Privacy Policy.

This Privacy Policy explains how Opaius collects, uses, discloses, and protects information when you use Opaius, Louro, Opie, our websites, web applications, mobile applications, beta programs, communications, APIs, and related services. We refer to these collectively as the Services.

Louro is designed to help people and organizations understand, maintain, and preserve information about vehicles, equipment, repairs, records, diagnostics, ownership, and operations. Because that information can be personal, operational, or commercially sensitive, this policy is written to explain the actual categories of information our products may process.

If you use the Services through an organization, shop, fleet, workspace, freight account, employer, or other entity, that organization may control certain information and settings. Its own privacy practices may also apply.

We collect information you provide directly, including your name, email address, phone number, profile details, username or handle, avatar, job title, organization information, support messages, beta requests, career applications, and other information you submit through forms or account flows.

You may provide vehicle and equipment information such as VIN, year, make, model, trim, mileage, unit numbers, registration details, insurance details, service records, maintenance reminders, repairs, modifications, inspections, road trips, notes, documents, photos, videos, audio clips, scan results, recalls, complaints, fault codes, and operational history.

You may provide social and public profile information, including profile photos, profile card backgrounds, bios, follows, follower relationships, badges, achievements, leaderboards, garage activity, comments, messages, shared records, and public or semi-public profile settings.

You may provide organization and workspace information, including organization names, members, roles, locations, customers, vendors, suppliers, jobs, appointments, invoices, freight assets, drivers, loads, documents, time records, geofence information, work records, and operational notes.

When you use the Services, we may collect technical and usage information such as IP address, device type, operating system, browser type, app version, pages or screens viewed, referring URLs, timestamps, session information, feature usage, crash reports, performance logs, error logs, diagnostics, and security events.

We use cookies, local storage, and similar technologies for authentication, session management, theme preferences, locale preferences, security, product functionality, consent choices, and analytics where enabled. We do not use advertising cookies on the Opaius marketing site.

The Louro web app may use Vercel Analytics and similar operational tooling to understand aggregate product usage and performance. Error reports may be sent to logging systems or Sentry so we can diagnose failures and improve reliability.

The Louro iOS app may request camera access to scan QR codes, capture vehicle photos, capture damage photos, or attach images to Opie conversations. It may request photo library access when you choose to upload images.

The app may request microphone access when you dictate a message, talk to Opie, record a vehicle sound, or use sound diagnosis. Speech recognition may be used to convert dictated speech into text.

The app may request Bluetooth access to find and connect to supported OBD-II adapters and read diagnostic trouble codes or live vehicle telemetry.

The app may request location access when you ask for nearby shops, dealers, parts stores, or car washes, or when workspace features need to verify that you are at an approved work site for time or geofence workflows.

The app may request notification permission so Louro or Opie can send service messages, updates, replies, reminders, or other alerts. You can manage mobile permissions through your device settings.

Guest Mode allows some users to talk to Opie or use limited tools before creating an account. Guest Mode is designed to be limited. Some guest conversations may exist only in the app session unless you create an account and successfully import them.

Guest Mode may store limited counters or preferences on your device, such as message counts, daily diagnostic tool counts, attachment counts, appearance settings, or similar limits. This helps enforce guest limits and maintain the experience without requiring an account.

If you create an account from Guest Mode, the app may import your guest conversation into your account so you can continue from the same context.

The Services may process vehicle identifiers, VINs, mileage, service history, OBD-II codes, live OBD-II readings, odometer readings, adapter connection logs, sound recordings, diagnostic results, camera captures, damage assessment outputs, recall lookups, NHTSA results, reminders, and related notes.

OBD-II adapters and vehicle systems may expose diagnostic trouble codes, live readings, protocol information, adapter details, and other technical data. The specific data available depends on your vehicle, adapter, device, permissions, and feature use.

Recall, complaint, safety, vehicle catalog, VIN decode, and similar information may be queried through public or third-party sources such as NHTSA. Some queries may include vehicle attributes such as year, make, model, and sometimes VIN, depending on the feature.

Diagnostic and safety-related features are informational. We use this data to provide product functionality, but you remain responsible for verifying information with authoritative sources, qualified mechanics, manufacturers, dealers, insurers, and regulators.

When you use Opie or other AI features, we may process your prompts, messages, attachments, vehicle context, account context, organization context, diagnostic information, audio clips, transcripts, images, files, AI outputs, feedback, model choices, and related usage metadata.

AI features may use third-party AI providers, including Google Gemini, OpenAI, Groq, Anthropic, Fireworks, or other providers we add in the future. The information needed to generate a response, transcription, classification, summary, or recommendation may be sent to those providers.

Voice transcription may send audio data to an AI transcription provider. Sound diagnosis and damage assessment may process audio, photos, or model outputs on-device, through our servers, or through third-party infrastructure depending on the feature and implementation.

We may use AI interaction data to operate, secure, debug, evaluate, and improve the Services. We do not want you to submit passwords, payment card numbers, government identifiers, protected health information, trade secrets, or other highly sensitive information to AI features unless a feature clearly requires it and you understand the risk.

AI outputs can be inaccurate. Human review, verification, and professional judgment remain important, especially for safety, mechanical, insurance, legal, employment, operational, or compliance decisions.

If you purchase a subscription, start a trial, buy AI credits, enable overage billing, or use paid features, we and our payment processors may collect billing information, plan information, invoices, payment status, renewal status, usage limits, overage settings, tax information, and payment metadata.

