The short version: Your vehicle data belongs to you. We collect only what we need to run the service. We don't sell your data, we don't run ads, and we never will. Revenue comes from subscriptions — that's the deal.

1. Who we are

MyDIYGarage is a vehicle maintenance tracking application operated by Nielsen Digital, LLC ("we," "us," "our"), a Texas limited liability company. Our service is accessible at app.mydiygarage.com.

This Privacy Policy explains how we collect, use, and protect information you provide when you use MyDIYGarage. By creating an account or using the service, you agree to the practices described here.

2. What data we collect

Account information

Vehicle and maintenance data

All vehicle records you create — service logs, fuel logs, fault codes, maintenance schedules, vehicle details — are stored on our servers to provide the service. This data is yours. We do not analyze it for advertising, sell it to third parties, or share it with insurers, dealers, or data brokers.

OBD2 dongle data (auto-ingest)

If you pair a supported Bluetooth OBD2 dongle to your car, the MyDIYGarage mobile app reads a narrow set of values directly from your vehicle's onboard diagnostics port and sends them to your account. We capture only what the OBD2 standard exposes, and only the specific values we need to keep your log up to date:

Each OBD2-sourced record is tagged with its provenance (auto-captured vs. manually entered) and lands as a draft you confirm before it joins your permanent log. You can delete all OBD2-sourced data for a vehicle in one action without affecting anything you entered yourself, and revoking a dongle stops all auto-ingest from that device immediately.

Billing information

If you subscribe to a paid plan, payment is handled by Stripe. We receive a payment confirmation and your Stripe customer ID. We never see, store, or process raw card numbers, bank account details, or full payment credentials.

Technical data

We do not use analytics platforms (Google Analytics, Mixpanel, etc.) that track your browsing across our site.

3. What we do not collect or sell

✓ We do not sell your data to anyone, or to any other third party for monetary or other valuable consideration.
✓ We do not run ads or use ad-targeting networks.
✓ We do not share your vehicle data with insurance companies, dealers, or data brokers (including for cross-context behavioral advertising).
✓ We do not build behavioral profiles for third-party marketing.
✓ Our revenue comes entirely from subscription fees. Your data is not the product.

Specifically, for OBD2 dongle data

Driving telemetry is a category that other companies have built entire business models around selling. We have not, and we will not. To be explicit:

4. How we use your data

We use the information we collect exclusively to:

We do not use your data for any purpose not listed above without first updating this policy and notifying you.

OBD2-sourced data is used only to populate your own vehicle logs (mileage, fault codes, freeze-frame snapshots) and, in the future, to power your own AI co-pilot insights inside your account. It is never aggregated for resale, never fed to third-party analytics, and never used to build profiles of you or your driving for anyone else.

5. Third-party processors

We use a small number of third-party services to operate MyDIYGarage. Each has its own privacy policy. We share only the minimum data necessary for the service to function. The categories of third parties to whom we disclose personal information are: payment processors and cloud infrastructure providers. We do not disclose personal information to advertisers, data brokers, CRM platforms, or analytics services.

Categories of personal information we collect (CCPA §1798.140(v))

For California-resident transparency, here is how the data we collect maps to the statutory categories. We collect data in these categories only as described elsewhere in this policy:

We do not collect biometric information, precise geolocation, sensitive personal information as defined by the CPRA, or any category not listed above.

Stripe (payment processing)

Stripe processes all subscription payments. When you subscribe, your payment details are entered directly into Stripe's secure checkout — they never pass through our servers. Stripe may set cookies during checkout sessions. See Stripe's Privacy Policy.

Amazon Web Services (infrastructure)

Our application and your data are hosted on AWS. We use AWS for compute, database, and transactional email. AWS does not access your personal data except as required to deliver infrastructure services. See AWS Privacy Policy.

We do not use any other third-party services that receive your personal data (no Google Analytics, no CRM platforms, no ad networks).

6. Cookies and local storage

We use a minimal set of cookies and browser storage. See our Cookie Policy for full details.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies on this site. If this changes, we will update our Cookie Policy and this section, and add a consent banner before deploying any new cookies.

7. Data retention

We retain your data for as long as your account is active. If you delete your account:

To request deletion of your account and data, email us at privacy@mydiygarage.com or use the account deletion option in your settings.

