vehilobook • service • drive

Legal disclosures

Privacy Policy

Controller

Controller
Vehilo operator details pending founder approval
Address
Postal service address pending founder approval
Contact
info@vehilo.de
Authority
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, Germany

Purposes, data categories, legal bases

  • Requests, waitlist, First Look, Listing Audit, Search Support, Guided Purchase, and Concierge: name, email, phone, vehicle/listing data, budget, search profile, messages, and advisory notes; GDPR Article 6(1)(b).
  • Contact, support, and scheduling: communication data and message contents; GDPR Article 6(1)(b) and 6(1)(f).
  • Payment and accounting: product, amount, payment status, Stripe Checkout reference, and business records; GDPR Article 6(1)(b) and 6(1)(c).
  • Security and operations: technical server and security logs; GDPR Article 6(1)(f).
  • Optional consent, such as survey follow-up or testimonials: GDPR Article 6(1)(a).

Recipients and processors

  • Vercel for hosting, deployment, CDN, functions, and technical logs.
  • Supabase for Postgres database, internal CRM records, retention, and admin workflows.
  • Stripe for Checkout, payments, payment status, and fraud/security checks; Vehilo does not store card details.
  • Resend for transactional email, delivery metadata, and message content.
  • Proton Mail or the configured mailbox provider for email communication.
  • External specialists only where requested by the customer or required for the service; no dealer commissions in V1.

No analytics cookies at launch

Vehilo does not use its own marketing or analytics cookies at launch. Strictly necessary cookies or redirects may be set by hosting, security features, or Stripe Checkout.

Retention

  • Abandoned checkout intents: 30 days.
  • Unrouted chat and non-contact survey PII: 90 days.
  • Leads, waitlist, search profiles, and unpaid requests: generally 12 months.
  • Completed advisory services and service notes: 3 years before anonymization unless longer legal duties apply.
  • Customer identity records for lookup, access requests, and deduplication: generally 6 years before anonymization.
  • Payment, invoice, and tax records: retained separately for statutory periods, generally up to 8 years or longer if required.
  • Agent-job and internal workflow data: generally 180 days unless moved into customer/service records.

Data subject rights

Data subjects may request access, rectification, erasure, restriction, portability, objection, and withdrawal of consent by emailing info@vehilo.de. They may also complain to a competent supervisory authority.

Last updated

14 May 2026. This privacy policy is a launch-oriented draft and must be reviewed by legal counsel before live payments.

Vehilo | Know before you buy