install ddpc on your home screen

all your data is here. nothing was lost in the move. install the app from this new address and you're set.

ddpcddpc

privacy policy

last updated 2026-04-23

this is the formal policy. if you want the plain-english version first, read how we use your data.

this policy explains what personal information ddpc ("we", "us", or "ddpc") collects, how we use it, who we share it with, and the rights you have. it applies to myddpc.com, app.myddpc.com, the ddpc native mobile applications including ddpc-connect, and any related services we operate (collectively, the "services").

1. information we collect

information you provide

  • account information: email address, password (stored as a hash), display name, optional profile details.
  • vehicle information: year, make, model, trim, vin, photos, odometer readings, and any other data you choose to add to a vehicle profile.
  • ownership history: maintenance records, fuel fill-ups, parts and modifications, service intervals, issue reports, receipts, shop records, and similar entries you create.
  • payment information: handled by stripe. we do not see or store full card numbers. we store a stripe customer id and a record that you hold a subscription.
  • communications: any message you send us through support, email, or in-app feedback forms.

information collected through ddpc-connect (obd hardware)

  • live vehicle telemetry: parameter ids (pids) your phone requests from the vehicle, including engine rpm, vehicle speed, coolant temperature, intake temperature, mass air flow, fuel trim, throttle position, battery voltage, timing advance, and similar values exposed by the on-board diagnostic port.
  • diagnostic trouble codes (dtcs): codes stored in the vehicle when you choose to read them.
  • trip metadata: start time, end time, duration, and a sample of the telemetry above, written to your garage if you are a ddpc pro subscriber. users on the free tier can use live gauges without any cloud upload.
  • adapter diagnostics: a local-only log used to debug connection problems. this stays on your phone unless you choose to upload it with a bug report.

information collected automatically

  • log data: ip address, browser type, device type, operating system, referring urls, timestamps of your visits.
  • usage data: the pages you view, features you interact with, session durations, and error events.
  • cookies and similar technologies: we use strictly-necessary cookies to keep you signed in and a small set of first-party analytics cookies. we do not use third-party advertising cookies.

2. how we use your information

  • operate and maintain the services, including storing and displaying your vehicle records to you.
  • authenticate you and keep your session secure.
  • process payments and manage subscriptions through stripe.
  • send transactional emails: receipts, password resets, security alerts, and service-impact notices.
  • provide customer support and respond to questions or bug reports.
  • detect, prevent, and address fraud, abuse, security incidents, and violations of our terms.
  • generate product-level analytics such as feature usage counts and retention metrics.
  • improve the services, train anomaly-detection and ai features that work on your own data, and develop new features.
  • send you marketing emails about ddpc only if you opt in. you can unsubscribe at any time.

3. how we share your information

we do not sell your personal information. we share information only as follows.

service providers

we share necessary information with vendors who help us run ddpc, under contracts that require them to protect the information and use it only for our purposes. current providers include:

  • supabase (database, authentication, storage)
  • amazon web services (underlying hosting)
  • vercel (website hosting and edge delivery)
  • stripe (payment processing)
  • resend (transactional email delivery)
  • ai gateway providers used for the garage keep assistant (anthropic, openai, google) when you use those features

aggregate, anonymized data

we may share aggregate, anonymized data with repair and parts industry partners, researchers, and regulators to support the collective goal of keeping human-driven vehicles supplied and serviceable. this sharing is opt-in only, off by default, and is never individually identifiable. before any aggregate dataset leaves our systems, identifying fields including your vin, email, address, precise location, and account id are removed. you may opt out at any time in account settings.

legal requirements

we may disclose information if required to do so by law, a valid legal process, or to protect the safety, rights, or property of ddpc, our users, or the public. we will push back on overbroad requests.

business transfers

if ddpc is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. you will be notified before any transfer changes how your data is handled.

4. data retention

we retain your account and vehicle data for as long as your account is active. if you delete your account, we delete your records from our production systems within 30 days. encrypted backups may persist for up to 90 days after deletion before rolling off. we retain transaction records for as long as tax and accounting rules require.

5. your rights and choices

depending on where you live, you may have the following rights:

  • access: request a copy of the personal information we hold about you.
  • correction: ask us to fix inaccurate information.
  • deletion: delete your account and associated records.
  • portability: export your data in a standard format.
  • restriction or objection: limit how we use your information in certain cases.
  • opt-out of marketing: unsubscribe from any marketing email.
  • opt-out of aggregate sharing: toggle this off in account settings.

residents of california, virginia, colorado, connecticut, and similar jurisdictions have additional rights under state privacy laws including the right to know what categories of information we collect and share, the right to delete, and the right not to be discriminated against for exercising these rights. ddpc does not sell personal information as defined under those laws.

to exercise any of these rights, email myddpc@gmail.com from the address on your account or use the controls in account settings.

6. security

we use industry-standard practices: tls encryption in transit, encryption at rest for backups, row-level security in the database, limited administrative access, password hashing with modern algorithms, and regular review of security advisories. no system is perfectly secure. we commit to notifying affected users promptly if a breach occurs that materially affects their data.

7. children

ddpc is not directed to children under 13, and we do not knowingly collect personal information from children under 13. if you believe a child has provided us information, contact us and we will delete it.

8. international users

ddpc is operated from the united states and your information is stored and processed in the united states. if you use ddpc from outside the united states, you understand that your information will be transferred to the united states and handled under united states law.

9. changes to this policy

we may update this policy from time to time. when we do, we will update the "last updated" date at the top. if the change is material, we will notify you by email or by an in-app notice before the change takes effect.

10. contact

questions or requests: myddpc@gmail.com. the formal terms that accompany this policy are in our terms of service.