regarding your personal information. We describe these rights below and explain how to exercise them.

8.1 California Residents (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (as amended by the California Privacy Rights Act) grants you the following rights:

• Right to Know: You may request that we disclose what personal information we collect, use, disclose, and sell about you.
• Right to Delete: You may request that we delete personal information we have collected from you, subject to certain exceptions.
• Right to Correct: You may request that we correct inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information beyond what is necessary to provide our services.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To submit a California privacy request, contact us at info@truthindatallc.com with the subject line "California Privacy Request." We will respond within 45 days. You may designate an authorized agent to make a request on your behalf by providing written authorization.

8.2 Virginia Residents (VCDPA)
If you are a Virginia resident, the Virginia Consumer Data Protection Act grants you the right to access, correct, delete, and obtain a copy of your personal data, as well as the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects. To exercise these rights, contact us at info@truthindatallc.com with the subject line "Virginia Privacy Request."

8.3 Tennessee Residents (TIPA)
If you are a Tennessee resident, the Tennessee Information Protection Act grants you rights similar to those described under the VCDPA above. Contact us at info@truthindatallc.com with the subject line "Tennessee Privacy Request" to exercise your rights.

8.4 Colorado, Connecticut, and Other U.S. State Residents
Residents of Colorado (CPA), Connecticut (CTDPA), and other states with comprehensive privacy laws may have similar rights to access, correct, delete, and port their personal data, and to opt out of certain processing. Contact us at info@truthindatallc.com to exercise your rights under applicable state law.

8.5 EEA, UK, and Swiss Residents (GDPR)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (or applicable local equivalent) grants you the following rights:

• Right of Access: You may request a copy of the personal data we hold about you.
• Right to Rectification: You may request that we correct inaccurate or incomplete personal data.
• Right to Erasure: You may request that we delete your personal data under certain circumstances.
• Right to Restriction of Processing: You may request that we restrict the processing of your personal data in certain circumstances.
• Right to Data Portability: You may request that we provide your personal data in a structured, commonly used, machine-readable format.
• Right to Object: You may object to our processing of your personal data where we rely on legitimate interests as the legal basis.
• Rights Related to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing if it produces legal or similarly significant effects.

Our legal basis for processing personal data from EEA/UK/Swiss residents is typically (a) contract performance, (b) legitimate interests such as analytics, security, and fraud prevention, or (c) consent where we have requested it. To exercise your rights or lodge a complaint with your local supervisory authority, contact us at info@truthindatallc.com.

8.6 How to Submit Requests
To exercise any of the rights described above, please email info@truthindatallc.com with a clear description of your request and sufficient information for us to verify your identity. We will not charge a fee for reasonable requests and will respond within the timeframe required by applicable law.

9. Do-Not-Track and Global Privacy Control

Some browsers transmit "Do-Not-Track" (DNT) signals to websites. Because there is currently no universally accepted standard for responding to DNT signals, we do not alter our data collection or use practices in response to DNT signals at this time.

If your browser or device transmits a Global Privacy Control (GPC) signal, we will treat it as a request to opt out of the sale or sharing of your personal information to the extent required by applicable law, including the CCPA/CPRA for California residents.

10. Children's Privacy

The Site and Services are not directed to children under the age of 13 (or under 16 where applicable under local law), and we do not knowingly collect personal information from children. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at info@truthindatallc.com so that we can take steps to delete that information. If we become aware that we have collected personal information from a child without verified parental consent, we will remove it from our systems promptly.

11. International Users and Cross-Border Transfers

The Site and Services are operated in the United States. If you access the Site from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where our servers are located and our central database is operated. The data protection and privacy laws of the United States may not be as comprehensive as those in your country.

If you are located in the EEA, UK, or Switzerland, we rely on appropriate safeguards for international transfers of personal data, which may include Standard Contractual Clauses approved by the European Commission or the UK Information Commissioner's Office, or other mechanisms permitted under applicable law. By using the Site and Services, you consent to the transfer of your information to the United States as described in this Privacy Policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other business reasons. When we make material changes, we will update the "Last Updated" date at the top of this page and, where required by law, notify you by email or through a prominent notice on the Site prior to the change becoming effective.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Site and Services after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Relevant Analytics
Email: info@vehiclereliability.com

We will respond to all inquiries as promptly as practicable and within any timeframe required by applicable law. If you are located in the EEA or UK and have an unresolved privacy concern that we have not addressed satisfactorily, you may contact your local data protection authority.