Privacy Policy
Your Garage LLC — Automotive Services Platform
Effective: February 15, 2026
Version 3.0
Your Garage LLC (“we,” “us,” “our”), a limited liability company registered in the State of Qatar, operates the Your Garage automotive services platform. This Privacy Policy describes how we collect, use, store, share, and protect your personal information when you use our website at yourgarage.qa, our mobile applications, our Garage Buddy AI assistant, and any related services (collectively, the “Platform”).
We are committed to protecting your privacy in compliance with Qatar's Personal Data Protection Law (PDPL — Law No. 13 of 2016), GDPR where applicable, and international best practices. By using the Platform, you agree to this Privacy Policy.
1. Information We Collect
2. How We Use Your Information
Service Delivery
›
Process bookings for mobile/home services (mechanics, locksmiths, detailing, tinting), car washes, garage appointments, breakdown/recovery, and convenience delivery›
Match you with compatible parts using your vehicle specifications›
Calculate service fees based on your location and service type›
Manage authorization holds and payment capture through our payment processors›
Track order status from placement through delivery
Personalization
›
Display vehicle-specific part compatibility ("Fits Your Vehicle")›
Provide AI-powered vehicle diagnostics through Garage Buddy›
Remember your preferences, addresses, and favorite services›
Deliver content in your preferred language (Arabic/English RTL support)›
Manage your loyalty tier (Bronze, Silver, Gold, Platinum) and points
Communication
›
Send order confirmations, status updates, and delivery notifications›
Real-time chat with service providers via Ably messaging›
Push notifications for promotions, order status, and loyalty milestones›
Email receipts and refund confirmations›
SMS OTP codes for phone verification
Safety & Compliance
›
Verify identity during registration (Firebase Auth)›
Prevent fraud and unauthorized transactions›
Comply with Qatar PDPL and financial regulations›
Maintain audit trails for disputes and chargebacks›
Cloudflare Turnstile bot protection on critical endpoints
3. Legal Basis for Processing
| Legal Basis | Processing Activities |
|---|---|
Contract Performance | Account creation, order processing, payment handling, service delivery, refunds |
Consent | Marketing emails, analytics cookies, AI conversation storage, push notifications |
Legitimate Interest | Fraud prevention, platform improvement, error monitoring, security measures |
Legal Obligation | Tax records, financial reporting, regulatory compliance, law enforcement requests |
4. Who We Share Data With
We never sell your personal data. We share information only with trusted service providers who need it to deliver our services:
Service Providers & Partners: When you book a service, relevant information (your name, vehicle details, service location) is shared with the assigned service provider (mechanic, locksmith, detailer, tinting specialist, car wash operator, breakdown/recovery driver, convenience driver, delivery driver) to fulfil your order. Partner businesses (garages, car service centres, spare parts dealers, breakdown companies, car dealers, insurance companies) receive relevant order and customer information to fulfil bookings and product orders. All providers and partners operate under contractual obligations to protect your data.
5. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
Account data | Until account deletion + 30 days | Service continuity and recovery window |
Transaction records | 7 years | Financial regulations and audit requirements |
AI conversations | 90 days (identifiable), then anonymized | Service improvement and context continuity |
Location data | 12 months | Service history and dispute resolution |
Error logs / analytics | 24 months | Platform stability and performance analysis |
Marketing consent | Until withdrawn | Regulatory compliance (proof of consent) |
Support tickets | 3 years | Quality assurance and dispute reference |
Vehicle data | Until vehicle removal from garage | Part compatibility and service history |
6. Data Security
Encryption
All data in transit is encrypted via TLS 1.3. Sensitive data at rest is encrypted using AES-256. Our payment processors (Stripe, PayPal, Sadad) handle PCI-DSS Level 1 compliant card storage.
Authentication
Multi-factor authentication via Firebase Auth. Support for email/password, Google, Apple Sign-In, phone OTP, and biometric authentication (Face ID, Touch ID).
Infrastructure
Hosted on Vercel (edge network) and Google Cloud. Firestore security rules enforce per-user data isolation. Cloudflare provides DDoS protection.
Access Controls
Role-based access control across admin portal, partner portal, and driver applications (breakdown, convenience, delivery, mobile service). API endpoints protected by Firebase Auth tokens and Cloudflare Turnstile.
7. Your Rights
Under Qatar's PDPL and applicable regulations, you have the following rights. To exercise any of these, contact us at privacy@yourgarage.qa:
Right of Access
Request a copy of all personal data we hold about you
Right to Rectification
Correct inaccurate or incomplete data in your profile
Right to Erasure
Request deletion of your account and associated data
Right to Restrict Processing
Limit how we use your data while disputes are resolved
Right to Data Portability
Receive your data in a structured, machine-readable format
Right to Object
Opt out of processing based on legitimate interest or marketing
Right to Withdraw Consent
Revoke consent at any time without affecting prior processing
Right to Complain
Lodge a complaint with the Qatar Data Protection Authority
We will respond to all data rights requests within 30 days. Complex requests may take up to 60 days with prior notification. Identity verification is required for all requests to protect your data.
8. International Data Transfers
Some of our service providers process data outside Qatar (primarily in the United States and European Union). We ensure adequate protection through:
- Standard contractual clauses (SCCs) with all international processors
- Data processing agreements (DPAs) that meet Qatar PDPL standards
- Ensuring all processors maintain at least equivalent security measures
- Regular audits of third-party compliance with data protection obligations
9. Children's Privacy
The Platform is not intended for children under 18. We do not knowingly collect personal data from minors. If we discover that a child under 18 has provided personal information, we will delete it promptly. If you believe a child has provided us with personal data, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated through in-app notifications, email, or a prominent notice on the Platform. We encourage you to review this policy periodically. Your continued use of the Platform after changes constitutes acceptance of the updated policy.
Contact Us
For privacy-related questions, data requests, or concerns:
Privacy
privacy@yourgarage.qa
Support
support@yourgarage.qa
Phone
+974 6698 6891
Address
Bani Hajer, Al Rayyan, Doha, Qatar