Privacy Policy

Last updated: April 14, 2026

This Privacy Policy explains how Stephanos Economou, operating CarsAI ("CarsAI", "we", "us", or "our"), collects, uses, stores, and shares personal data when you use our platform and services. CarsAI is subject to the General Data Protection Regulation (GDPR) as Cyprus is a member state of the European Union.

1. Who We Are

CarsAI is operated by Stephanos Economou. For the purposes of GDPR, Stephanos Economou is the data controller for personal data processed through the Service.

Contact: hello@carsaicy.com

2. Data We Collect

We collect the following categories of personal data:

CategoryExamplesHow collected
Account dataName, email addressProvided by you at sign-up via Clerk
Authentication dataSession tokens, user IDGenerated automatically by Clerk
Usage dataPages visited, features used, search filters applied, time on platformCollected automatically as you use the Service
Communication dataEmail address, notification preferences, watchlist itemsProvided by you when you set up alerts or contact us
Payment dataBilling name, payment method details, transaction recordsCollected and processed by our payment provider — we do not store full card details
Technical dataIP address, browser type, device type, operating systemCollected automatically via server logs and session handling

3. How We Use Your Data

PurposeLegal basis (GDPR Art. 6)
Creating and managing your accountContract performance (Art. 6(1)(b))
Providing the Service and its featuresContract performance (Art. 6(1)(b))
Processing subscription paymentsContract performance (Art. 6(1)(b))
Sending watchlist price alerts and notifications you opted intoConsent (Art. 6(1)(a))
Responding to support enquiriesContract performance / Legitimate interest (Art. 6(1)(b)/(f))
Analysing usage to improve the ServiceLegitimate interest (Art. 6(1)(f))
Complying with legal obligationsLegal obligation (Art. 6(1)(c))

4. Third-Party Processors

We use third-party service providers to help operate the Service. These providers process personal data on our behalf and are contractually required to handle it securely and only for the purposes we specify.

  • Authentication provider — manages user accounts and sign-in. Processes your email, name, and session data.
  • Email delivery provider — sends transactional emails such as notifications and alerts. Processes your email address and message content.
  • Cloud hosting providers — host the application, database, and infrastructure. May process account data, usage data, and IP addresses as part of normal operation.
  • Payment provider — processes subscription payments. Handles billing name and payment method details. We do not store full card numbers.

You may request the names of specific processors we use by contacting us at hello@carsaicy.com.

We do not sell your personal data to any third party.

5. Cookies and Tracking

We use cookies and similar technologies to operate the Service. These include:

  • Session cookies — used to keep you signed in across pages. These are strictly necessary for the Service to function.
  • Preference cookies — used to remember settings such as your last selected filters or plan context.

We do not use advertising cookies, cross-site tracking, or third-party analytics services that track you across the web (e.g. Google Analytics).

6. Data Retention

  • Account data — retained for the duration of your account, plus up to 24 months after your last active use, unless you request earlier deletion.
  • Billing records — retained for 7 years to comply with financial and tax record-keeping requirements under Cyprus law.
  • Usage logs — retained for up to 12 months for security and product improvement purposes.
  • Email communications — retained for as long as necessary to provide support or comply with legal obligations.

7. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights. To exercise any of them, contact us at hello@carsaicy.com.

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — ask us to correct inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten") — request deletion of your personal data, subject to legal retention obligations.
  • Right to restriction — ask us to limit how we process your data in certain circumstances.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interest, including for direct marketing.
  • Right to withdraw consent — where processing is based on consent (e.g. email alerts), you may withdraw consent at any time without affecting prior processing.

We will respond to requests within 30 days. If you believe your rights have been violated, you have the right to lodge a complaint with the Commissioner for Personal Data Protection in Cyprus: www.dataprotection.gov.cy ↗

8. International Transfers

Some of our third-party processors operate outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as the EU Standard Contractual Clauses (SCCs) or reliance on an adequacy decision, as required by GDPR Chapter V.

9. Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include encrypted connections (HTTPS), access controls, and use of reputable infrastructure providers.

No method of transmission or storage is completely secure. If you believe your account has been compromised, please contact us immediately.

10. Children

The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date at the top when we do. For material changes, we may also notify you by email or via a notice within the Service.

Continued use of the Service after updates constitutes acceptance of the revised policy.

12. Contact

For any questions, requests, or concerns about this Privacy Policy or how we handle your data, contact us at:

hello@carsaicy.com