Privacy Policy

This Privacy Policy applies to all personal information collected by GearSwap AI (“we”, “us”, “our”) through our website at gearswap.ai, our platform, and any related services including the GearSwap Marketplace, Vendor Platform, and Auction Intelligence products.

By using our platform, you consent to the collection, use, and disclosure of your personal information in accordance with this policy. If you do not agree, please do not use our services.

We may update this policy from time to time. Material changes will be notified via email or in-platform notification. Continued use of the platform after notification constitutes acceptance of the updated policy.

2.1 Information you provide directly:

• Account registration details: name, email address, username, password
• Business information: business name, ABN, business address, contact details
• Identity verification documents: government-issued ID, business registration details (for seller verification tiers)
• Vehicle data: VIN numbers, vehicle specifications, purchase details, damage assessments
• Parts inventory data: part descriptions, photos, pricing, condition grades, fitment data, stock locations
• Transaction data: purchase and sale records, invoices, quotes, payment details
• Communications: messages sent through the platform, support enquiries, broadcast content
• Profile information: avatar, preferences, notification settings

2.2 Information collected automatically:

• Device and browser information: IP address, browser type, operating system, device identifiers
• Usage data: pages visited, features used, timestamps, session duration, click patterns
• Location data: approximate location derived from IP address (we do not collect precise GPS location)
• Cookies and similar technologies: session cookies (essential for platform operation), Google Analytics tracking (GA4)

2.3 Information from third parties:

• Google OAuth: if you sign in with Google, we receive your Google account email, name, and profile picture
• Stripe: payment processing data for Marketplace transactions (Stripe acts as our payment processor — we do not store full credit card numbers)
• Auction platforms: publicly available vehicle listing data from Pickles, IAAI, and Manheim (scraped for the Auction Intelligence product)
• VIN decoding services: vehicle specification data from third-party VIN APIs

3.1 To provide and operate our services:

• Creating and managing your user account
• Processing Marketplace transactions including payments via Stripe Connect
• Operating the Vendor Platform (inventory management, POS, quotes, invoicing)
• Providing Auction Intelligence assessments and reports
• Facilitating buyer-seller communication
• Sending transactional emails (order confirmations, shipping updates, receipts)

3.2 To improve our platform:

• Analysing usage patterns to improve features and user experience
• Training and improving AI models used for damage assessment and listing optimisation (vehicle and parts data only — not personal information)
• Developing new features based on aggregated, anonymised usage data
• Monitoring platform performance, uptime, and security

3.3 To communicate with you:

• Sending service-related notifications (account updates, security alerts, system changes)
• Responding to support enquiries
• Sending product updates and feature announcements (you can opt out at any time)
• CSAT surveys and review requests (via the Comms module, only for vendor customers)

3.4 To protect our platform and users:

• Detecting and preventing fraud, abuse, and security threats
• Verifying seller identities and business credentials
• Investigating disputes between buyers and sellers
• Complying with legal obligations and law enforcement requests

3.5 For analytics:

• Google Analytics (GA4) for website and platform usage analytics
• Aggregated, anonymised reporting on marketplace activity, pricing trends, and platform metrics

Under the Australian Privacy Principles, we process your personal information on the following bases:

• Consent: You have consented to the collection and use when creating an account and agreeing to these terms
• Contractual necessity: Processing is necessary to provide the services you have subscribed to
• Legitimate interest: Improving our platform, preventing fraud, and ensuring security
• Legal obligation: Compliance with Australian law, including tax reporting, consumer protection, and law enforcement cooperation

5.1 With other platform users:

• Seller information (store name, business details, verification tier, reviews) is visible to buyers on the Marketplace
• Buyer information (name, shipping address) is shared with sellers to fulfil orders
• Messages between buyers and sellers are visible to both parties and to GearSwap for dispute resolution

5.2 With service providers:

• Stripe: Payment processing for Marketplace transactions (Stripe’s privacy policy applies to payment data)
• Resend: Email delivery service (for transactional emails and notifications)
• Google: OAuth authentication and Analytics (GA4)
• OpenAI: AI damage assessments and listing optimisation (vehicle and parts data only — we do not send personal information to OpenAI)
• VIN decoding APIs: Vehicle specification lookups
• Shipping providers: AusPost, Sendle, Interparcel, Aramex (shipping address and order details for label generation)