Security safeguards

We use industry-standard technical and organizational measures to protect your personal information, including encryption in transit (TLS) and encryption at rest for data stored on our servers. Access to personal data is restricted to personnel and systems that require it to provide the service. We also maintain regular encrypted backups, access logging, and ongoing vulnerability monitoring as part of our security program. No transmission over the internet or method of electronic storage is 100% secure; we cannot guarantee absolute security.

Security incidents

In the event of a security incident that affects your personal information, we will notify affected users as required by applicable law — including the Texas Business & Commerce Code Chapter 521 — and, in all cases, without undue delay. Notification will be sent to the email address on your account.

8. Your rights

Depending on your location, you may have the following rights regarding your personal data. We honor these requests for all users regardless of jurisdiction.

To exercise any of these rights, contact us at privacy@mydiygarage.com. We will respond within 30 days. We do not charge for reasonable requests.

Your rights over OBD2-sourced data

If you paired an OBD2 dongle, you have two additional controls available directly inside the app, without needing to email us:

Revoke + delete together cover both directions of objection (GDPR Art. 21). Revoking the dongle is the prospective remedy — no further OBD2 records are captured. Per-vehicle delete is the retrospective remedy — existing OBD2-sourced records are removed. Use one or both depending on whether you want to stop future capture, erase what's already there, or both.

Data portability (GDPR Art. 20). OBD2-sourced records are included in any data export you request under the Portability right above. You will receive your auto-captured mileage readings, DTCs, MIL status entries, and freeze-frame snapshots in the same machine-readable export as the rest of your vehicle data.

California residents (CCPA / CPRA)

California residents have additional rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA). We do not sell personal information as defined by the CCPA, and we do not share personal information for cross-context behavioral advertising as defined by the CPRA. California residents have the right to:

We do not collect sensitive personal information as defined by the CPRA. To exercise any of these rights, contact us at privacy@mydiygarage.com. We will respond within 45 days, as required by California law.

EU/UK residents (GDPR)

If you are in the European Union or United Kingdom, our legal basis for processing your data is:

We do not engage in solely automated decision-making that produces legal or similarly significant effects on you, as defined by Article 22 of the GDPR.

You have the right to lodge a complaint with your local supervisory authority. Our Data Protection contact is privacy@mydiygarage.com.

9. Children

MyDIYGarage is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If we discover that an account was created by someone under 13, we will delete it promptly. If you believe a child under 13 has created an account, contact us at privacy@mydiygarage.com and we will delete the account.

Users between 13 and 17 may use the service with verifiable parental or guardian consent. Consent is obtained by having the parent or guardian create the account and accept these Terms on behalf of the minor. We do not have a separate age-verification mechanism. Users who misrepresent their age to create an account assume full responsibility for any consequences of that misrepresentation.

10. Changes to this policy

We may update this Privacy Policy as the service evolves. For material adverse changes — changes that expand what data we collect, broaden how we use it, or add categories of recipients we share it with — we will:

Additive or more-protective changes (clarifications, new user controls, expanded transparency, formatting, typo fixes) are not "material adverse changes" and may take effect on the date posted. Version 1.3 is an example: it shortens the post-deletion retention window from 30 days to 14 days — your data is deleted sooner, which is more protective — so the effective date is the same as the publication date. (Version 1.2 similarly added OBD2-specific disclosures and a stronger no-sale commitment.)

No retroactive application. We will not retroactively apply new uses to data collected under the prior version of this policy. If a future revision broadens permitted uses, the broader uses apply only to data collected after that revision's effective date — earlier data remains governed by the version of the policy in effect when it was collected.

Mergers, acquisitions, and asset sales. In a merger, acquisition, restructuring, or asset sale, OBD2 data and other personal information transfer only to a successor that is contractually bound by commitments at least as protective as the ones in this policy — including the no-sale and no-share commitments in section 3. Users will receive at least 30 days' notice of any such transfer with an opportunity to export and delete their data before the transfer takes effect.

Continued use of the service after an effective date constitutes acceptance of the updated policy.

11. Contact us

For privacy questions, data requests, or concerns:

Nielsen Digital, LLC
c/o Northwest Registered Agent, LLC
5900 Balcones Drive, Suite 100
Austin, TX 78731
United States