Privacy Policy

1. Scope and Acceptance

This Privacy Policy explains how CPR 4 Your Car ("CPR 4 Your Car," "we," "our," or "us") collects, uses, and shares information when you visit https://cpr4yourcar.com or any of its subdomains (collectively, the "Site"), schedule or receive vehicle‑repair services, or otherwise interact with us. By using the Site or our services, you accept the practices described here.

2. Information We Collect

A. Information You Provide

• Contact details — name, telephone number, email address, mailing address.
• Vehicle details — make, model, year, odometer reading, Vehicle Identification Number (VIN), service history.
• Service information — requested work, appointment preferences, communications with our staff.
• Payment information — billing address and limited payment‑method details; full card numbers are transmitted directly to a PCI DSS‑compliant processor and are not stored on our systems.
• Emergency‑contact information (optional) for urgent service notifications.
• Testimonials or reviews that you choose to provide on the Site or on third‑party platforms.

B. Information Collected Automatically

• Usage data — IP address, browser type and version, device identifiers, advertising IDs, session duration, referring URL, time spent on pages, and clickstream patterns. This may also include the Google Click ID (GCLID) used for ad attribution and other data collected by advertising pixels and analytics scripts.
• Approximate location derived from IP address.
• Cookies and similar technologies (see Section 5).

C. Information from Third Parties

• Insurance companies when we assist with claim processing.
• Parts suppliers & diagnostic partners for warranty validation and specialised repair data.
• Payment processors for fraud prevention and transaction confirmation.
• Public review platforms (e.g., Google or Facebook) if you leave a review about our services.

3. Purposes of Processing

We use the information we collect to:

• provide, schedule, and complete vehicle services;
• process payments and insurance claims;
• send transactional messages (appointment confirmations, service updates, invoices, reminders);
• conduct analytics (including IP-based geolocation, click-path tracking, session replays), quality-assurance, staff training, and measure the effectiveness of advertising (e.g., through Google Ads and GCLID tracking);
• detect, investigate, and prevent fraud or security incidents;
• comply with legal obligations.

Where the EU/UK GDPR applies, our legal bases are performance of a contract, legitimate interests, consent, and compliance with a legal obligation.

4. How We Share Information

We share it only:

• with service providers that process data on our behalf — including hosting (Netlify), analytics (Google Analytics 4, including IP address, session behavior, and GCLID data; Microsoft Clarity for session replays; Hotjar if enabled), advertising (Google Ads/DoubleClick, Facebook Pixel), automation (Zapier), payment processing, parts suppliers, diagnostic partners, and email/SMS gateways;
• with insurance companies to validate or settle repairs covered by a policy;
• with law‑enforcement or regulators when legally required;
• in connection with a business transfer such as a merger or acquisition;
• with others only when you give explicit consent (e.g., publishing a testimonial).

A current list of service‑provider categories is available on request.

5. Cookies and Similar Technologies

We use essential, analytics, functional, and advertising cookies. You may disable cookies in your browser; some functionality may be limited.

• Opt out of Google Analytics: https://tools.google.com/dlpage/gaoptout
• Opt out of interest‑based ads: http://optout.aboutads.info

The Site recognises the Global Privacy Control (GPC) signal and other legally mandated Universal Opt-Out Mechanisms (UOOMs), such as those required by Colorado, Texas, and other state privacy laws.

6. Analytics, Advertising & Third‑Party Services

Our primary third‑party tools include Google Analytics 4, Google Ads & DoubleClick, Microsoft Clarity, Facebook Pixel, Netlify (hosting & forms), Zapier (automation), Google Maps (location embedded on the contact page), social‑media widgets, and PCI DSS‑compliant payment processors. These providers may set their own cookies and collect data under their respective privacy policies.

7. Data Retention

We keep personal information only as long as necessary for the purposes described here or as required by law. Routine system backups are deleted after 30 days. Inquiry and service records (including invoices) are retained for up to seven years to meet accounting and warranty obligations.

8. Security

We employ administrative, technical, and physical safeguards — including HTTPS, encryption in transit and at rest, firewalls, 24×7 security monitoring, access‑control lists, input sanitisation, rate‑limiting, and locked premises, and secure disposal of physical records and equipment at end‑of‑life — to protect information. Card data is handled exclusively by a PCI DSS‑certified processor. No system is perfectly secure.

9. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or restrict personal information, to object to certain uses, or to receive a portable copy of your data.

• Marketing communications: click "unsubscribe" in any marketing email, email cpr4yourcar@gmail.com, or call (440) 667‑8281 to update preferences.
• California residents: you may have additional rights under the CCPA/CPRA, including the right to opt out of the "sharing" of personal information for cross‑context behavioural advertising. We do not sell personal information.

10. Do Not Track

The Site does not respond to browser‑initiated "Do Not Track" signals. We do respect legally recognised opt‑out signals such as the GPC (see Section 5).

11. Children

The Site and our services are not directed to children under 13 years of age, and we do not knowingly collect their personal information. If you believe we have done so, contact us and we will delete the data.

12. International Transfers

We are located in the United States. If you access the Site from outside the U.S., you consent to the transfer of your information to the U.S., which may have different data-protection laws from those in your country. If you are located in the EU or UK, personal data is transferred pursuant to the EU-U.S. Data Privacy Framework (DPF) or, where applicable, the Standard Contractual Clauses (SCCs) with supplementary safeguards.

13. Contact Us

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the "Last Updated" date. Continued use of the Site after changes constitutes acceptance of the revised Policy.