Privacy Policy — iMyGarage

Effective date: 2026-05-26
Data controller: Xhibiz Co., Ltd. (developer of iMyGarage)
Contact: [email protected]

1. Overview

iMyGarage is a B2B mobile app for car service centers/garages, helping staff manage work orders, vehicle intake, inspections, parts, and quotations. Installation requires registration through a subscribed business (Xhibiz client).

This policy explains what data we collect, how we use it, who we share it with, how long we keep it, and your rights over your data.

2. Data We Collect

2.1 Account data (from garage registration)

Name (employee name)
Email
Employee code
Position / garage affiliation
Phone number (if any)

2.2 Operational data

Work orders recorded by employees
Vehicle photos (exterior / damage) at intake and during repair
Customer ID and insurance scans (claims only) — to record customer + insurance data
Customer e-signatures (to confirm vehicle intake)
License plate photos (for plate scanning)
Inspection records
Quotations, purchase orders, inbound receipts

2.3 Technical data

Device identifiers — for session/notification
App version
Usage logs (e.g., login time, actions taken) — for audit trail

2.4 What we do not collect

GPS location (no location permission requested)
Device contacts / calendars
Biometric data
Keystrokes outside the app

3. Permissions

Permission	Purpose
INTERNET	API calls to iMyGarage backend
CAMERA	Photo capture (vehicles, plates, ID/insurance scans)
READ_MEDIA_IMAGES	Pick from gallery as alternative
ACCESS_NETWORK_STATE	Network check before API call

All permissions are requested at runtime — users may decline. Features depending on a declined permission will not work, but the rest of the app remains usable.

4. How We Use Data

We use collected data to:

Provide the garage management service requested by your garage
Maintain an audit trail (who did what, when) for transparency
Send notifications about work status
Improve quality and fix bugs

We do not:

Sell data to third parties
Use data for advertising targeting
Send data to marketing analytics trackers

5. Data Sharing

Collected data is stored in:

Xhibiz Co., Ltd. servers (hosted in Thailand/Singapore as appropriate)
Amazon S3 (Singapore — ap-southeast-1) for images and document files
Google Gemini API (only for uploaded ID/insurance images — for AI data extraction; images are not retained by Google per Google API policy)

We may disclose data to:

Government authorities pursuant to a court order or law
Your garage's auditor — only data the garage has authorized

6. Data Retention

Work order data, images, and documents: retained per your garage's policy (typically ≥ 5 years for Thai accounting law compliance)
Account data: retained while you are employed by the subscribing garage; deleted on garage request
Deleted files are removed from S3 within 30 days

7. User Rights

Users may:

Request access to data we hold about them
Request correction of inaccurate data
Request deletion of personal data (subject to accounting/legal requirements)
Withdraw consent (may disable some features)

Submit requests to [email protected] — response within 30 business days.

8. Security

Data in transit uses HTTPS/TLS (production; development stage may use HTTP)
Account passwords are hashed using industry-standard algorithms
Access tokens stored in device secure storage (Android Keystore / iOS Keychain)
Role-based access control within the garage

9. Children

iMyGarage is designed for users aged 18 and above who are employees of the subscribing garage. We do not knowingly collect data from minors.

10. Changes to This Policy

For material changes, we will:

Post a notice on our website
Notify users by email when necessary
Require users to accept the new policy before next app use

11. Contact

Company: Xhibiz Co., Ltd.
Email: [email protected]

For complaints regarding data protection, you may also contact the Personal Data Protection Committee (PDPC) of Thailand under PDPA.