This Privacy Policy explains how AutoChase ("we", "us", "our") collects, uses, stores, and protects personal data when you use AutoChase at autochase.app. We are the data controller for the purposes of UK GDPR and the Data Protection Act 2018.
Privacy contact: privacy@autochase.app
Payment processing is handled by Paddle.com Market Ltd as the Merchant of Record. We do not store full card numbers or payment credentials. We receive from Paddle: subscription status, subscription ID, customer ID, and transaction references. Paddle's own privacy policy governs how Paddle handles your payment data: paddle.com/legal/privacy.
| Purpose | Legal basis |
|---|---|
| Providing the Service (account, invoices, reminders) | Performance of a contract (Art. 6(1)(b) UK GDPR) |
| Processing subscription payments via Paddle | Performance of a contract |
| Security, fraud prevention, error monitoring | Legitimate interests (Art. 6(1)(f)) |
| Product analytics and service improvement | Legitimate interests |
| Marketing communications (if you opt in) | Consent (Art. 6(1)(a)) |
| Legal and regulatory compliance | Legal obligation (Art. 6(1)(c)) |
We share data with the following sub-processors only to the extent necessary to provide the Service:
| Processor | Purpose | Location |
|---|---|---|
| Coolify (self-hosted) | Application hosting and infrastructure | confirm server region with us |
| Supabase | Database hosting (PostgreSQL) | AWS ap-southeast-1 (Singapore) — confirm with us if EU residency is required |
| Resend | Transactional email delivery | USA (SCCs apply) |
| Paddle.com Market Ltd | Payment processing and subscription billing (Merchant of Record) | United Kingdom |
| Sentry (Functional Software Inc.) | Error monitoring (PII scrubbing enabled — no invoice amounts, client emails, or card data transmitted) | USA (SCCs apply) |
| OAuth sign-in (if you choose "Continue with Google") | USA (SCCs apply) |
We do not sell personal data to third parties. We do not use personal data for advertising.
Some of our sub-processors are located outside the UK/EEA. Where this is the case, we rely on Standard Contractual Clauses (SCCs) approved by the ICO/European Commission, or the UK International Data Transfer Agreement (IDTA), to ensure an adequate level of protection for your data.
You have the right to:
To exercise any of these rights, email privacy@autochase.app. We will respond within 30 days. We may need to verify your identity before processing your request.
We use the following cookies:
We do not use advertising, tracking, or analytics cookies. No third-party marketing scripts are loaded on authenticated pages.
The Service is not directed at children under 18. We do not knowingly collect data from anyone under 18. If you believe a child has provided us with personal data, contact us at privacy@autochase.app and we will delete it.
We may update this Privacy Policy from time to time. Material changes will be communicated by email at least 14 days before they take effect. The "last updated" date at the top of this page indicates when changes were last made.
You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the supervisory authority for data protection in the UK:
ico.org.uk/make-a-complaint · 0303 123 1113
For any privacy questions or data subject requests:
Email: privacy@autochase.app