Privacy Policy for Pitlane
Effective Date: April 1, 2026
Last Updated: April 1, 2026
Anatolii Osokin ("we," "our," or "us") built Pitlane as a freemium app available on the Apple App Store. This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have over your data.
By using Pitlane, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the app.
1. Information We Collect
1.1 Information You Provide Directly
Account information
When you create an account, we collect your email address and a password (which is stored in hashed form and never readable by us).
Vehicle information
To track your car's maintenance history, you may provide:
- Make, model, trim, and year of your vehicle
- Vehicle Identification Number (VIN)
- Current mileage and preferred mileage unit (km or mi)
- Fuel type (gasoline, diesel, electric, hybrid, or LPG)
- An optional photo of your vehicle
Service records
When you log a service visit, you may provide:
- Date and mileage at the time of service
- Name, address, city, country, phone number, and working hours of the service station
- Total cost and currency of the service
- Individual job descriptions and costs (e.g. oil change, brake pad replacement)
- Parts used, including brand, part number, cost, and optional photos
- Technician recommendations and unresolved issues
- Your personal notes and comments
Maintenance intervals
You may configure or customise maintenance schedule intervals (e.g. oil change every 10,000 km), including dates and mileages of when work was last performed.
Support communications
If you contact us by email, we receive your email address and the content of your message.
1.2 Information Collected When You Use OCR / Photo Capture
Pitlane includes a feature that allows you to photograph a service receipt and extract its details automatically. When you use this feature:
- Your device captures a JPEG image of the receipt.
- That image is compressed and transmitted over HTTPS to Anthropic, Inc. (the provider of the Claude AI model).
- Anthropic's API processes the image and returns structured text data (service details, costs, parts, etc.).
- The image is transmitted solely to perform this one-time extraction and is not retained by us.
Service receipts may contain personal or vehicle-identifying information. You control when this feature is used and may choose to enter data manually instead.
1.3 Information Collected Automatically
We do not use analytics SDKs, advertising frameworks, or crash-reporting services. We do not collect device identifiers, advertising IDs, or behavioural usage data.
The only automatically collected data is the technical information required to authenticate your session with our backend service (Supabase), such as session tokens stored securely on your device.
1.4 Guest Mode
Pitlane offers a guest mode that lets you explore the app without creating an account. In guest mode, no account is created, no data is transmitted to our servers, and all data is discarded when the app is closed.
1.5 Information We Do NOT Collect
- Precise or approximate location data (we do not request location permissions)
- Contacts, calendar, or health data
- Microphone audio
- Cross-app or cross-website tracking data
- Advertising identifiers (IDFA)
2. How We Use Your Information
We use the information we collect to:
- Provide core app functionality — storing and displaying your vehicles, service records, and maintenance schedules
- Process receipt images — transmitting photos to Anthropic's API to extract service details on your behalf
- Authenticate your account — verifying your identity and maintaining your session
- Restore your data — enabling you to access your records across devices after sign-in
- Respond to support requests — replying to questions or issues you contact us about
We do not use your information to:
- Sell or rent it to third parties
- Build advertising or behavioural profiles
- Make automated decisions that materially affect you
- Send marketing communications (we send no marketing emails)
3. How We Share Your Information
We do not sell, rent, or trade your personal information to any third party.
We share information only in the following limited circumstances:
Service providers
We use the third-party services listed in Section 4. These providers process data only as necessary to deliver their services and are subject to their own privacy policies and data protection agreements.
Legal requirements
We may disclose information if required by applicable law, regulation, court order, or government authority.
Safety
We may disclose information to protect the safety, rights, or property of Anatolii Osokin, our users, or the public.
Business transfers
If ownership of Pitlane is transferred (e.g. through a sale or merger), your information may transfer as part of that transaction. We will notify you of any such change and your rights under applicable law.
4. Third-Party Services
Pitlane uses the following third-party services:
| Service | Purpose | Their Privacy Policy |
|---|---|---|
| Supabase (Supabase Inc.) | Cloud database and user authentication — stores your account, vehicles, service records, and maintenance data | supabase.com/privacy |
| Anthropic (Anthropic, Inc.) | AI-powered OCR processing of service receipt photos — used only when you activate the photo capture feature | anthropic.com/privacy |
No advertising, analytics, or crash-reporting services are used.
5. Camera and Photo Library
Pitlane requests access to your device camera and photo library solely to enable the receipt photo capture feature.
- Camera access — used to photograph a service receipt when you choose to use OCR entry.
- Photo library (add-only) — used to save a captured receipt photo to your photo library. We do not read your existing photos.
You may deny these permissions at any time in your device Settings. Denying camera access disables the photo capture feature; all other app functionality remains available.