Payment card information is processed by third-party payment providers such as Stripe. We do not store full payment card numbers on our servers.

Organization owners and admins may be able to view billing status, subscription plan, usage, invoices, limits, overage settings, and related account information for their organization.

We use information to provide, operate, secure, maintain, personalize, and improve the Services; create and manage accounts; authenticate users; process payments; provide customer support; send transactional messages; deliver product updates; enforce limits; process diagnostics; provide AI features; enable social and organization features; and troubleshoot bugs or outages.

We may use information to protect users, vehicles, organizations, and the Services from fraud, abuse, security threats, policy violations, unauthorized access, spam, and misuse.

We may use aggregated or de-identified information to understand trends, improve features, research product performance, train internal evaluation workflows, and develop new products. We do not use de-identified data to identify you.

We do not sell your personal information. We may share information with service providers that help us operate the Services, including hosting, database, storage, authentication, payments, email, analytics, error monitoring, AI processing, transcription, push notifications, maps, public data lookups, support, and security providers.

Current or recent service providers and infrastructure may include Supabase, WorkOS, Stripe, Resend, Vercel, Sentry, Apple services, Google Gemini, OpenAI, Groq, Anthropic, Fireworks, NHTSA public APIs, Mapbox, and similar vendors or successors.

We may share information with organization owners, admins, members, invited collaborators, customers, suppliers, contractors, or other users when you use organization, workspace, public profile, shared record, messaging, social, job, proof, QR, or collaboration features.

We may disclose information if required by law, subpoena, court order, regulator, legal process, safety concern, security investigation, rights enforcement, fraud prevention, or to protect Opaius, users, the public, or third parties.

If Opaius is involved in a merger, acquisition, financing, reorganization, bankruptcy, asset sale, or similar transaction, information may be transferred as part of that transaction, subject to appropriate protections.

Some features are public or semi-public by design. This may include handles, display names, avatars, bios, profile cards, public garage information, public ledger views, achievements, badges, follows, follower counts, leaderboards, organization profiles, shared vehicle records, QR-accessible records, comments, messages, and other content you choose to share.

Visibility settings may not remove information already copied, cached, indexed, screenshotted, exported, or shared by others. Be careful before making vehicle, identity, location, repair, or operational information public.

When you participate in an organization or workspace, authorized users in that organization may see content and activity associated with that workspace, even if your personal profile is private.

We use essential cookies and similar technologies for login, authentication, fraud prevention, security, routing, preferences, localization, and product functionality.

We may use analytics technologies to understand how the Services are used and performing. Where a consent banner or setting is available, you can choose your cookie preferences. Browser settings may also let you block or delete cookies, but some Services may not work correctly without essential cookies.

We do not use cookies to sell your personal information or to serve third-party behavioral advertising on the Opaius marketing site.

We keep information for as long as needed to provide the Services, maintain accounts, support products, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud, preserve security, maintain business records, and support legitimate operational needs.

Retention periods vary by data type. Account and product data may be kept while your account is active. Billing and transaction records may be kept as required for tax, accounting, audit, and legal purposes. Security, diagnostic, and error logs may be kept for a limited period unless needed for investigation or compliance.

Guest Mode conversations may be session-based unless imported into an account, but some guest counters or limits may persist locally on your device.

Backups and disaster recovery copies may retain information for a limited time after deletion from active systems.

You may request account deletion or deactivation where available. Deactivation may disable access and hide your profile. Deletion may anonymize personal profile information, remove organization memberships, clear certain account data, delete or detach selected records, and sign you out.

Some information may be retained or preserved after deletion where necessary for billing, taxes, legal compliance, security, fraud prevention, dispute resolution, backups, audit logs, organization continuity, public record integrity, vehicle record history, ledger integrity, or other legitimate purposes.

Before requesting deletion, export or save information you need. Deleted or anonymized information may not be recoverable.

We use administrative, technical, and organizational safeguards designed to protect information, including access controls, encrypted transmission, authentication controls, storage protections, logging, and least-privilege practices where appropriate.

No system is perfectly secure. You are responsible for keeping your credentials safe, using secure devices, controlling organization access, and promptly telling us if you suspect unauthorized access.

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, contact us so we can take appropriate action.

Some AI or community features may require additional age-related controls or restrictions. We may limit access to those features based on age, account settings, law, or safety requirements.

Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal information. You may also have rights to appeal certain decisions or lodge a complaint with a regulator.

California residents may have rights under the California Consumer Privacy Act, including rights to know, delete, correct, opt out of sale or sharing, limit certain sensitive personal information use, and be free from discrimination for exercising privacy rights, subject to legal exceptions. We do not sell personal information.

You can manage some information directly in the Services, including profile information, privacy settings, organization settings, notification settings, mobile permissions, and billing settings. You can also contact us to make a privacy request.

Opaius is based in the United States. If you use the Services from outside the United States, your information may be processed in the United States and other countries where we or our providers operate.

Data protection laws in those countries may differ from the laws where you live. Where required, we use appropriate safeguards for cross-border transfers.

We may update this Privacy Policy from time to time. When we do, we will update the Last updated date. If changes are material, we may notify you by email, in-app notice, website notice, or another appropriate method.

Your continued use of the Services after the updated policy takes effect means you acknowledge the updated policy.

For privacy questions or requests, contact us at privacy@opaius.com or support@opaius.com.

For account, billing, deletion, or administrative requests, you may also contact admin@opaius.com.