Privacy Policy

Last updated: April 1, 2026

1. Introduction

GearsTrack ("we," "us," or "our") is a vehicle build tracking application operated by Nicholas Arendash as an independent developer. This Privacy Policy describes how we collect, use, store, and share your personal information when you use the GearsTrack website at gearstrack.com and associated mobile applications (collectively, the "Service").

By using the Service you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account we collect your email address. We use passwordless authentication (magic links) provided by Supabase, so we never collect or store a password.

2.2 Vehicle and Project Data

You may voluntarily provide:

  • Vehicle identification numbers (VINs), make, model, and year
  • Project names, descriptions, and status
  • Parts lists including part names, costs, vendors, and quantities
  • Maintenance and timeline logs
  • Issue/diagnostic records
  • Inspiration board links and notes

2.3 Photos and Media

You may upload photos of your vehicles and projects. These are stored in Supabase Storage and are associated with your account.

2.4 Payment Information

If you subscribe to our Pro plan, payment processing is handled entirely by Stripe. We do not receive or store your full credit card number. We may receive limited information from Stripe such as the last four digits of your card, card brand, and billing postal code for receipt and support purposes.

2.5 Automatically Collected Information

We do not use analytics SDKs, tracking pixels, or third-party advertising trackers. Our hosting infrastructure (Cloudflare, Vercel) may collect basic server logs including IP addresses and request timestamps for security and operational purposes. We do not use this data for profiling or advertising.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Authenticate your identity and manage your account
  • Process subscription payments via Stripe
  • Decode VINs using the public NHTSA API to auto-fill vehicle details
  • Respond to support requests and communications
  • Protect against fraud, abuse, and security threats

4. Third-Party Services

We share data with the following third-party service providers only as necessary to operate the Service:

  • Supabase — authentication, database hosting, and file storage. Subject to the Supabase Privacy Policy.
  • Stripe — payment processing for Pro subscriptions. Subject to the Stripe Privacy Policy.
  • NHTSA API — we send VINs you provide to the U.S. National Highway Traffic Safety Administration’s public VIN decoder API to retrieve vehicle specifications. No personal information beyond the VIN is transmitted.

We do not sell, rent, or trade your personal information to any third party for marketing or advertising purposes.

5. Data Storage and Security

Your data is stored on Supabase-managed infrastructure. We implement industry-standard security measures including encrypted connections (TLS), row-level security policies on our database, and secure authentication flows. While we strive to protect your data, no method of electronic storage is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your account data and project information for as long as your account is active. If you delete your account, we will delete your personal data and associated project data within 30 days, except where we are required by law to retain it or need it to resolve disputes or enforce our agreements.

7. Your Rights

7.1 All Users

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Export your project data

7.2 European Economic Area (GDPR)

If you are located in the EEA, you have additional rights under the General Data Protection Regulation, including the right to data portability, the right to restrict processing, and the right to object to processing. Our legal basis for processing your data is (a) performance of a contract (providing the Service you signed up for) and (b) legitimate interest (security, fraud prevention, and Service improvement).

To exercise any GDPR right, contact us at [email protected]. We will respond within 30 days.

7.3 California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act grants you the right to know what personal information we collect, request its deletion, and opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, contact us at [email protected].

8. Children’s Privacy

The Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will delete it promptly.

9. Cookies

We use only essential cookies required for authentication and session management. We do not use advertising or tracking cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after any changes constitutes acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

[email protected]