Privacy Policy
Last updated: January 20, 2026

1. Introduction

Workshop Manager ("we", "our", or "the Service") is a management platform for automotive workshops developed by edcilo.com. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our service. By using Workshop Manager, you agree to the practices described in this policy. This service is intended exclusively for persons 18 years of age or older, or who have reached the legal age of majority in their jurisdiction.

2. Information We Collect

We collect the following types of information when you use Workshop Manager:

  • Account information: name, email address, organization information, and authentication credentials provided through Clerk Authentication
  • Workshop information: workshop name, address, phone number, website, and logo
  • Customer data: names, addresses, phone numbers, tax identifiers, and other information provided by you
  • Vehicle data: information about customer vehicles, including make, model, year, license plate number, and VIN
  • Operational data: repair orders, services, products, inventory, purchases, sales, and financial transactions
  • Technical data: IP addresses, browser type, pages visited, usage time, and other service usage data
  • AI communication data: conversations and queries made to the artificial intelligence assistant integrated in the service

3. How We Use Your Information

We use the collected information for the following purposes:

  • Provide and maintain the Workshop Manager service
  • Process and manage repair orders, services, and transactions
  • Manage inventory, products, and suppliers
  • Process payments and manage subscriptions through Stripe
  • Store and manage images and documents in AWS S3
  • Provide artificial intelligence assistance features through OpenAI
  • Send transactional and service communications through Resend

4. Legal Basis for Processing

We process your personal information based on the following legal bases:

  • Contract performance: to provide the service functionalities you have contracted
  • Consent: for marketing communications and optional features
  • Legal obligation: to comply with tax, accounting, and regulatory requirements
  • Legitimate interest: to improve service security, prevent fraud, and optimize user experience

5. Service Providers and Information Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes. We share information only with the following service providers who help us operate the Service:

  • Clerk: authentication and user identity management
  • Stripe: payment processing and subscription management
  • AWS S3: secure storage of images and documents
  • Supabase: PostgreSQL database infrastructure
  • OpenAI: processing queries for the artificial intelligence assistant
  • Resend: transactional email delivery
  • Upstash Redis: rate limiting services for system protection
  • Vercel: application hosting and deployment
  • We may also share information when required by law, to protect our rights, or with your explicit consent

6. International Data Transfers

Your data may be transferred to and processed on servers located outside your country of residence, including the United States, where our service providers are located. These transfers are made with appropriate safeguards, including approved standard contractual clauses and compliance with applicable privacy frameworks. By using the Service, you consent to these international data transfers.

7. Data Security

We implement technical and organizational security measures to protect your information, including:

  • Encryption of data in transit (HTTPS/TLS) and at rest
  • Secure authentication through Clerk with multi-factor authentication support
  • Secure storage in AWS S3 with restricted access and presigned URLs
  • Logical data separation between organizations (multi-tenancy)
  • Rate limiting to prevent brute force attacks
  • However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security

8. Cookies and Similar Technologies

We use cookies and similar technologies for the operation of the Service:

  • Essential cookies: necessary for authentication, security, and basic service functionality
  • Functional cookies: to remember your preferences and settings
  • Third-party cookies: used by Clerk for authentication and by Stripe for payment processing
  • You can manage cookies through your browser settings, although disabling essential cookies may affect Service functionality

9. Your Privacy Rights

Depending on your location, you may have the following rights over your personal data:

  • Right of access: request a copy of your personal data
  • Right of rectification: correct inaccurate or incomplete data
  • Right of erasure: request deletion of your data ('right to be forgotten')
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to object: object to the processing of your data in certain circumstances
  • Right to restrict processing: limit how we use your data
  • Right not to be subject to automated decisions: request human intervention in automated decisions that significantly affect you
  • To exercise these rights, contact us at privacy@edcilo.com

10. Region-Specific Rights

Users in the European Union (GDPR): You have the right to lodge a complaint with your local data protection authority if you believe the processing of your data violates the GDPR. Users in California (CCPA): You have the right to know what personal information we collect, request its deletion, and opt out of the sale of personal information (we do not sell personal information). Users in other jurisdictions: We respect the applicable privacy rights in your jurisdiction.

11. Artificial Intelligence Data Processing

Our service includes an artificial intelligence assistant that uses OpenAI. When using this feature:

  • Your queries and conversations are sent to OpenAI servers for processing
  • The data sent may include information from your workshop context to provide relevant responses
  • OpenAI may use this data in accordance with its own privacy policy
  • AI-generated responses are for guidance only and do not substitute professional advice
  • You should not share sensitive, confidential, or third-party personal information in conversations with the assistant

12. Data Retention

We retain your personal information according to the following periods:

  • Account data: while your account is active and up to 30 days after cancellation to allow recovery
  • Operational data (orders, sales, purchases): according to applicable tax and accounting requirements, typically 7 years
  • Technical data and logs: 90 days for security and diagnostic purposes
  • AI conversations: 30 days to improve service quality
  • Backups: may be retained for up to 90 additional days
  • You may request early deletion of your data, subject to legal retention obligations

13. Children's Privacy

The Service is intended exclusively for users 18 years of age or older, or who have reached the age of majority in their jurisdiction. We do not knowingly collect personal information from minors. If we discover that we have collected data from a minor, we will delete it immediately. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@edcilo.com.

14. Changes to This Policy

We reserve the right to modify this Privacy Policy at any time. We will notify you of material changes by email and/or a prominent notice on the Service before the changes take effect. The 'Last updated' date at the beginning of this policy indicates when the last revision was made. It is recommended that you review this policy periodically.

15. Contact

If you have questions about this Privacy Policy or wish to exercise your privacy rights, you may contact us at: Privacy email: privacy@edcilo.com. Website: edcilo.com. We will respond to your request within applicable legal timeframes, generally within 30 days.

16. Limitation of Liability

THE DEVELOPER AND edcilo.com SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES RESULTING FROM THE USE OR INABILITY TO USE THE SERVICE, INCLUDING BUT NOT LIMITED TO DATA LOSS, BUSINESS INTERRUPTION, OR FINANCIAL LOSSES. THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED.

17. Jurisdiction and Applicable Law

This Privacy Policy is governed by applicable laws and any related dispute will be subject to the jurisdiction of competent courts. By using the service, you agree that any dispute will be resolved through binding arbitration in accordance with applicable rules.