Privacy policy (operational summary)

Controller: EVDIAGNOSTIX (replace with final legal name and company ID).

Purpose: Handle contact requests, web diagnostics, and commercial communication related to EV products/services that you request.

Legal basis: Consent when you submit forms; legitimate interest in service improvement (aggregated metrics without invasive profiling).

Retention: As long as needed to handle the request and applicable legal periods; diagnostic sessions without personal data unless you tie them to a form.

Rights: Access, rectification, erasure, objection, restriction, and portability with the controller. You may complain to your local data protection authority.

Recipients: Hosting providers and, where applicable, messaging (e.g. WhatsApp) if you choose that channel.

Admin area

Access to /admin is restricted to authorized staff via password and a signed session cookie. Create/update/delete actions may be logged for internal audit (not end-user profiles).

Photos and screen capture (OCR / vision)

If you upload an image to extract text or fault codes, the file is processed on the server to call the vision provider (e.g. OpenAI) and is not stored persistently in the current MVP unless external storage with a retention policy is configured. Avoid license plates, faces, or unnecessary personal data in the photo.

Usage measurement (analytics)

If enabled, Plausible may load with aggregated data. If you set Google Analytics 4 (NEXT_PUBLIC_GA4_ID), we show a consent banner before loading GA scripts; until you accept, no GA4 events are sent.

This text is a minimal baseline for the MVP; legal review is recommended before public production use.