Privacy policy

Privacy Policy
Last updated: 9 December 2025

This Privacy Policy explains how Autom8 Technologies Inc. (“Autom8”, “we”, “us”, or “our”) collects, uses, discloses, and protects personal information when you:

  • Visit or purchase from our online store and websites (the “Store”)
  • Use the Autom8 web dashboard (the “Dashboard”)
  • Use the Autom8 mobile applications (the “Apps”)
  • Use our Devices and related services (together with the Store, Dashboard, and Apps, the “Services”)

This Policy applies to individuals in Canada, the United States, the European Union/EEA, the United Kingdom, and other countries where we operate. Some sections apply specifically to certain regions and are clearly marked.

By using the Services or providing us with personal information, you agree to the practices described in this Policy, as updated from time to time.

1. Who we are and how to contact us

The Services are provided by:

Autom8 Technologies Inc.
Ontario, Canada

For privacy questions or requests, you can contact us at:
Email: admin@autom8-obd.com

If required by local law, you may also have the right to lodge a complaint with a data protection authority (see section 11).

2. Scope – when this Policy applies

This Policy covers personal information we collect when you:

  • Browse or purchase from our Store
  • Create or use an account on the Dashboard or Apps
  • Register and use a Device with the Services
  • Interact with us via email, support, or other channels

It does not cover personal information we process purely as a processor on behalf of a business customer where that business is the controller and our processing is governed by a separate agreement with that business.

3. Personal information we collect

The information we collect depends on how you use the Services.

3.1 Account and contact information

  • Name
  • Email address
  • Password or login credentials (stored in hashed form)
  • Country or region
  • Business name, role, and contact details (for business/dealer accounts)

3.2 Order and payment information

  • Billing address and shipping address
  • Contact phone number where provided
  • Order history and purchased products/services
  • Payment-related information (handled by third-party processors such as Shopify Payments, Stripe, or similar – we do not store full card numbers)

3.3 Device and technical data

  • Information about Devices you register (e.g., serial number, model)
  • Basic technical data from your browser or device: IP address, device identifiers, operating system, browser type/version, language, and basic configuration
  • Logs relating to your use of the Dashboard and Apps (e.g., login times, pages/views, features used, error logs)

3.4 Vehicle and file-related data

When you use our tuning/logging or platform features, we may process:

  • Vehicle identification number (VIN) or other identifiers
  • Vehicle make, model, year, and control unit information (e.g., ECU/TCU type)
  • Metadata about files you upload or flash (e.g., file names, identifiers, timestamps, status)
  • Diagnostic or logging data (such as codes, sensor values, and tuning parameters) where you choose to upload or sync such data

We treat this as personal information where it is linked or linkable to an identifiable person.

3.5 Support and communications

  • Emails, support tickets, and in-app messages you send us
  • Feedback, survey responses, and other information you choose to provide

3.6 Cookies and similar technologies

We use cookies, SDKs, and similar technologies to:

  • Keep you logged in
  • Remember preferences (e.g., language, theme)
  • Improve security and performance
  • Understand how the Services are used

See section 9 for more details.

4. How we use personal information (purposes and legal bases)

We use personal information for the purposes below. Where the EU/UK GDPR applies, we also indicate the relevant legal bases.

4.1 To provide and operate the Services

  • Creating and managing accounts
  • Processing orders and payments
  • Providing the Dashboard, Apps, and Device functionality
  • Enabling businesses/dealers to manage vehicles and customers within the platform
  • Providing customer support

Legal bases (EU/UK):

  • Performance of a contract (Art. 6(1)(b))
  • Legitimate interests in operating the Services (Art. 6(1)(f))

4.2 To maintain security and prevent abuse

  • Detecting and preventing fraud, abuse, and security incidents
  • Protecting our systems, users, and data
  • Enforcing our Terms of Service and applicable policies

Legal bases (EU/UK):

  • Legitimate interests in ensuring security and preventing abuse (Art. 6(1)(f))
  • Compliance with legal obligations (Art. 6(1)(c)), where applicable

4.3 To improve and develop the Services

  • Analyzing usage patterns and performance
  • Debugging and troubleshooting
  • Testing and improving features, user experience, and reliability (using aggregated or de-identified data where possible)

Legal bases (EU/UK):

  • Legitimate interests in improving our products and Services (Art. 6(1)(f))
  • For non-essential analytics cookies/SDKs in the EU/UK: your consent (Art. 6(1)(a))

4.4 To communicate with you

  • Sending transactional emails (e.g., order confirmations, shipping updates, security alerts, account notices)
  • Responding to your questions and support requests
  • Sending information about updates, features, or services we think may interest you (where permitted)

Legal bases (EU/UK):

  • Performance of a contract (transactional communications)
  • Legitimate interests in keeping you informed about the Services (limited direct marketing to existing users)
  • Your consent, where required by law, for certain types of marketing

You can opt out of marketing emails at any time by using the unsubscribe link in such emails.

4.5 To comply with legal obligations

  • Fulfilling tax, accounting, and record-keeping obligations
  • Responding to lawful requests or legal process
  • Handling complaints and regulatory enquiries

Legal basis (EU/UK):

  • Compliance with legal obligations (Art. 6(1)(c))

5. How we share personal information

We do not sell personal information in the common legal sense (e.g., under US state privacy laws). We may share personal information with:

5.1 Service providers

Trusted third parties who perform services on our behalf, such as:

  • E-commerce and payment processing (e.g., Shopify, Stripe or similar providers)
  • Cloud hosting and infrastructure (e.g., Microsoft Azure, primarily in the United States)
  • Email and notification delivery
  • Error reporting, logging, and (where used) analytics

These service providers are authorized to use personal information only as necessary to provide their services to us and are subject to confidentiality obligations.

