Privacy Policy

Effective date: April 3, 2026

GETCARTEL is an anonymous communication service between drivers and people around their vehicles via QR codes. This privacy policy describes what data we collect, how we use it, who we share it with, and what rights you have regarding your personal information.

Data we collect

We only collect data necessary for the service to function:

  • Phone number — Required for registration and authentication via a one-time OTP code.
  • Name — Optional. You provide it in your profile so other participants can identify you.
  • Vehicle data — Make, model, color, and license plate number — required for generating QR codes.
  • Chat messages — Text content of conversations between drivers and people who scan the QR code.
  • Push notification token — A technical device identifier used to deliver push notifications.
  • Payment data — Subscription plan, amount, and transaction identifiers from Apple App Store and Google Play. Subscription payments are processed natively by Apple and Google through their stores.
  • Language preference — The selected interface language (Romanian, Russian, or English).
  • Technical security metadata — For anonymous QR conversations, we may store conversation-level technical identifiers and network context, including IP address, proxy chain, user agent, UI language, time zone, and a first-party browser identifier, to prevent abuse, investigate incidents, and comply with legal obligations.

Anonymous users

People who scan the QR code and write to the driver do not need to register and generally are not required to provide directly identifying personal data. Each anonymous user is assigned a random technical identifier, and for QR conversations we also store limited conversation-level technical metadata for security, abuse prevention, and incident investigation purposes. Optionally, the anonymous user may provide a name, but this is not required.

How we use your data

  • Providing the service: authentication, vehicle management, message delivery.
  • Sending push notifications about new messages and events.
  • Processing payments and managing subscriptions.
  • Ensuring security, preventing abuse, investigating incidents, and complying with legal obligations.
  • Improving service quality and fixing errors.

Data sharing with third parties

We share your data only with service providers necessary for the application to function:

  • SMS provider — Phone number — for delivering authentication OTP codes.
  • Expo (Push Notifications) — Push notification token and notification content — for delivering messages to your device.
  • Apple App Store / Google Play — Subscription transaction identifiers and purchase state — for validating and managing native subscriptions.
  • Sentry (Error monitoring) — Technical error reports without personal data — for detecting and fixing issues.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

Data retention

We retain your data for as long as your account is active. When you delete your account, account data is removed under our deletion flows. For anonymous QR conversations, highly sensitive raw technical identifiers such as raw IP and raw user agent are kept for a limited period and then anonymized; derived correlation fields may be retained longer when needed for security and incident investigation. Authentication tokens expire automatically and are deleted upon expiration.

Data security

We use standard technical measures to protect data: data transmission over HTTPS, JWT-based authentication, hashing of refresh tokens, encryption of selected sensitive technical identifiers, redaction of raw identifiers from logs, and server access control. However, no method of internet transmission can be guaranteed 100% secure.

Your rights

You have the following rights regarding your personal data:

  • The right to access personal data we hold about you.
  • The right to correct inaccurate or incomplete data.
  • The right to delete your account and all associated data.
  • The right to request a copy of your data.
  • The right to withdraw consent for data processing.

To exercise your rights, contact us at the address below.

Cookies

We use a single technical cookie (i18n_locale) to save your interface language preference. For anonymous QR conversations, we may also store a first-party technical browser identifier in localStorage for session continuity and abuse prevention. We do not use tracking, analytics, or advertising cookies.

Children

The service is not intended for persons under 16 years of age. We do not knowingly collect data from children. If we learn that data has been collected from a minor, we will delete it immediately.

Changes to this policy

We may update this policy periodically. The updated version will be published on this page with a new effective date. Continued use of the service after changes constitutes acceptance of the new version.

Applicable law

This privacy policy is governed by the laws of the Republic of Moldova. Any disputes shall be resolved in accordance with the applicable laws of the Republic of Moldova.

Contact

For any questions regarding data privacy, you can reach us at:

[email protected]