Privacy Policy

Last updated: 6 July 2026

1. Who we are

KickTyres is a New Zealand-based service. This policy explains how we collect, use, and protect your personal information under the Privacy Act 2020.

2. What we collect

  • Account details — email address and login credentials (passwords are hashed; we never see them).
  • Vehicle queries — number plates you look up and vehicle details returned by data providers.
  • Inspection data — your answers, notes, and photos from guided inspections.
  • Payment data — handled by Stripe. We store only a customer reference and transaction status, never card numbers.
  • Technical data — IP address and basic request logs, used for security and rate limiting.

3. How we use it

  • To provide the service: lookups, risk analysis, reports, and your inspection history.
  • Inspection photos are sent to our AI provider (Anthropic) solely to analyse them for your report. They are not used to train AI models.
  • To process payments and prevent fraud and abuse.
  • To contact you about your account or material changes to the service.

We do not sell your personal information.

4. Who we share it with

  • Supabase — database, authentication, and photo storage.
  • Stripe — payment processing.
  • Anthropic — AI analysis of inspection photos and findings.
  • Vehicle data providers — your plate query is sent to retrieve vehicle details.

Some providers store data outside New Zealand. We only use providers with safeguards comparable to the Privacy Act 2020.

5. Retention and deletion

We keep your account data while your account is active. You can request deletion of your account and associated inspection data at any time by emailing support@kicktyres.co.nz. We aim to complete deletion within 20 working days. Payment records are retained for 7 years as required by NZ tax law.

6. Your rights

Under the Privacy Act 2020 you may request access to, or correction of, the personal information we hold about you. Contact us at the address above. If you are not satisfied with our response, you may complain to the Office of the Privacy Commissioner (privacy.org.nz).

7. Security

Data is encrypted in transit, access to production systems is restricted, and database access is protected by row-level security so users can only access their own records.