6. Data Retention
| Data type | Retention period |
|---|---|
| Account and vehicle data | Retained while your account is active. Deleted within 30 days of an account deletion request. |
| Service records, jobs, parts, and intervals | Retained while your account is active. Deleted with your account or on request. |
| Service receipt images (sent for OCR) | Transmitted to Anthropic for processing only. We do not store the image on our servers. Anthropic's own retention policy applies. |
| Session tokens | Stored on-device; expire on sign-out or session timeout. |
| Support emails | Retained for up to 2 years to maintain support context, then deleted. |
You may request deletion of your account and all associated data at any time by emailing osokingauss@gmail.com.
7. Data Security
We implement the following measures to protect your information:
- All network communications use TLS/HTTPS encryption in transit.
- Passwords are hashed by Supabase and never stored in plain text.
- API credentials are injected at build time and not hardcoded in the application source.
- Session tokens are managed by Supabase's authentication system using industry-standard practices.
- Access to the database is restricted by row-level security policies so each user can only access their own data.
No method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we take commercially reasonable steps to protect your data.
8. Your Rights
Regardless of where you are located, you have the following rights:
- Access — request a copy of the personal data we hold about you
- Correction — request that inaccurate or incomplete data be corrected
- Deletion — request deletion of your personal data and account
- Portability — request a portable copy of your data in a common format
- Withdraw consent — withdraw consent for any processing based on consent at any time
To exercise any of these rights, contact us at osokingauss@gmail.com. We will respond within 30 days.
8.1 European Economic Area Residents (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) or equivalent legislation.
Data controller: Anatolii Osokin — osokingauss@gmail.com
Lawful bases for processing:
- Contract performance — processing necessary to provide the service you requested (account management, storing your vehicle and service data)
- Legitimate interests — improving security, preventing fraud, and maintaining service integrity
- Consent — for any processing beyond service delivery (you may withdraw at any time)
Additional rights under GDPR:
- Right to restrict processing
- Right to object to processing based on legitimate interests
- Right to lodge a complaint with your local Data Protection Authority (DPA)
International data transfers: Your data is stored on Supabase infrastructure. Where data is transferred outside the EEA, Supabase relies on Standard Contractual Clauses (SCCs) or equivalent mechanisms approved by the European Commission.
Retention: We retain personal data only as long as necessary for the purposes described in Section 6, or as required by applicable law.
8.2 California Residents (CCPA / CPRA)
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
- Right to know — request the categories and specific pieces of personal information we have collected, the purposes for collection, and any third parties we share it with.
- Right to delete — request deletion of your personal information, subject to certain exceptions.
- Right to correct — request correction of inaccurate personal information.
- Right to opt-out of sale or sharing — we do not sell or share your personal information for cross-context behavioural advertising. No opt-out is required, but you may contact us to confirm.
- Non-discrimination — we will not discriminate against you for exercising your CCPA rights.
Categories of personal information collected in the past 12 months:
| Category | Examples | Collected |
|---|---|---|
| Identifiers | Email address, account ID | Yes |
| Vehicle information | Make, model, VIN, mileage | Yes |
| Commercial information | Service costs, parts purchased | Yes |
| Internet/network activity | Session tokens (no browsing history) | Limited |
| Inferences | None | No |
To exercise your California rights, contact: osokingauss@gmail.com
8.3 Indian Residents (DPDP Act)
If you are located in India, you have rights under the Digital Personal Data Protection Act, 2023 (DPDP Act):
Data fiduciary: Anatolii Osokin — osokingauss@gmail.com
Purpose of processing: Your personal data is processed for the purposes described in Section 2. We will not process your data for any purpose other than those stated without obtaining fresh consent.
Your rights as a data principal:
- Right to access information about your personal data and its processing
- Right to correct inaccurate or incomplete personal data
- Right to erasure of personal data that is no longer necessary
- Right to nominate a representative to exercise your rights
- Right to file a grievance with us; unresolved grievances may be referred to the Data Protection Board of India
To exercise your rights, contact: osokingauss@gmail.com
9. Children's Privacy
Pitlane is not directed to children under 13 years of age (or under 16 in the EEA). We do not knowingly collect personal information from children below these ages. If we become aware that we have inadvertently collected such data, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at osokingauss@gmail.com.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last Updated" date at the top of this document
- Display a notice within the app or send an email notification for significant changes
- Post the updated policy at pitlaneapp.uk/privacy
Your continued use of Pitlane after changes are posted constitutes acceptance of the updated Privacy Policy.
11. Governing Law
This Privacy Policy is governed by the laws of the Republic of Indonesia, including Law No. 27 of 2022 on Personal Data Protection (UU PDP), without regard to conflict of law principles. Where applicable, the rights of users in other jurisdictions (EU, California, India) are honoured as described in Section 8.
12. Contact Us
If you have questions, concerns, or requests related to this Privacy Policy or our data practices:
- Email: osokingauss@gmail.com
- Developer: Anatolii Osokin
- Website: pitlaneapp.uk
We aim to respond to all privacy-related inquiries within 30 days.