Privacy Policy

1. Information We Collect

2. How We Use Your Information

• To create and manage your Caro account
• To verify odometer authenticity using GPT-4 Vision AI
• To generate tamper-proof service history records
• To detect and prevent odometer rollbacks and data manipulation
• To generate shareable public vehicle history reports
• To send service reminders and push notifications via Firebase
• To process subscription and one-time payments
• To prevent abuse, including detection of multiple free accounts per device
• To improve our AI verification accuracy and app features
• To comply with legal obligations

3. AI Processing & Third-Party Services

4. Device Fingerprinting & Abuse Prevention

To maintain the integrity of our free plan (limited to 1 vehicle per user), Caro uses device fingerprinting techniques including device ID collection. If our systems detect multiple free accounts being created from the same device, those accounts may be flagged or restricted. This is necessary to ensure fair access to our services for all users.

5. Data Sharing

• We do NOT sell your personal data to any third parties
• We do NOT share your data with advertisers
• We share data only with service providers necessary to operate Caro (OpenAI, Firebase, Switch) under strict data processing agreements
• Public vehicle reports are accessible via shareable links only when you explicitly choose to share them
• We may disclose data if required by Pakistani law or a valid legal order

6. Public Vehicle Reports

When you choose to share your vehicle history report (available on paid plans), a public link is generated that allows anyone with the link to view your vehicle's service history, trust badges, and odometer readings. You control when to share this link. You may revoke access at any time from within the app. We recommend sharing this link only with genuine prospective buyers.

7. Data Security

Your data is stored on secure servers. We use industry-standard encryption for data in transit (TLS/HTTPS) and at rest. Access to your data is restricted to authorized personnel only. While we implement strong security measures, no system is completely immune to security risks. We will notify you promptly in the event of a data breach affecting your account.

8. Data Retention

We retain your account data for as long as your account is active. Service history entries and odometer photos are retained to maintain the integrity and continuity of your verified history. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.

9. Your Rights

• Access: You may request a copy of all personal data we hold about you
• Correction: You may request correction of inaccurate personal data
• Deletion: You may delete your account and all associated data at any time from the app settings
• Portability: You may request an export of your service history data
• Objection: You may object to certain types of data processing
• Withdraw Consent: You may withdraw consent for push notifications at any time through your device settings

10. Children's Privacy

Caro is not intended for children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via push notification or email. Continued use of the app after changes are posted constitutes your acceptance of the updated policy. The date of the latest revision is shown at the top of this page.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at: