Toggle Side Panel
Iamcarhacker
Iamcarhacker
Close search

Privacy Policy

Last updated: 16 May 2026

This Privacy Policy explains how Carhacker OÜ (“we”, “us”, “our”) collects, uses, and protects your information when you use https://iamcarhacker.com (the “Website”) and the services offered through it, including the Pro Access membership, newsletter, and AI chat service.

By using the Website, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Data Controller

The data controller responsible for your personal data is:

  • Legal entity: Carhacker OÜ
  • Registered address: Sepapaja tn 6, 15551 Tallinn, Harju Maakond, Estonia
  • Registration number: 17463840
  • Contact: info@iamcarhacker.com

2. Definitions

  • Website: https://iamcarhacker.com
  • Personal Data: any information that can identify you directly or indirectly
  • Usage Data: data collected automatically through the use of the Website
  • Cookies: small files stored on your device
  • AI Chat: the automated chat assistant available on the Website
  • You: the individual using the Website

3. Data We Collect

3.1 Account and Membership Data

When you create an account, subscribe to Pro Access, or purchase a digital product, we collect:

  • Email address
  • Username and display name
  • Profile information you choose to provide (avatar, bio, location)
  • Membership status, subscription start date, and billing history references
  • Forum posts, comments, and other content you submit

3.2 Payment Data

When you make a purchase, payment processing is handled by Stripe. Stripe may collect:

  • Name and email address
  • Billing address
  • Payment method details (card or alternative payment method)
  • Transaction history

We do not store or process credit card details on our servers. We receive only a reference to the transaction and the payment method type. See Stripe’s privacy policy at https://stripe.com/privacy.

3.3 AI Chat Data

When you interact with the AI Chat:

  • The messages you send and the responses you receive are logged and stored
  • Logs may include timestamps and session identifiers
  • For logged-in users, logs are linked to your account
  • For logged-out users, logs are associated with an anonymous session identifier

These logs are used for service improvement, abuse prevention, quality assurance, and product development. See Section 7 for more on how AI Chat data is processed.

3.4 Newsletter Data

If you subscribe to the newsletter:

  • Email address
  • Subscription preferences and tags
  • Email engagement metrics (opens, clicks, unsubscribes)

3.5 Usage Data

Collected automatically when you visit the Website:

  • IP address
  • Browser type and version
  • Operating system and device type
  • Pages visited and time spent
  • Referring website
  • Approximate location derived from IP address

4. Cookies and Tracking

We use cookies and similar technologies for:

  • Operating the Website (authentication, session management)
  • Analysing traffic and user behaviour
  • Tracking affiliate link clicks
  • Improving user experience

Types of cookies used:

  • Essential cookies: required for the Website to function (authentication, security, cookie consent)
  • Analytics cookies: help us understand how the Website is used
  • Affiliate cookies: track clicks to affiliate partner websites

You can manage or withdraw consent through the cookie banner on the Website or via your browser settings.

5. Third-Party Services

We use third-party services that may process your data according to their own privacy policies:

  • Google Analytics — Website analytics — https://policies.google.com/privacy
  • Stripe — Payment processing — https://stripe.com/privacy
  • FluentCRM — Email marketing (self-hosted plugin running on our infrastructure)
  • Amazon SES — Outbound email delivery — https://aws.amazon.com/privacy/
  • OpenAI — AI Chat language model processing — https://openai.com/policies/privacy-policy
  • YouTube and Vimeo — Embedded video content — respective provider policies
  • Affiliate networks (Amazon Associates, AliExpress, CJ Affiliate, Awin) — Purchase tracking — respective provider policies

Embedded content (such as YouTube or Vimeo videos) may also collect data when you interact with it. We do not control how third-party services collect or use your data.

6. International Data Transfers

Some of the third-party services we use are based outside the European Economic Area (EEA), including in the United States.

For such transfers, we rely on legal mechanisms permitted under GDPR, including:

  • Standard Contractual Clauses (SCC) approved by the European Commission
  • Adequacy decisions where applicable
  • Service provider participation in the EU-US Data Privacy Framework where applicable

7. AI Chat Service: Data Processing

This section provides additional detail on how data submitted through the AI Chat is handled.

7.1 What Is Logged

  • The full content of messages you send to the AI Chat
  • The responses generated by the AI
  • Timestamps and session identifiers
  • For logged-in users: the link to your account

7.2 How Logs Are Used

  • Service improvement and debugging
  • Detecting and preventing abuse, spam, or misuse
  • Quality assurance of AI responses
  • Product development and analysis of common questions

7.3 Third-Party AI Processing

AI responses are generated through a third-party AI provider (currently OpenAI). The messages you send are transmitted to that provider for processing.

We use the API access where, according to the provider’s own policy, submitted data is not used to train their general-purpose models. The provider may still retain data temporarily for abuse monitoring as described in their own privacy policy.

7.4 What Not to Submit

Do not submit personal data of others, payment details, login credentials, vehicle identification numbers (VIN), or other sensitive information through the AI Chat. The Chat is intended for diagnostic and educational questions, not personal data sharing.

7.5 Chat Data Retention

Chat logs are retained for up to 24 months for the purposes listed above, after which they are deleted or anonymised. You may request deletion of your chat history at any time by contacting info@iamcarhacker.com.

8. Payments

Payments for Pro Access membership and digital products are processed securely via Stripe.

For recurring Pro Access subscriptions:

  • Stripe stores your payment method on file to charge the recurring monthly fee
  • You may update or remove your payment method at any time through the Stripe customer portal
  • Cancellation stops future charges but does not delete past transaction records, which are retained for accounting and legal purposes

9. Affiliate Links

The Website participates in affiliate programs.

If you click an affiliate link and make a purchase, we may earn a commission at no additional cost to you. Affiliate networks may set cookies or use other tracking technologies to attribute the sale.

For more information, see the Affiliate Disclosure page.

10. How We Use Your Data and Legal Basis

We process your data on the following legal bases under GDPR:

10.1 Contract Performance

  • Operating your account and membership
  • Processing your payments
  • Providing access to purchased content
  • Customer support

10.2 Legitimate Interests

  • Analytics and performance measurement
  • Fraud prevention and security
  • Direct marketing to existing customers (subject to your right to object)
  • AI Chat improvement and quality assurance

10.3 Consent

  • Marketing emails to non-customers
  • Non-essential cookies and tracking
  • Embedded third-party content

10.4 Legal Obligation

  • Accounting and tax records
  • Responding to legal requests from competent authorities

We do not sell or rent your personal data.

11. Data Sharing

Your data may be shared with:

  • Service providers acting as data processors on our behalf (hosting, analytics, email delivery, payment processing, AI provider)
  • Affiliate networks when you click affiliate links (limited to click and conversion tracking)
  • Government authorities when required by law, court order, or to protect our legal rights

12. Data Retention

We retain personal data for the following periods:

  • Account data: while your account is active, then deleted within 90 days of account closure (except where legal retention applies)
  • Transaction and accounting data: 7 years from the date of transaction, as required by Estonian and EU accounting law
  • AI Chat logs: up to 24 months, then deleted or anonymised
  • Newsletter subscription data: until you unsubscribe, plus 12 months for suppression list management
  • Analytics data: anonymised after 14 months (per Google Analytics default)
  • Forum posts and public content: retained while your account is active; you may request anonymisation on account closure

13. Your Rights Under GDPR

If you are located in the European Economic Area, you have the following rights:

  • Access: receive a copy of the personal data we hold about you
  • Rectification: correct inaccurate or incomplete data
  • Erasure: request deletion of your data (subject to legal retention requirements)
  • Restriction: limit how we process your data in certain circumstances
  • Data portability: receive your data in a structured, machine-readable format
  • Objection: object to processing based on legitimate interests, including direct marketing
  • Withdraw consent: at any time, where processing is based on consent

To exercise any of these rights, contact us at info@iamcarhacker.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon): https://www.aki.ee/

14. Data Security

We take reasonable technical and organisational measures to protect your data, including:

  • Encrypted connections (HTTPS / TLS)
  • Restricted access to personal data within our systems
  • Regular software updates and security patches
  • Secure password hashing for account credentials

However, no system is completely secure, and we cannot guarantee absolute security.

15. Children’s Privacy

This Website is not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child, contact us and we will delete it.

16. External Links

The Website may contain links to third-party websites. We are not responsible for their content or privacy practices. Review the privacy policies of any third-party sites you visit.

17. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date.

For material changes affecting how we process your data, we will provide reasonable notice by email or in-account notification.

18. Contact

If you have any questions about this Privacy Policy or wish to exercise your data protection rights:

  • Email: info@iamcarhacker.com
  • Operator: Carhacker OÜ
  • Registered address: Sepapaja tn 6, 15551 Tallinn, Harju Maakond, Estonia
  • Estonian Data Protection Authority: https://www.aki.ee/