Privacy Policy

Last updated: February 20, 2026

1. Introduction

JAuto Corp (“Company”, “we”, “us”, or “our”) operates the JAuto Customer Portal (the “Platform”). This Privacy Policy explains how we collect, use, disclose, and protect your personal information in accordance with Alberta's Personal Information Protection Act (PIPA).

2. Information We Collect

We collect the following types of personal information:

  • Account information: name, email address, phone number, and password
  • Address information: street address and geographic coordinates
  • Vehicle information: VIN (Vehicle Identification Number), year, make, model, and service history
  • Service records: order history, service details, questionnaire responses, quotes, and insurance claim numbers
  • Business information: organization name, business type, service capabilities, and team member details (for service providers)
  • Location data: real-time GPS location of technician vehicles during working hours, collected via on-board GPS devices for dispatch optimization, route tracking, and customer arrival notifications
  • Photos and documents: vehicle photos, compliance documents (D1 forms, proof of ownership, driver's license), and other files uploaded during the order or service process
  • Communication data: SMS messages, in-app chat messages, WhatsApp messages, voice call logs, and call recordings (where applicable) exchanged through the Platform's communication features
  • Calendar data: calendar availability and scheduling information synced from connected third-party calendar services (e.g., Google Calendar) for scheduling coordination
  • Ratings and reviews: service quality ratings, written reviews, and feedback submitted by customers about completed services
  • AI-derived data: automated quotes, service recommendations, pricing estimates, and scheduling suggestions generated by the Platform's AI-assisted features based on your vehicle, service, and account information
  • Mobile device data: push notification tokens, device identifiers, operating system version, and app usage data (when using the JAuto mobile application)
  • Payment information: payment method details, transaction history, and billing records processed through third-party payment processors (we do not store full payment card numbers)
  • Technical data: IP address, browser type and version, device information, and cookies

3. How We Collect Information

  • Directly from you: when you create an account, place orders, fill out forms, or contact us
  • Automatically: through cookies, session tokens, and server logs when you use the Platform
  • From third parties: authentication providers (Google OAuth), vehicle data services, and payment processors

4. Consent

We collect, use, and disclose your personal information with your consent, as required by PIPA. Consent may be:

  • Express consent: provided when you create an account and agree to these terms, when you opt in to specific communication channels (e.g., WhatsApp, push notifications), or when you connect third-party services (e.g., Google Calendar)
  • Implied consent: reasonably inferred from your use of the Platform for purposes directly related to providing the services you requested (e.g., processing your order, sending appointment confirmations, generating invoices)

You may withdraw your consent to the collection, use, or disclosure of your personal information at any time by contacting us or adjusting your account settings. Withdrawal of consent may limit your ability to use certain features of the Platform. We will inform you of the consequences of withdrawing consent before processing your request.

For technicians and service providers, GPS location tracking during working hours is a condition of using the Platform in a service provider capacity. Consent to GPS monitoring is obtained through the service provider onboarding process.

5. Purpose of Collection

We use your personal information to:

  • Provide and manage automotive service scheduling
  • Optimize scheduling, routing, and service assignments using GPS location data and algorithmic optimization
  • Generate AI-assisted quotes, pricing estimates, service recommendations, and scheduling suggestions
  • Facilitate communication between customers, technicians, and service providers via SMS, in-app messaging, WhatsApp, voice calls, and push notifications
  • Provide real-time technician location tracking and estimated arrival times
  • Connect customers with service providers through our marketplace and network referral system
  • Evaluate service quality through customer ratings and technician performance metrics
  • Process and verify compliance documents, vehicle photos, and uploaded files
  • Process billing, invoicing, and payments
  • Synchronize financial records with third-party accounting systems
  • Ensure the security and integrity of the Platform
  • Comply with legal obligations
  • Improve our services and Platform functionality

6. Third-Party Services

We use the following third-party services to operate the Platform. Each processes data according to their own privacy policies:

