Cookie and Similar Technologies Policy — GaragePilot

Official publication: GaragePilot.io/legal

This Policy should be read together with the Terms of Use and the Privacy Policy, available at GaragePilot.io/legal.

GaragePilot is operated by Gadsden Tecnologia LTDA., CNPJ 48.706.913/0001-54, headquartered in São José/SC, Brazil.

Legal representative: Ian Storni (CEO)

Contact (technical support, billing, and data): Ian Storni — suport@gadsden.cc

"Cookies" are small text files stored in your browser. "Similar technologies" include, for example:

• browser local storage (localStorage/sessionStorage),
• session tokens/identifiers,
• on mobile apps (iOS/Android), app local storage and technical identifiers necessary for authentication and operation.

In this Policy, the term "cookies" encompasses cookies and similar technologies where applicable.

This Policy applies to the use of GaragePilot on:

• Web application (in browsers);
• Mobile applications (Android and iOS), including scenarios with WebViews and app local storage.

GaragePilot uses a stack based on Bubble and third-party integrations. In the current setup, without changes to the app/code/stack:

• we use essential cookies/storage for authentication, security, and operation;
• we do not necessarily offer an internal preference panel with granular cookie control (control may depend on browser/system settings and third-party screens);
• some cookies/storage may be set by third parties when their components are used in the flow (e.g., payment).

If you block essential cookies/storage, parts of GaragePilot may not function (e.g., login, sessions, and authenticated areas).

5.1. Strictly Necessary (Required)

Used for authentication, session integrity, security, and basic service operation.

Typical examples (web/Bubble):

• session identifiers;
• session signatures;
• logged-in user identifier.

Note: exact naming and duration may vary by platform updates, browser, and app configuration.

5.2. Security and Fraud Prevention (Required When Applicable)

Used to reduce fraud and abuse, especially in sensitive flows (e.g., payments).

5.3. Payments (Required When Applicable)

When you make payments on the web via Stripe (and potentially methods like Google Pay or Apple Pay on web), providers may use cookies and similar technologies to:

• process transactions,
• authenticate the browser/device,
• fraud prevention and operational security.

For purchases made through the App Store (Apple) or Google Play Store (Google), billing and part of the technical control is operated by the stores themselves; GaragePilot may receive technical confirmations (e.g., subscription/entitlement status) and use entitlement/billing providers (e.g., RevenueCat).

5.4. Marketing Attribution (Optional)

Cookies/storage used to measure marketing campaign acquisition, such as:

• recording origin (e.g., campaign/ad),
• counting conversions,
• reducing attribution fraud.

These cookies are optional and, where applicable, you can limit or prevent their use through browser/device settings (see Section 10).

5.5. Partnership and Referral Attribution (Required for the Partner Program)

To sustain commercial relationships with partners (e.g., commissions, attribution, and referral validation), GaragePilot uses partnership/referral attribution mechanisms.

How this works in practice:

• when you access GaragePilot through a partner link and/or use a referral code, we may record that origin via cookie/similar storage;
• this is required for the partnership/referral program to function, including accounting, auditing, and settlement of partner relationships.

If you block this storage, GaragePilot may continue to function, but referral program benefits/attributions (e.g., partner credit or linked conditions) may not apply.

The stack used may involve resources that depend on third parties. In these cases:

• third-party components/services may set their own cookies/storage;
• control may depend on browser/device settings and the third party's policies.

Important: the Bubble platform notes that it does not provide granular control over cookies set by third-party plugins/elements within the app.

The Platform may integrate third-party services to operate, host, deliver content, process payments, perform vehicle lookups, and support AI features.

Vendors currently used and/or planned (examples): Bubble, AWS, NHTSA, NMVTIS, Stripe, RevenueCat, Google Pay, Apple Pay, Vercel, imgix, GitHub, OpenAI, Anthropic, Google Cloud, Google Play Store, Google AI Studio, BigDataCorp, Apple App Store, Apple.

7.1. Who Typically Sets Cookies on Your Device (Web)

• Bubble (session/authentication and integrity)
• Stripe and related payment providers (when you use checkout/payment)
• Attribution tools (when enabled), including campaign tools (optional) and referral/partnership tools (required for the program)

7.2. Who Typically Does Not Set Cookies on Your Device (Predominantly Server-Side)

Some vendors may be used primarily on the back-end (e.g., API queries and processing), without needing to set cookies in your browser, such as:

• SERPRO, FIPE, BigDataCorp (data queries, where applicable)
• OpenAI, Anthropic, Google AI Studio/Google Cloud (AI processing, where applicable)

Still, the presence of cookies may vary depending on the flow and integration method.

This Policy is structured to meet as many as possible of the transparency and governance requirements in the current landscape, considering in particular:

• Brazil (LGPD): transparency, purpose, necessity, and applicable legal bases;
• European Union/EEA and United Kingdom (GDPR + cookie/ePrivacy rules): distinction between "strictly necessary" and "non-essential"; consent for non-essential cookies;
• United States: transparency and, where applicable, opt-out mechanisms for certain forms of sharing (CCPA/CPRA, state privacy laws);
• Canada: transparency and meaningful consent, especially for tracking/ads (PIPEDA);
• Australia: transparency under the Privacy Act and APPs;
• East Asia: applicable data protection frameworks (e.g., Japan APPI, South Korea PIPA) where relevant;
• Latin America: principles of clear information, purpose, minimization, and data subject control.

Key point: strictly necessary cookies/storage and those necessary for the partnership/referral program when you use it are treated as necessary for delivering requested features. Optional cookies (campaigns) remain optional.

Cookies may be:

• session cookies (expire when you close the browser), or
• persistent cookies (expire after a period defined by the system/provider).

The exact duration may vary by browser, system, integrations, and updates.

Since the current setup may not offer a granular internal panel, you can control cookies/storage via:

• Browser settings (block cookies, clear site data, use private browsing);
• Device settings (permissions, identifier reset when available, app data clearing);
• Store-specific controls (iOS/Android) and operating system settings, where applicable.

Notice: Blocking essential cookies may prevent login and authenticated area functionality. Blocking referral/partnership cookies may prevent referral attribution from being recorded.

We may update this Policy to reflect product changes, integrations, and regulatory requirements. The current version will always be at GaragePilot.io/legal.

Questions and requests related to cookies and privacy: suport@gadsden.cc (Ian Storni)