Privacy Policy

What we collect

We collect the data we need to run the service. Nothing else.

• Account data. Your name, email, shop name, and shop address. Phone number if you give us one for support.
• Payment data. Subscription billing is handled by Stripe. Optional customer payment processing is handled by Stripe or Square. We never see or store full card numbers.
• Repair-order content. RO numbers, vehicle information, photos, estimates, signatures, and the status updates you push through CollisionLoop.
• Customer data. Data about your customers that you upload to the service: their names, phone numbers, addresses, vehicles, photos, and payment records.
• Usage telemetry. Page views, performance timings, and error reports. Used to keep the product fast and stable.
• Support correspondence. Email and chat we exchange with you when you contact us.

How we use it

• Deliver the service to your shop and its customers.
• Bill your shop for the subscription.
• Provide support when you ask for it.
• Improve the product based on aggregate usage patterns.
• Detect and prevent fraud and abuse.
• Send transactional email about your account, your subscription, and the service. We do not send marketing email without explicit opt-in.

Who we share with

We use a small number of sub-processors to run the service. Each one has a specific job, and we share only the data needed to do that job.

This list is canonical. We will update it with notice if it changes.

Your rights

If you are a California resident under the CCPA, or an EU/UK resident under the GDPR, you have specific rights over your personal data:

• Access the data we hold about you.
• Correct it if it is wrong.
• Delete it (subject to legal retention requirements).
• Export it in a portable format.
• Opt out of the sale of personal data. We do not sell personal data — this right is listed for completeness.

To exercise any of these rights, email privacy@collisionloop.com. We respond within 30 days.

If you are a customer of a shop using CollisionLoop and want your data removed, contact the shop first — they are the controller of their customer data. We will help the shop process the request.

Data retention

• Active accounts. We retain your data for as long as your subscription is active.
• Cancelled accounts. We keep your data for a 30-day grace period in case you reactivate, then we delete it.
• Backups. Deleted data is rolled out of encrypted backups within 90 days.
• Audit logs. Security audit logs are retained for at least one year to support incident response.

Cookies

We use only essential cookies: session, authentication, and CSRF protection. We do not run analytics tracking, and we do not set third-party cookies.

If we add analytics in the future, we will update this policy and ask for your consent first.

Children

CollisionLoop is not directed at children under 13. We do not knowingly collect data from minors. If we learn that we have, we delete it.

International transfers

CollisionLoop is a US service. Every tenant’s primary database lives in a US data center on Cloudflare D1 (Eastern North America region). We do not replicate CollisionLoop customer data outside the United States.

Static assets (CSS, fonts, JavaScript) are served from Cloudflare’s global edge network for performance, but contain no personal data.

Changes to this policy

We will notify subscribers by email at least 30 days before any material change takes effect. Continued use of the service after the effective date is your acceptance of the updated policy.

Contact

Questions about this policy or about your data? Email privacy@collisionloop.com or use the contact form.