  • Supabase: database hosting and authentication
  • Google Maps: address geocoding and route optimization
  • Google OAuth: social sign-in authentication. When you sign in with Google, we receive your name, email address, and profile photo from your Google account. We do not receive or store your Google password.
  • Twilio: SMS notifications, phone verification, voice calling (VoIP), WhatsApp messaging, and multi-channel conversation management
  • Stripe: payment processing and financial transactions
  • Vercel: application hosting and content delivery
  • One Step GPS: real-time vehicle and technician location tracking for dispatch and route optimization
  • QuickBooks (Intuit): invoicing, accounting integration, and financial record synchronization
  • Resend: transactional email delivery for notifications, invoices, and account communications
  • AI/LLM providers: artificial intelligence services (such as OpenAI or Anthropic) used to generate automated quotes, service recommendations, and intelligent scheduling suggestions. Vehicle, service, and order information may be processed by these providers to generate responses. We do not share your name, email, or contact information with AI providers.
  • Apple Push Notification Service & Google Firebase Cloud Messaging: delivery of push notifications to mobile devices
  • Google Calendar: bi-directional calendar synchronization for scheduling coordination (when connected by the user)
  • NHTSA: vehicle identification number (VIN) decoding for vehicle information lookup
  • Cloudflare: security, CDN, and bot protection. This includes Cloudflare Turnstile, which collects device fingerprinting data and behavioral signals (such as mouse movements and interaction patterns) to distinguish humans from automated bots. This data is processed by Cloudflare and is not stored by JAuto Corp.

7. Data Retention and Deletion

We retain your personal information according to the following schedule:

  • Account data (name, email, phone, credentials): retained while your account is active. Upon account closure or deletion request, this data is permanently deleted within 90 days.
  • Vehicle and service data (VIN, service history, order details, questionnaire responses): retained for the duration of your active account plus 2 years after account closure, to support warranty claims and service history continuity.
  • Financial records (invoices, payment records, billing data): retained for 7 years after the transaction date, as required by the Canada Revenue Agency for tax compliance purposes.
  • GPS and location data (technician vehicle locations, route history): retained for 90 days from collection, then automatically purged.
  • Communication records (SMS messages, chat messages, voice call logs): retained for 1 year after the communication. Call recordings, where applicable, are retained for 90 days.
  • Photos and documents (uploaded compliance documents, vehicle photos): retained for the duration of the associated service order plus 2 years.
  • Technical logs (server logs, access logs, error logs): retained for 90 days from creation, then automatically purged.

You may delete your account and request deletion of your personal information at any time through the Platform's account settings, through the mobile application, or by contacting us at the email address below. Deletion requests will be fulfilled within 90 days. Upon deletion, all personal information will be permanently removed except for data we are legally required to retain (financial records for 7 years per CRA requirements). We will clearly confirm what data has been deleted and what has been retained upon completion of your request.

8. Your Rights Under Alberta PIPA

Under Alberta's Personal Information Protection Act, you have the right to:

  • Access: request access to your personal information held by us
  • Correction: request correction of inaccurate or incomplete personal information
  • Withdraw consent: withdraw your consent to the collection, use, or disclosure of your personal information (subject to legal or contractual restrictions)
  • Complaint: file a complaint with the Office of the Information and Privacy Commissioner of Alberta if you believe your privacy rights have been violated

To exercise any of these rights, please contact us at justin@jauto.ca. We will respond to your request within 45 days as required by PIPA.

9. Data Security

We implement appropriate technical and organizational safeguards to protect your personal information, including encryption in transit and at rest, row-level security policies, role-based access controls, and regular security reviews. While no system is completely secure, we take commercially reasonable measures to protect your data.

10. Cookies

The Platform uses cookies for authentication and session management. These are essential cookies required for the Platform to function and include Supabase authentication tokens. We do not use advertising or tracking cookies.

11. Children's Privacy

The Platform is intended for individuals who are 18 years of age or older (the age of majority in Alberta). We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected personal information from a person under 18 without appropriate parental or guardian consent, we will take steps to delete that information.

