Privacy Policy — AutoCalc Payment Planner

This Privacy Policy describes how AutoCalc ("we", "us", or "our"), operated by Michael Le Forestier, collects, uses, stores, and protects your personal information when you use the AutoCalc Payment Planner web application (the "Service"). By using the Service you agree to the practices described in this policy.

We are committed to protecting your privacy in accordance with the Protection of Personal Information Act, 4 of 2013 (POPIA) of South Africa and other applicable data protection legislation.

1. Information We Collect

1.1 Account Information (via Google Sign-In)

When you sign in with your Google account we receive and store the following information provided by Google:

Full name
Email address
Google profile photo URL
Google account identifier (UID)

We do not receive or store your Google password.

1.2 Usage & Account Data

We record the following information about your account and usage of the Service:

Account creation date and time
Date and time of your last login
Subscription type and status (trial, individual, or dealership)
Subscription start and end dates
Preferred currency setting
Whether your account is associated with a dealership

1.3 Dealership Data (Dealership Users Only)

If you are part of a dealership subscription, we additionally store your dealership name, email domain, and dealership membership records.

1.4 Temporary Access Tokens

Dealership users can generate time-limited (1-hour) access links for customers. When such a link is created and used, we store the token, its creation and expiry times, and limited identifiers for audit and security purposes. These records are retained for a limited period and then automatically expired.

1.5 Calculator Inputs — Not Stored

All financial calculations (car loan, cash vs finance, lease vs buy, lump sum, and early settlement) are performed entirely within your browser. No calculation inputs or results are transmitted to or stored on our servers.

1.6 Analytics Data

We use Google Analytics (Firebase Analytics) to collect anonymised usage data such as page views, session duration, and general browser/device information. This data is collected in aggregate and cannot be used to identify you individually.

2. How We Use Your Information

We use the information we collect to:

Create and manage your account
Verify your subscription status and grant access to the Service
Display your name and profile photo within the application
Process and manage dealership memberships
Communicate with you about your account or subscription
Detect and prevent fraud, abuse, or security incidents
Improve and debug the Service using anonymised analytics
Comply with legal obligations

We do not sell, rent, or trade your personal information to any third party for marketing purposes.

3. Legal Basis for Processing

We process your personal information on the following grounds:

Contractual necessity — to provide the Service you have subscribed to or requested access to.
Legitimate interests — to operate, secure, and improve the Service.
Legal obligation — where we are required to retain records by applicable law.
Consent — where you have explicitly agreed (e.g., by signing in with Google).

4. Data Sharing & Third Parties

4.1 Google Firebase

Your account and subscription data is stored in Google Firebase (Firestore database), and authentication is handled by Firebase Authentication. Firebase is a Google service subject to Google's Privacy Policy. Google processes data on our behalf as a data processor and is contractually bound to handle it in accordance with applicable data protection law.

4.2 Google Analytics

We use Google Analytics (Firebase Analytics) to understand how the Service is used. Google may process anonymised usage data as described in its Privacy Policy. You may opt out of Google Analytics tracking using the Google Analytics Opt-out Browser Add-on.

4.3 No Other Third-Party Sharing

We do not share your personal information with any other third parties except as required by law or to protect the rights and safety of our users.

5. Data Retention

We retain your account information for as long as you have an active account or subscription. If you request deletion of your account, we will remove your personal information within 30 days, except where we are required to retain it for legal or audit purposes.

Temporary access token records are retained for a short period after expiry for security audit purposes and are then permanently deleted.

6. Data Security

We take data security seriously and implement appropriate technical and organisational measures to protect your personal information, including:

All data in transit is encrypted using TLS/HTTPS
Data at rest is encrypted by Google Firebase
Access to user data is restricted to authorised administrators only
Temporary access tokens are cryptographically hashed to prevent tampering
Authentication is handled entirely by Google's secure OAuth 2.0 infrastructure

While we strive to protect your information, no method of transmission over the internet is 100% secure. We encourage you to use a secure and up-to-date browser.

7. Your Rights

Under POPIA and applicable data protection law you have the right to:

Access the personal information we hold about you
Correct inaccurate or incomplete personal information
Delete your account and associated personal information
Object to or restrict certain processing activities
Data portability — receive a copy of your data in a machine-readable format
Withdraw consent at any time (where processing is based on consent)
Lodge a complaint with the Information Regulator of South Africa if you believe your rights have been violated

To exercise any of these rights, please contact us using the details in Section 9.

8. Children's Privacy

The Service is not directed at children under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with their personal information, please contact us and we will promptly delete it.

9. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact:

Name: Michael Le Forestier
Company: AutoCalc — Payment Planner
Location: South Africa
Phone: +27 71 239 8174
Email: privacy@autocalc.co.za

We will respond to all legitimate requests within 30 days.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of this page. We encourage you to review this policy periodically. Continued use of the Service after any changes constitutes your acceptance of the updated policy.