5.3 With law enforcement and regulators:

• We may disclose personal information if required by law, court order, or regulatory request
• We may disclose information to assist law enforcement in investigating stolen vehicles or parts (in accordance with our obligations under state and territory law)

5.4 We do NOT:

• Sell your personal information to third parties
• Share your personal information with advertisers
• Use your personal information for purposes unrelated to providing our services without your explicit consent

6.1 Storage location:

Your data is stored on secure cloud infrastructure. Our primary database is hosted via Replit’s infrastructure (data centres in the United States). By using our platform, you consent to the transfer of your data to the United States for storage and processing.

6.2 Security measures:

• Encrypted data transmission (HTTPS/TLS)
• Hashed password storage (passwords are never stored in plain text)
• Two-factor authentication (2FA) available for all accounts
• Role-based access control limiting data access to authorised personnel
• Regular security monitoring and access logging
• Admin impersonation logging for full audit trail

6.3 Data retention:

• Account data is retained for as long as your account is active
• Transaction records are retained for 7 years in accordance with Australian tax law requirements
• AI assessment reports are retained for as long as your account is active
• Deleted account data is removed within 30 days, except where retention is required by law
• Anonymised, aggregated data may be retained indefinitely for analytics and platform improvement

You have the right to:

• 7.1 Access: Request a copy of the personal information we hold about you
• 7.2 Correction: Request correction of any inaccurate, incomplete, or out-of-date personal information
• 7.3 Deletion: Request deletion of your personal information (subject to our legal retention obligations)
• 7.4 Complaint: Lodge a complaint if you believe we have breached the Australian Privacy Principles
• 7.5 Opt-out: Unsubscribe from marketing communications at any time (transactional emails related to your account and orders cannot be opted out of)
• 7.6 Data portability: Request an export of your data in a commonly used format

To exercise any of these rights, contact us at privacy@gearswap.ai. We will respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

8.1 Essential cookies:

• Session cookies required for platform operation (login persistence, CSRF protection, theme preference)
• These cannot be disabled as they are necessary for the platform to function

8.2 Analytics cookies:

• Google Analytics (GA4) — tracking ID: G-D8R6851HV7
• Used to understand how users interact with our platform, which features are most used, and where we can improve
• Google Analytics data is anonymised and aggregated
• You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on

8.3 We do NOT use:

• Advertising or retargeting cookies
• Third-party tracking pixels
• Social media tracking cookies

9.1 How we use AI:

• AI damage assessment analyses vehicle photos to provide damage reports, repair cost estimates, and parts value projections
• AI listing optimisation generates suggested titles and descriptions for eBay and Marketplace listings
• AI pricing suggestions are based on market data and comparable sales
• The Turbo AI Assistant answers business questions using your yard data

9.2 Important notes:

• AI assessments are provided as decision-support tools only — they do not constitute professional valuations, mechanical inspections, or financial advice
• AI outputs should be verified by qualified professionals before making purchasing or business decisions
• We do not use AI for automated decision-making that has legal or similarly significant effects on individuals (e.g., we do not use AI to automatically approve or deny accounts)

GearSwap AI is a business-to-business platform not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a person under 18, we will delete it promptly.

In the event of a data breach that is likely to result in serious harm to any individual whose personal information is involved, we will:

• Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable
• Notify affected individuals as soon as practicable
• Take reasonable steps to contain the breach and mitigate any resulting harm

Your data may be transferred to and processed in countries outside Australia, including the United States (cloud hosting) and any country where our service providers operate. We take reasonable steps to ensure that overseas recipients handle your personal information in accordance with the Australian Privacy Principles.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by:

• Posting a notice on our platform
• Sending an email to the address associated with your account

The “Last Updated” date at the top of this policy indicates when it was most recently revised. Continued use of the platform after notification of changes constitutes acceptance.

If you have any questions about this Privacy Policy, wish to exercise your rights, or want to make a complaint: