G
v1.0
TheGarageOS · Privacy

Privacy Policy.

How we collect, use, store and protect data across TheGarageOS — for workshop operators, their staff and their customers.

Last updated: June 12, 2026

1. Overview

TheGarageOS ("we", "us", "our") provides a workshop operating system for vehicle service businesses, covering jobs, inspections, inventory, point of sale, finance, CRM and HR. This Privacy Policy explains how we collect, use, disclose and safeguard information when a workshop ("Customer", "Tenant") and its end customers ("End Users") use our platform.

By accessing or using TheGarageOS, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the platform.

2. Information We Collect

We collect information in three categories: account and tenant data provided during onboarding, operational data generated through normal use of the platform, and technical data collected automatically.

  • Account data — business name, billing details, staff names, emails, phone numbers and role assignments.
  • Operational data — job records, vehicle identifiers, inspection photos, quotes, invoices, payments, inventory and customer contact details entered by the Tenant.
  • Technical data — IP addresses, device and browser information, log files, API usage and session metadata, collected for security and performance purposes.

3. How We Use Information

  • To provide, operate and maintain the platform, including job tracking, DVI, invoicing, inventory and reporting.
  • To process payments and generate insurance-split invoices on behalf of the Tenant.
  • To send service notifications, security alerts and administrative messages.
  • To monitor, investigate and prevent fraudulent, unauthorized or illegal activity.
  • To improve platform performance, reliability and feature set through aggregated, de-identified analytics.

4. Data Ownership & Tenant Responsibility

Each Tenant owns the operational data it enters into the platform, including customer and vehicle records. TheGarageOS acts as a data processor on behalf of the Tenant for this data, and as a data controller for account, billing and platform usage data.

Tenants are responsible for obtaining any consents required from their own customers (End Users) before entering personal data into the platform, and for honoring End User data requests under applicable law.

5. Data Sharing & Disclosure

We do not sell personal data. We share data only in the following circumstances:

  • With sub-processors that support core infrastructure (cloud hosting, object storage, email and SMS delivery, payment processing), bound by confidentiality and data protection terms.
  • With Tenant-authorized integrations and API consumers, where the Tenant has explicitly enabled access.
  • Where required to comply with a legal obligation, court order, or governmental request.
  • In connection with a merger, acquisition or asset sale, with notice to affected Tenants.

6. Data Retention

Operational data is retained for the duration of the Tenant's subscription plus a recovery window of 30 days following termination, unless a longer period is required for legal, tax or audit purposes (typically up to 7 years for financial records).

Tenants may request export or deletion of their data at any time, subject to statutory retention requirements applicable to invoicing, tax and audit trail records.

7. Security

We apply industry-standard safeguards including encryption in transit (TLS 1.2+) and at rest, role-based access control, audit logging of sensitive actions, and regular security reviews. Our infrastructure is designed in line with SOC 2 control objectives.

No system can be guaranteed 100% secure. We maintain an incident response process and will notify affected Tenants without undue delay in the event of a data breach affecting their data, as required by applicable law.

8. International Data Transfers

TheGarageOS primarily operates in and serves workshops across South and Southeast Asia. Data may be processed in data centers located outside the Tenant's home country. Where required, we apply appropriate safeguards such as standard contractual clauses for cross-border transfers.

9. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, export or delete personal data we hold about you, and to object to or restrict certain processing. End Users should direct such requests to the workshop (Tenant) they interacted with; Tenants may direct requests to us using the contact details below.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to Tenant administrators via email or in-app notice at least 14 days before taking effect.

11. Contact

Questions about this Privacy Policy or our data practices can be directed to [email protected].