Privacy Policy

This Privacy Policy describes how AutoCalc Drive ("we", "us", or "our"), operated by LFT Consulting PTY Ltd, collects, uses, stores, and protects your personal information when you use the AutoCalc Drive web application (the "Service"). By using the Service you agree to the practices described in this policy.

We are committed to protecting your privacy in accordance with the Protection of Personal Information Act, 4 of 2013 (POPIA) of South Africa and other applicable data protection legislation.

1. Information We Collect

1.1 Account Information (via Google Sign-In)

When you sign in with your Google account we receive and store the following information provided by Google:

• Full name
• Email address
• Google profile photo URL
• Google account identifier (UID)

We do not receive or store your Google password.

1.2 Usage & Account Data

We record the following information about your account and usage of the Service:

• Account creation date and time
• Date and time of your last login
• Subscription type and status (trial, individual, dealership, or group/dealership network)
• Subscription start and end dates
• Preferred currency setting
• Whether your account is associated with a dealership or multi-dealership group

1.3 Dealership and Group Data (Dealership Users Only)

If you are part of a dealership or group subscription, we additionally store your dealership and/or group name, email domain, dealership membership records, and where applicable, links between users and multiple affiliated dealerships in your group.

1.4 Custom Quote and Sales Enquiry Data

When you request a custom quote, we may collect and store business contact and planning details you provide, including company name, contact person, work email, phone number, dealership count, and requirements relevant to your quote request.

1.5 Temporary Access Tokens

Dealership users can generate time-limited (1-hour) access links for customers. When such a link is created and used, we store the token, its creation and expiry times, and limited identifiers for audit and security purposes. These records are retained for a limited period and then automatically expired.

1.6 Calculator Inputs — Not Stored

All financial calculations (car loan, cash vs finance, lease vs buy, lump sum, and early settlement) are performed entirely within your browser. No calculation inputs or results are transmitted to or stored on our servers.

1.7 Analytics Data

We use Google Analytics (Firebase Analytics) to collect anonymised usage data such as page views, session duration, and general browser/device information. This data is collected in aggregate and cannot be used to identify you individually.

2. How We Use Your Information

We use the information we collect to:

• Create and manage your account
• Verify your subscription status and grant access to the Service
• Display your name and profile photo within the application
• Process and manage dealership memberships and multi-dealership group structures
• Prepare and provide custom quotes for dealerships and dealer groups
• Communicate with you about your account or subscription
• Detect and prevent fraud, abuse, or security incidents
• Improve and debug the Service using anonymised analytics
• Comply with legal obligations

We do not sell, rent, or trade your personal information to any third party for marketing purposes.

3. Legal Basis for Processing

We process your personal information on the following grounds:

• Contractual necessity — to provide the Service you have subscribed to or requested access to.
• Legitimate interests — to operate, secure, and improve the Service.
• Legal obligation — where we are required to retain records by applicable law.
• Consent — where you have explicitly agreed (e.g., by signing in with Google).

4. Data Sharing & Third Parties

4.1 Google Firebase

Your account and subscription data is stored in Google Firebase (Firestore database), and authentication is handled by Firebase Authentication. Firebase is a Google service subject to Google's Privacy Policy (policies.google.com/privacy). Google processes data on our behalf as a data processor and is contractually bound to handle it in accordance with applicable data protection law.

4.2 Google Analytics

We use Google Analytics (Firebase Analytics) to understand how the Service is used. Google may process anonymised usage data as described in its Privacy Policy. You may opt out of Google Analytics tracking using the Google Analytics Opt-out Browser Add-on.

4.3 PayFast Payment Processing

If you make a payment or subscribe to a recurring plan, your payment is processed by PayFast, a South African payment service provider. PayFast may collect and process payment-related personal information such as your name, email address, billing reference, transaction status, and tokenised card details needed for approved recurring billing.

We do not store your full card number or CVV on our systems. Card information is entered directly into PayFast's secure payment environment and is handled in accordance with PayFast's own security and privacy standards.

PayFast acts as an independent service provider and its terms, privacy policy, and payment-processing rules also apply to those transactions.

4.4 No Other Third-Party Sharing

We do not share your personal information with any other third parties except as required by law or to protect the rights and safety of our users.

5. Data Retention

We retain your account information for as long as you have an active account or subscription. If you request deletion of your account, we will remove your personal information within 30 days, except where we are required to retain it for legal or audit purposes.

Custom quote and sales enquiry information is retained for as long as needed to prepare and follow up on your request, and for a reasonable period thereafter for sales administration and legal compliance.

Temporary access token records are retained for a short period after expiry for security audit purposes and are then permanently deleted.

6. Data Security

We take data security seriously and implement appropriate technical and organisational measures to protect your personal information, including:

• All data in transit is encrypted using TLS/HTTPS
• Data at rest is encrypted by Google Firebase
• Access to user data is restricted to authorised administrators only
• Temporary access tokens are cryptographically hashed to prevent tampering
• Authentication is handled entirely by Google's secure OAuth 2.0 infrastructure

While we strive to protect your information, no method of transmission over the internet is 100% secure. We encourage you to use a secure and up-to-date browser.

7. Your Rights

Under POPIA and applicable data protection law you have the right to:

• Access the personal information we hold about you
• Correct inaccurate or incomplete personal information
• Delete your account and associated personal information
• Object to or restrict certain processing activities
• Data portability — receive a copy of your data in a machine-readable format
• Withdraw consent at any time (where processing is based on consent)
• Lodge a complaint with the Information Regulator of South Africa if you believe your rights have been violated

To exercise any of these rights, please contact our support team using the details in Section 9.

8. Children's Privacy

The Service is not directed at children under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with their personal information, please contact our support team and we will promptly delete it.

9. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact our support team:

We will respond to all legitimate requests within 30 days.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of this page. We encourage you to review this policy periodically. Continued use of the Service after any changes constitutes your acceptance of the updated policy.