12. Cross-Border Data Transfers

In accordance with Section 13.1 of Alberta's Personal Information Protection Act (PIPA), we are required to inform you that your personal information may be collected, used, disclosed, or stored outside of Canada by the following third-party service providers located in the United States:

  • Supabase (United States) — database hosting, authentication, and data storage
  • Vercel (United States) — application hosting and content delivery
  • Stripe (United States) — payment processing and financial data
  • Twilio (United States) — SMS, voice calls, WhatsApp messaging, and multi-channel communications
  • Google (United States) — maps, geocoding, OAuth authentication, calendar synchronization, and push notification delivery (Firebase Cloud Messaging)
  • Apple (United States) — push notification delivery (Apple Push Notification Service)
  • Intuit/QuickBooks (United States) — invoicing, accounting, and financial record synchronization
  • One Step GPS (United States) — real-time vehicle and technician location tracking
  • Resend (United States) — transactional email delivery
  • AI/LLM providers (United States) — artificial intelligence services for automated quoting and service recommendations
  • Cloudflare (United States) — security, CDN, and bot protection

When your personal information is stored or processed in the United States, it may be subject to United States laws, including the USA PATRIOT Act and the CLOUD Act, which may permit access to your data by U.S. government agencies or law enforcement under certain circumstances. JAuto Corp takes contractual and organizational measures to ensure that your personal information receives a level of protection comparable to that provided under Alberta law, including data processing agreements with each provider. For further information about our policies and practices regarding service providers outside Canada, or the name of a person who can answer your questions, please contact our Privacy Officer at justin@jauto.ca.

13. Data Breach Notification

In accordance with Section 34.1 of Alberta's Personal Information Protection Act (PIPA), if we become aware of a loss of, unauthorized access to, or unauthorized disclosure of personal information where a reasonable person would consider that there exists a real risk of significant harm to an affected individual, we will:

  • Notify the Office of the Information and Privacy Commissioner of Alberta without unreasonable delay
  • Notify affected individuals as directed by the Commissioner or as we determine appropriate, including a description of the breach, the type of personal information involved, and steps individuals can take to reduce the risk of harm
  • Take reasonable steps to reduce the risk of harm and to prevent future breaches

“Significant harm” includes bodily harm, humiliation, damage to reputation or relationships, loss of employment or business opportunities, financial loss, identity theft, negative effects on credit records, and damage to or loss of property. We assess the risk of harm by considering the sensitivity of the information involved, the probability that the information has been or will be misused, and any other relevant factors.

14. Voice Call Recording

Voice calls placed through the Platform's communication features may be recorded for quality assurance, dispute resolution, and training purposes. You will be notified at the beginning of any recorded call via an automated message. You may decline to be recorded by ending the call and contacting us through an alternative channel. Call recordings are retained for 90 days and then permanently deleted.

15. Anonymized and Aggregated Data

We may create anonymized or aggregated data from personal information by removing or obscuring identifiers so that the data can no longer reasonably be used to identify any individual. Such anonymized data is no longer considered personal information under PIPA and may be used by JAuto Corp for analytics, service improvement, industry benchmarking, and research purposes without restriction or further notice to you.

16. Changes to This Policy

We may update this Privacy Policy from time to time. For minor changes, we will post the updated policy on the Platform and update the “Last updated” date. For material changes that affect how we collect, use, or disclose your personal information, we will notify you by email at least 30 days in advance and request your affirmative consent before the changes take effect. If you do not consent to the material changes, you may close your account.

17. Contact

Our designated Privacy Officer is Justin Richardson. If you have questions about this Privacy Policy or how we handle your personal information, please contact:

Justin Richardson, Privacy Officer
JAuto Corp
187 Scenic Way NW
Calgary, Alberta T3L 1B6
Canada
Email: justin@jauto.ca

You may also contact the Office of the Information and Privacy Commissioner of Alberta at www.oipc.ab.ca.