5.2 Business / dealer customers

If you are a customer of a business or dealer that uses Autom8 to manage vehicles and files via the platform, we may share certain data with that business where reasonably necessary to operate the Services for them. For example:

  • Vehicle and module metadata
  • Status of files, logs, and actions performed under that business’s account

In these cases:

  • The business may be the controller of your data for its own purposes, and
  • Autom8 may act as a processor on the business’s instructions

The business’s own privacy notices and policies will also apply.

5.3 Legal and safety purposes

We may disclose personal information if we reasonably believe it is necessary to:

  • Comply with applicable laws, regulations, or legal processes
  • Respond to lawful requests from public authorities
  • Protect the rights, property, or safety of Autom8, our users, or others
  • Detect, prevent, or address fraud, security, or technical issues

5.4 Business transfers

If we are involved in a merger, acquisition, reorganization, or sale of assets, personal information may be transferred as part of that transaction, subject to appropriate safeguards and any applicable legal requirements.

6. International transfers

Autom8 is based in Canada, and our primary cloud infrastructure is hosted in the United States. We may also use service providers located in other countries.

This means your personal information may be transferred to, stored in, or processed in countries that may have different data protection laws than your home country.

Where required under EU/UK GDPR, we put in place appropriate safeguards for such transfers, which may include:

  • Relying on adequacy decisions (e.g., for certain processing in Canada)
  • Using standard contractual clauses for transfers to countries without adequacy decisions
  • Implementing technical and organizational security measures appropriate to the risk

You can contact us at admin@autom8-obd.com for more information about the safeguards used for international transfers.

7. Data retention

We keep personal information only for as long as reasonably necessary to:

  • Provide the Services and operate our business
  • Fulfil the purposes described in this Policy
  • Comply with legal, tax, and accounting obligations
  • Resolve disputes and enforce our agreements
  • Maintain security logs for a reasonable period

Retention periods vary depending on the type of data and context. For example:

  • Account details and basic usage data are kept while your account is active and for a reasonable period afterwards
  • Order and billing records are kept for the period required by tax and accounting laws
  • Security logs are retained for a limited period (subject to operational needs and legal requirements)

When data is no longer needed, we delete it or anonymize it where feasible.

8. Security

We take reasonable technical and organizational measures to protect personal information, including:

  • Encryption in transit (e.g., HTTPS)
  • Access controls and authentication
  • Logging and monitoring of key systems
  • Regular updates and security patches for our infrastructure and applications

No system can be guaranteed completely secure. If we become aware of a data breach affecting your personal information, we will notify you and relevant authorities as required by law.

9. Cookies and similar technologies

We use cookies, SDKs, and similar technologies:

  • To operate the Store, Dashboard, and Apps (e.g., session cookies that keep you logged in)
  • To remember preferences (e.g., language, theme)
  • To improve performance and security
  • In some cases, to conduct basic analytics and understand usage patterns

In the EU/EEA and UK, we will obtain your consent before using non-essential cookies/SDKs where required by law. You can manage cookie preferences via:

  • Our cookie banner or settings (where implemented), and
  • Your browser or device settings

If you block certain cookies, some features of the Services may not work properly.

10. Your rights and choices

Your rights depend on where you live, but may include some or all of the following.

10.1 General rights (many regions)

You may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate or incomplete personal information
  • Request deletion of personal information, subject to legal or contractual limits
  • Object to or request restriction of certain types of processing
  • Withdraw consent where processing is based on consent (without affecting prior processing)

To exercise these rights, contact us at admin@autom8-obd.com. We may need to verify your identity before responding.

10.2 EU/EEA and UK residents

If you are in the EU/EEA or UK, you generally have the following rights under GDPR/UK GDPR:

  • Right of access
  • Right to rectification
  • Right to erasure (“right to be forgotten”)
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing, including for direct marketing
  • Rights related to automated decision-making and profiling (if applicable)

You also have the right to lodge a complaint with your local data protection authority. For example:

  • In the UK: the Information Commissioner’s Office (ICO)
  • In the EU/EEA: your national supervisory authority

10.3 Canada

If you are in Canada, federal and provincial privacy laws may give you rights to:

  • Access personal information we hold about you
  • Request correction of inaccurate information

These rights are subject to certain exceptions in those laws.

10.4 United States (certain states)

In some US states (such as California, Colorado, Virginia, and others), you may have additional rights, which can include:

  • Requesting details about the categories of personal information collected, used, or disclosed
  • Requesting access to and deletion of certain personal information
  • Requesting correction of inaccurate personal information
  • Opting out of certain data uses where applicable

We do not “sell” personal information as that term is defined in many of these laws.

To exercise any state privacy rights, contact us at admin@autom8-obd.com and indicate your state of residence. We will not discriminate against you for exercising your privacy rights.

11. Children’s privacy

The Services are not directed to children, and we do not knowingly collect personal information from children.

If we learn that we have collected personal information from a child in violation of applicable law, we will take reasonable steps to delete it.

If you believe a child has provided us with personal information, please contact us at admin@autom8-obd.com.

12. Changes to this Policy

We may update this Privacy Policy from time to time. When we do:

  • We will update the “Last updated” date at the top; and
  • Where changes are material, we will provide additional notice (for example, by email, through the Dashboard/Apps, or via a notice on our Store)

Your continued use of the Services after the revised Policy takes effect means you accept the changes. If you do not agree, you should stop using the Services and may request account closure.

13. Contact

If you have questions, concerns, or requests about this Privacy Policy or our data practices, please contact:

Autom8 Technologies Inc.
Ontario, Canada
Email: admin@autom8-obd.com