LEGAL

End User Privacy Policy

Last updated:

January 21, 2025

Text Link
Text Link

Smartcar's End User Privacy Policy

Smartcar, Inc. ("Smartcar," “we,” “us,” or “our”) provides a connected car API platform that enables its business customers (application developers – hereinafter, "Developers") to build applications and use standard APIs to communicate with end users' vehicles. This End User Privacy Policy explains how we collect, use, disclose, and otherwise process end users' personal information on behalf of Developers in connection with our products and services (collectively, the "Services"). Smartcar is the processor or service provider and Developers (or their clients, as applicable) are the controllers with respect to such personal information.

Smartcar's processing of personal information in connection with the Services is governed by this End User Privacy Policy and the Developer Terms of Service (available at https://smartcar.com/legal/terms or other applicable customer agreements). In the event of any conflict between this End User Privacy Policy and a customer agreement, the customer agreement will control to the extent permitted by applicable law. End users are encouraged to periodically review this Privacy Policy on our website, as Smartcar may update it from time to time to reflect changes in our practices or applicable legal requirements.

This End User Privacy Policy is not a substitute for any privacy notice that Developers (or their clients) are required to provide to end users.

Information We Collect

Information provided to us by end users in connection with their use of the Services. This may include personal information that end users provide when they:

  • Authorize Developers to access end users' vehicle information, such as email address, password, PIN (vehicle manufacturer account credentials) and vehicle identification number;
  • Contact our user support team or otherwise correspond with us by email or phone.

Information about end users' use of the Services. We collect information about end users' use of the Services, including:

  • Information collected by automated means, such as metadata regarding end users' requests and information collected through strictly necessary cookies to enable the use and navigation of the Smartcar Connect authorization flow.

How We Use Information

We use the information we collect at the instruction of our Developers and in accordance with our Developer agreements, to provide the Services and for related internal purposes, including:

  • To enable end users to access and use the Services;
  • To provide information about the Services, such as important updates or changes to the Services and security alerts;
  • To improve the Services and develop new products and services;
  • To respond to inquiries, complaints, and requests for support.

We may also use personal information as we believe necessary or appropriate to (a) comply with applicable law; (b) enforce the terms and conditions that govern the Services; (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

How We Share Information

We share the information we collect:

  • With Developers – only to the extent the information pertains to the Developers' end users;
  • With third party service providers that help us manage and improve the Services.These functions and services include IT, hosting, cloud services or user support.

We may also share personal information with government, law enforcement officials or private parties as required by law, when we believe such disclosure is necessary or appropriate to (a) comply with applicable law; (b) enforce the terms and conditions that govern the Service; (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

We may sell, transfer or otherwise share some or all of Smartcar's business or assets, including personal information, in connection with a business deal (or potential business deal) such as a merger, consolidation, acquisition, reorganization or sale of assets or in the event of bankruptcy.

Information Security

Smartcar uses appropriate, commercially reasonable physical, electronic, and procedural safeguards to protect personal information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction in accordance with applicable law. We cannot, however, guarantee that any safeguards or security measures will be sufficient to prevent a security problem. We recommend that our Developers take steps to protect against unauthorized access to any devices or networks used to access the Services. See the customer agreement for additional information regarding Smartcar's information security practices.

Data Subject Rights

Developers (or their clients, as applicable) are the controllers of end users' personal information. As the controllers, Developers (or their clients, as applicable) are responsible for receiving and responding to end users' requests to exercise any rights afforded to them under applicable data protection laws. Smartcar will assist Developers in responding to such requests as set forth in the customer agreement.

Cross Border Data Transfer

Smartcar may transfer personal information about end users outside of the country in which end users are located, including to the United States. See the customer agreement for additional information regarding how Smartcar safeguards the personal information it transfers across borders.

E.U.-U.S. and Swiss-U.S. Privacy Frameworks

Smartcar complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Smartcar has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union  and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.  Smartcar has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Pursuant to the DPF Program, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the DPF, should direct their query to privacy@smartcar.com

If requested to remove data, we will respond within a reasonable timeframe.

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to privacy@smartcar.com

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.  

In compliance with the DPF Principles, Smartcar commits to resolve DPF Principles-related complaints about your privacy and our collection or use of your personal information. European Union, United Kingdom, and Swiss individuals with inquiries or complaints regarding our handling of personal data in reliance on the DPF should first contact Smartcar at: privacy@smartcar.com

In addition, Smartcar is obligated to arbitrate claims and follow the terms as set forth in Annex I of the DPF Principles, provided that you have invoked binding arbitration by delivering notice to us and following the procedures set forth in Annex I of the DPF Principles, subject to the conditions set forth therein.

Smartcar’s participation in the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss – U.S. DPF is subject to investigation and enforcement by the Federal Trade Commission. Smartcar remains liable under the DPF Principles if an agent processes personal data covered by this Privacy Policy in a manner inconsistent with the DPF Principles, except where it is not responsible for the event giving rise to the damage.

Smartcar agrees to periodically review and verify its compliance with the DPF Principles and to remedy any issues arising out of its failure to comply with them.

Data Retention

Smartcar does not store vehicle information which is processed through the Smartcar platform for longer than 90 days; any logs generated by the Smartcar API servers are deleted within ninety days. Smartcar retains all other personal information for as long as necessary to (a) provide the Services; (b) comply with legal obligations; (c) resolve disputes; and (d) enforce the terms of customer agreements. See the customer agreement for additional information regarding Smartcar's data retention practices.

Third Party Products and Services

The Services may integrate with or enable access to third party tools, including any applications made available by Developers. End users that register, install or access any third party tools may be required to accept privacy notices provided by those third parties. Please review those notices carefully, as Smartcar does not control and cannot be responsible for these providers' privacy or information security practices.

Contact Us

If you have any questions about this End User Privacy Policy, you can contact us at privacy@smartcar.com.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Smartcar commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to BBB National Programs, an alternative dispute resolution provider based in the United States.  If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers for more information or to file a complaint.  The services of BBB National Programs are provided at no cost to you.

If you are an individual in the EU, you can also contact Osano International Compliance Services Limited, who has been appointed as Smartcar’s representative in the EU pursuant to Article 27 of the GDPR on matters related to the processing of personal data activities that take place in the EU. To make such an inquiry, please contact Osano International Compliance Services Limited at:

Osano International Compliance Services Limited

ATTN: 83P9

25/28 North Wall Quay

Dublin 1, D01 H104

IRELAND