Privacy Policy

Last updated: May 21, 2026

Mechora (“we”, “us”, or “our”) operates the Mechora mobile application and website (the “Service”). This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

1. Information We Collect

• Account information — When you sign in with Replit we receive your name, email address, and a unique account identifier. We store this to authenticate you and personalise your experience.
• Vehicle & diagnostic data — VINs, vehicle make/model/year, symptom descriptions, OBD-II codes, and the AI-generated diagnostic results we produce for you. This data is tied to your account and used to power the app’s core features.
• Maintenance records — Service logs, mileage entries, and maintenance reminders you create are stored and used to generate your maintenance summary and push notifications.
• Community content — Posts, replies, and attachments you submit to the Mechora community forum are stored and displayed publicly under your chosen display name.
• Billing information — We use Stripe (web) and RevenueCat / Apple IAP / Google Play Billing (iOS & Android) for payments. We do not store your full card number or payment credentials. Stripe may store a customer ID linked to your account; Apple and Google manage all native payment data on our behalf.
• Push notification tokens — If you grant notification permissions, we store an Expo push token linked to your account to deliver maintenance reminders and admin alerts.
• Usage & log data — Server logs may record IP addresses, request paths, and timestamps for security, abuse prevention, and debugging. These are retained for a limited period and are not sold.

2. How We Use Your Information

• To provide, operate, and improve the Service.
• To authenticate you and keep your session secure.
• To process subscription payments and manage your billing status.
• To send push notifications you have opted into (maintenance reminders, platform announcements).
• To moderate community content and enforce our Terms of Service.
• To detect and prevent fraud, abuse, or security incidents.

3. AI Processing

Symptom descriptions, OBD codes, and vehicle context you provide may be sent to third-party large-language-model APIs (OpenAI and/or Anthropic) to generate diagnostic results. These requests are made server-side; we do not share your Mechora account identity with those providers. Please review OpenAI’s Privacy Policy and Anthropic’s Privacy Policy for how they handle API request data.

4. Third-Party Services

• Replit Auth — Sign-in is handled by Replit’s OpenID Connect service. See Replit’s Privacy Policy.
• Stripe — Web billing is processed by Stripe, Inc. See Stripe’s Privacy Policy.
• RevenueCat — Native in-app purchase management is handled by RevenueCat, Inc. See RevenueCat’s Privacy Policy.
• Apple App Store — iOS in-app purchases are processed by Apple. See Apple’s Privacy Policy.
• Google Play — Android in-app purchases are processed by Google. See Google’s Privacy Policy.
• NHTSA vPIC — VIN decoding uses the U.S. National Highway Traffic Safety Administration’s public API. No account data is sent.
• Expo — Push notification delivery uses Expo’s push notification service. See Expo’s Privacy Policy.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. You may request deletion of your account and associated data by contacting us at the email below. Community posts may remain in anonymised form to preserve forum continuity.

6. Children’s Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

7. Your Rights

Depending on your jurisdiction you may have the right to access, correct, export, or delete your personal data. To exercise these rights, contact us at the email address below. We will respond within 30 days.

8. Security

We use TLS for all data in transit, store passwords only via Replit Auth (we never receive them), and follow industry-standard practices to protect data at rest. No system is perfectly secure; we will notify you promptly of any breach that affects your data.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced via an in-app notification. The “Last updated” date at the top reflects the most recent revision. Continued use of the Service after a change constitutes your acceptance of the updated policy.

10. Contact

Questions about this Privacy Policy? Contact us at privacy@mechora.app.