Privacy Policy

Effective date: May 28, 2026 · Last updated: May 28, 2026

1. Who We Are

This Privacy Policy describes how TELETEH ("HiAuto", "we", "our", "us") collects, uses, and protects your personal information when you use the HiAuto mobile applications for iOS and Android, the HiAuto website at hiauto.app, and related services (collectively, the "Service").

TELETEH is the data controller for personal information processed through HiAuto. Contact: hiauto@teleteh.com.

2. Summary

HiAuto helps you manage one or more vehicles — track trips, fuel, expenses, maintenance, recalls, and share access with family. To do that, we collect the data you enter and we use cloud services on your behalf. We do not sell your data, we do not show advertising, and we do not share data with data brokers.

3. Information We Collect

3.1 Account Information

When you create an account, we collect:

• Email address (required to sign in)
• A user identifier we generate (Supabase Auth user ID)
• Optional display name you choose
• If you sign in with Google or Apple: the name and email returned by the identity provider

3.2 Vehicle and Activity Data

You enter or generate data while using HiAuto, including:

• Vehicles (VIN, make, model, year, color, license plate, odometer, body type)
• Trip records (start/end time, distance, classification — business, personal, medical, charity, unclassified)
• Expense records (fuel, maintenance, insurance, parking, tolls, washes, other) with optional receipt photos
• Maintenance reminders and history
• Recall alerts associated with your VIN
• Car sharing relationships and granted permissions
• AI assistant chat history

This data is stored on our cloud backend and is associated with your user identifier so we can show it to you on any device you sign in on.

3.3 Precise Location During Active Trips

HiAuto uses your device's precise GPS location while a trip is being tracked. Location samples are used in real time to compute trip distance and to render route geometry inside the app. Long-term GPS coordinate history is not persisted on our servers — only the resulting trip summary (distance, start/end time, classification) is stored. Location collection only runs while you actively start a trip in the app, via CarPlay, or via Android Auto. You can disable location access at any time in your device settings; trip tracking will not function without it.

3.4 Receipt Photos

When you scan a receipt to log an expense, the image is uploaded to our private storage bucket and sent to OpenAI's Vision API to extract structured fields (merchant, amount, date, items). The extracted text is saved with the expense. Photos remain in your account's storage until you delete the expense or your account.

3.5 AI Assistant Conversations

When you use the AI assistant, your messages plus relevant vehicle context (make, model, year, mileage, recent maintenance) are sent to OpenAI to generate a response. Conversation history is stored in your account so you can review it later.

3.6 Device and Diagnostic Data

• Push notification device token (Apple Push Notification service on iOS, Firebase Cloud Messaging on Android) so we can send reminders and recall alerts
• Operating system version and app version, used for compatibility and troubleshooting
• Crash reports (anonymous stack traces) collected by the operating system platform

4. How We Use Your Information

• Provide the Service — render your garage, compute trip distances, schedule maintenance reminders, run recall checks, share cars with family
• Account management — authenticate you, recover your account, contact you about your account
• Communicate — send service notifications such as recall alerts and maintenance reminders
• Improve the Service — diagnose crashes, identify and fix bugs
• Comply with law — respond to lawful requests, prevent fraud and abuse

We do not use your data for advertising and we do not sell or rent your personal information.

5. Third-Party Processors

We use the following service providers to operate HiAuto. They process data on our behalf under data protection agreements and are not permitted to use your data for their own purposes:

• Supabase (database, authentication, storage, edge functions) — hosts your account, vehicle, trip, expense, maintenance, recall, sharing, and AI chat data; stores receipt images
• OpenAI (Chat API and Vision API) — processes AI assistant prompts and receipt OCR. Per OpenAI's API data-usage policy, API content is not used to train OpenAI models
• Google Cloud — Places API — used when you open the Nearby screen to find gas stations, car washes, mechanics; your approximate location at that moment is sent to Google
• NHTSA vPIC and Recalls API (US Government) — VIN decoding and safety recall lookups; we send your VIN to NHTSA's public API
• Apple Push Notification service (iOS) and Firebase Cloud Messaging (Android) — deliver push notifications to your device
• App Store / Google Play — handle authentication flows you initiate from the store, in-app purchases, and subscription billing

We may add, replace, or remove processors over time. We will update this list when we do.

6. Data Sharing

We share your personal data only:

• With the service providers above, as needed to run the Service
• With another HiAuto user when you actively share a car with them — you choose which data categories (trips, expenses, mileage, maintenance, recalls) they can see, and you can revoke access at any time
• To comply with a valid legal process such as a subpoena or court order
• If TELETEH is involved in a corporate transaction (merger, acquisition), we will require the receiving party to honor this Privacy Policy

7. Data Security

• All network traffic between the app and our servers uses TLS (HTTPS)
• API keys for third-party services are kept server-side and proxied through our edge functions, not embedded in the app
• Row-level security in our database restricts access so each user sees only their own data and data shared with them
• Receipt images are stored in a private bucket with per-user path enforcement

No system is 100% secure. If we become aware of a breach affecting your personal data, we will notify you as required by applicable law.

8. Data Retention and Deletion

We retain your data while your account exists. You can:

• Delete individual cars, trips, expenses, maintenance records, recall alerts, or shares from inside the app — they are removed from your active data immediately
• Request full account deletion at hiauto.app/delete-account — we will delete your account and associated personal data within 30 days, except where retention is required by law (for example, financial records for tax purposes)

9. Your Rights

9.1 General Rights

Regardless of where you live, you can:

• Access the personal data we hold about you
• Correct inaccurate data from inside the app
• Export your data (email hiauto@teleteh.com)
• Delete your account
• Withdraw consent at any time

9.2 European Economic Area, United Kingdom, and Switzerland (GDPR)

If you are located in the EEA, UK, or Switzerland, our legal bases for processing your data are:

• Performance of a contract — to provide HiAuto's core features that you signed up for
• Legitimate interests — to keep the Service secure, prevent fraud, and improve reliability
• Consent — for optional features such as push notifications and location during trips (you can withdraw consent at any time in your device settings)
• Legal obligation — to comply with laws that apply to us

You have the right to lodge a complaint with your local supervisory authority. You also have the right to data portability — contact us to export your data in a machine-readable format.

9.3 California Residents (CCPA / CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect, the sources, and the purposes — described in this policy
• Delete your personal information — request at hiauto.app/delete-account
• Correct inaccurate personal information — edit inside the app or contact us
• Opt out of "sale" or "sharing" of personal information — we do not sell or share your personal information for cross-context behavioral advertising
• Non-discrimination — we will not deny service or charge a different price because you exercise your privacy rights

10. International Data Transfers

HiAuto is operated globally. Your data may be processed in countries other than the one you live in, including the United States and the European Union. When we transfer data internationally, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

11. Children

HiAuto is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us at hiauto@teleteh.com and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the new policy on this page and update the "Last updated" date. If the change is material we will provide additional notice (such as an in-app banner or an email).

13. Contact Us

Questions, requests, or complaints about this Privacy Policy or how we handle your data:

TELETEH
Email: hiauto@teleteh.com