Privacy Policy
Last updated: 23 March 2026
Effective date: 23 March 2026
This Privacy Policy explains how ConsoleRepair.ai ("we", "us", "our") collects, uses, stores, and shares your personal data when you use our AI-assisted diagnostic service ("Service").
We are the data controller for the purposes of the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018.
---
1. Data We Collect
1.1. Account Information
When you create an account, we collect:
- Email address
- Display name (if provided)
- Authentication credentials (managed by our authentication provider)
1.2. Chat and Usage Data
When you use the Service, we collect:
- Chat messages you send to the Service
- AI-generated responses
- Device and board type selections
- Diagnostic queries and AI-generated responses
- Timestamps and session identifiers
1.3. Payment Data
When you purchase Credits, our payment processor (Stripe) collects:
- Card details (card number, expiry, CVC) — processed and stored by Stripe, never by us
- Billing name and address
- Transaction amounts and dates
We receive from Stripe: a transaction identifier, the amount paid, payment status, payment method type (e.g., card brand and last four digits), and billing information you provide at checkout. We do not receive or store your full card number, expiry date, or CVC.
1.4. Technical Data
We automatically collect:
- IP address
- Approximate geographic location (city, country, and coordinates) derived from your IP address
- Browser type and version
- Device type and operating system
- Pages visited and features used
- Referring URL
- Cookies and similar technologies (see Section 8)
- Error reports, performance traces, and masked session replays (collected automatically by our error monitoring service for service reliability)
---
2. How We Use Your Data
We use your personal data for the following purposes:
| Purpose | Data used | Lawful basis (UK GDPR Art. 6) |
|---|---|---|
| Provide the Service (generate diagnostic responses) | Chat messages, device selections | Performance of contract (Art. 6(1)(b)) |
| Process payments and maintain Credit balances | Payment data, transaction records | Performance of contract (Art. 6(1)(b)) |
| Create and manage your account | Account information | Performance of contract (Art. 6(1)(b)) |
| Detect abuse, fraud, and violations of our Terms | Usage data, IP address, technical data | Legitimate interest (Art. 6(1)(f)) — protecting the Service and other users |
| Enforce usage limits and access controls | Usage data, session identifiers | Legitimate interest (Art. 6(1)(f)) — protecting the Service and preventing abuse |
| Improve the Service | Aggregated and anonymised usage data | Legitimate interest (Art. 6(1)(f)) — service improvement |
| Respond to your enquiries | Contact information, correspondence | Performance of contract / legitimate interest |
| Comply with legal obligations | As required | Legal obligation (Art. 6(1)(c)) |
We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.
---
3. Data Processors and Sharing
We share your personal data with the following third-party processors, each of which processes data on our behalf under a data processing agreement:
| Processor | Data shared | Purpose | Location |
|---|---|---|---|
| OpenAI (OpenAI, LLC) | Chat messages, diagnostic queries | AI model inference — generating diagnostic responses | United States |
| Stripe (Stripe Payments UK, Ltd / Stripe, Inc) | Payment and billing data | Payment processing | United Kingdom / United States |
| Neon (Neon, Inc) | Account data, chat history, Credit balances | Database hosting (PostgreSQL) | United States |
| Vercel (Vercel, Inc) | Technical data, IP address | Application hosting and delivery | United States / United Kingdom |
| Sentry (Functional Software, Inc) | IP address, browser/device information, cookie headers, HTTP request/response headers, error stack traces, client-side navigation traces, session replays (masked — all text, inputs, and media blocked by default) | Error monitoring, performance monitoring, and session replay for service reliability | European Union (Germany) |
We do not sell your personal data to any third party.
Third-Party Data
The Service references repair observations sourced from publicly available online resources. We take reasonable steps to anonymise this data before it is stored in our systems. If you believe your personal data appears in our knowledgebase and wish to exercise your data protection rights, please contact us using the details in Section 11.
We may disclose your personal data if required to do so by law, or in response to a valid request from a law enforcement authority or court.
---
4. International Data Transfers
Your personal data is transferred to and processed in the United States by the processors listed in Section 3, with the exception of Sentry, which processes data in the European Union (Germany). The United States does not have an adequacy decision from the UK Government for the purposes of UK GDPR.
We ensure that these transfers are protected by appropriate safeguards:
- Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA) as approved by the Information Commissioner's Office (ICO), incorporated into our data processing agreements with each processor.
- Where applicable, supplementary measures including encryption in transit and at rest.
You may request a copy of the relevant transfer safeguards by contacting us using the details in Section 11.
---
5. Data Retention
We retain your personal data for the following periods:
| Data category | Retention period | Reason |
|---|---|---|
| Account information | Duration of account + 12 months after deletion | Account administration; resolving post-closure queries |
| Chat history | Deleted immediately when you delete a chat; account deletion removes all remaining chat history | Service provision; you may delete individual chats at any time |
| Payment and transaction records | 7 years from transaction date | UK tax and accounting obligations (Finance Act, Companies Act 2006) |
| Technical and access logs | 90 days | Security monitoring and abuse detection |
| Credit balance records | Duration of account + 7 years | Accounting obligations |
After the retention period expires, personal data is deleted or irreversibly anonymised.
---
6. Your Rights
Under UK GDPR, you have the following rights:
- Right of access (Art. 15) — request a copy of the personal data we hold about you
- Right to rectification (Art. 16) — request correction of inaccurate or incomplete data
- Right to erasure (Art. 17) — request deletion of your personal data (subject to legal retention obligations)
- Right to restriction (Art. 18) — request that we limit how we process your data
- Right to data portability (Art. 20) — receive your data in a structured, machine-readable format
- Right to object (Art. 21) — object to processing based on legitimate interest
- Right to withdraw consent — where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, contact us at contact@consolerepair.ai. We will respond within one month. If your request is complex or we receive a large number of requests, we may extend this by a further two months, and will notify you accordingly.
There is no fee for exercising your rights, unless your request is manifestly unfounded or excessive.
---
7. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption in transit (TLS/HTTPS) for all communications
- Encryption at rest for stored data
- Access controls limiting employee access to personal data
- Regular review of security practices
No method of transmission or storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security.
---
8. Cookies and Similar Technologies
We use cookies and similar technologies in accordance with the Privacy and Electronic Communications Regulations 2003 (PECR).
Strictly Necessary Cookies
These cookies are essential for the Service to function and cannot be disabled:
| Cookie | Purpose | Duration |
|---|---|---|
| Session cookie | Maintains your authenticated session | Session (expires on browser close) |
| CSRF token | Prevents cross-site request forgery | Session |
Analytics Cookies (if applicable)
We may use analytics cookies to understand how the Service is used. These are only set with your consent.
You can manage your cookie preferences through your browser settings. Disabling strictly necessary cookies may prevent you from using the Service.
---
9. Children
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.
---
10. Changes to This Policy
We may update this Privacy Policy from time to time. The updated policy will be posted on the Service with a new "Last updated" date. For material changes, we will make reasonable efforts to notify you via email or through the Service.
---
11. Contact and Complaints
For questions or requests regarding your personal data, contact us at:
Data Controller: ConsoleRepair.ai
Email: contact@consolerepair.ai
Email: contact@consolerepair.ai
You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been infringed:
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: https://ico.org.uk
Telephone: 0303 123 1113