Privacy Policy
Last updated: June 2026
1. Who we are
FaultNet is operated by FaultNet ("we", "us", "our").
We are the data controller for personal data processed through FaultNet.
Contact: contact@faultnet.io
2. What data we collect
2.1 Account data
When you register, we collect:
- Email address
- Display name
- Password (stored as a bcrypt hash — we never store your plaintext password)
- Login type (email/password or Google OAuth)
- Account creation and update timestamps
If you register via Google OAuth, we receive your email address and profile name from Google.
2.2 Vehicle data
When you add vehicles to your garage:
- Vehicle make, model, variant, generation and year
- Any photos you upload
2.3 Fault case data
When you create fault cases:
- Fault case content: title, symptoms, category, conditions, DTC codes, mileage, country, images, videos and timeline entries
- Whether you allow community timeline entries on your cases
2.4 Usage data
We collect standard server logs including:
- IP address
- Browser/device type
- Pages visited and actions taken
- Timestamps
2.5 Payment data
Billing and payment details are handled entirely by Stripe. We store only:
- Your Stripe customer ID
- Subscription status and renewal dates
We never see or store your card number.
2.6 Authentication tokens
Short-lived JWT tokens are stored in your browser's local storage to maintain your logged-in session.
3. How we use your data
| Purpose | Legal basis |
|---|---|
| Providing the FaultNet service | Contract performance |
| Processing payments and managing subscriptions | Contract performance |
| Sending service-related emails (verification, password reset, notifications) | Contract performance / legitimate interests |
| Improving the platform (usage analytics) | Legitimate interests |
| Fraud prevention and security | Legitimate interests / legal obligation |
| Complying with legal obligations | Legal obligation |
4. Third-party processors
We share data with the following third parties to deliver the service:
| Processor | Purpose | Location |
|---|---|---|
| Stripe | Payment processing | USA (EU–US Data Privacy Framework) |
| Cloudflare R2 | Media file storage (photos, videos) | EU |
| Anthropic | AI fault analysis (Pro tier only — fault case data sent for analysis) | USA |
| Oracle | Application and database hosting | UK |
We do not sell your personal data to any third party.
When fault case data is sent to Anthropic for AI analysis, only the content of the specific fault case is included and no other account data is shared.
5. Public content
Fault cases, vehicle profiles and timeline entries are visible to all FaultNet users and to the general internet (including search engines). Do not include personally identifiable information in content you intend to make public.
6. Data retention
| Data type | Retention |
|---|---|
| Account data | Retained until you close your account |
| Fault case content | Retained until you delete the case or close your account |
| Server logs | 90 days |
| Payment/subscription records | 7 years (legal/tax obligation) |
When you close your account, your personal data and private content are deleted within 30 days. Public content may be retained in anonymised form.
7. Your rights
Under UK GDPR you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — correct inaccurate data
- Erasure — request deletion of your data (subject to legal retention obligations)
- Data portability — receive your data in a structured, machine-readable format
- Restriction — request we pause processing your data in certain circumstances
- Object — object to processing based on legitimate interests
To exercise any of these rights, email us at contact@faultnet.io. We'll respond within 30 days.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
8. Cookies
FaultNet uses minimal cookies:
| Cookie | Purpose | Duration |
|---|---|---|
| Session / auth | Maintains your logged-in session | Session / 14 days |
| MediaAccess | Protects media files stored in R2 | 1 day |
We do not use third-party advertising or tracking cookies.
9. Security
We protect your data using:
- TLS encryption for all data in transit
- Password hashing (bcrypt)
- Short-lived access tokens with refresh token rotation
- Optional two-factor authentication (TOTP)
- Access controls limiting which systems can read which data
No system is perfectly secure. If you discover a security vulnerability, please disclose it responsibly to contact@faultnet.io.
10. Children
FaultNet is not intended for users under 18. We do not knowingly collect data from children. If you believe we have done so, please contact us and we will delete it promptly.
11. Changes to this policy
We may update this policy from time to time. Material changes will be notified by email or a notice in the app. Continued use after the effective date constitutes acceptance.
12. Contact
Questions or requests? Email contact@faultnet.io or use the contact form.