Legal

Privacy Policy

Last updated: 14 May 2026

1. Who we are

Virtual Garage Manager ("VGM") is operated in the Republic of Croatia. This policy explains how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Croatian law.

For data-related enquiries: hello@vgman.com

2. Data we collect

We collect the following categories of data:

  • Account data: name, email address, date of birth (optional)
  • Vehicle data: make, model, year, licence plate, VIN, mileage, fuel logs, service records, maintenance reminders
  • Provider data: business name, address, contact details, services offered
  • Booking data: booking requests, status, notes
  • Usage data: timestamps, session information (via Supabase Auth)
  • Founding Partner applications: name, garage name, city, phone, email

3. How we use your data

We use your data to:

  • Provide and operate the VGM platform
  • Send service reminders, booking notifications, and birthday greetings
  • Allow service providers to log service records for your vehicles
  • Process Founding Partner applications
  • Improve the platform based on usage patterns
  • Comply with legal obligations

We do not sell your data to third parties.

4. Legal basis for processing

We process your data on the following legal bases:

  • Contract: to provide the service you signed up for
  • Legitimate interests: platform security, fraud prevention, service improvement
  • Consent: optional features such as birthday greetings and marketing communications

5. Data storage and security

Your data is stored on Supabase infrastructure (PostgreSQL database hosted in the EU). We implement row-level security, encrypted connections (TLS), and access controls to protect your data. Emails are sent via Resend, a GDPR-compliant transactional email provider.

6. Data retention

We retain your data for as long as your account is active. If you delete your account, your personal data will be deleted within 30 days. Vehicle and service records may be retained in anonymised form for statistical purposes.

7. Your rights under GDPR

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your data ("right to be forgotten")
  • Restrict or object to processing
  • Portability — receive your data in a machine-readable format
  • Withdraw consent at any time for consent-based processing

To exercise any of these rights, email us at hello@vgman.com. We will respond within 30 days.

8. Cookies

VGM uses essential cookies only — specifically the session cookie required for authentication. We do not use tracking or advertising cookies.

9. Third-party services

We use the following third-party processors:

  • Supabase — database and authentication (EU hosting)
  • Vercel — application hosting
  • Resend — transactional email delivery
  • Anthropic Claude — OCR processing of receipt images (images are not stored)

10. Changes to this policy

We may update this policy from time to time. We will notify you of material changes by email. The date at the top of this page indicates when the policy was last updated.

11. Contact and complaints

For privacy questions or to exercise your rights, contact us at hello@vgman.com.

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP) at azop.hr.