Home Pricing Reviews FAQ
About Support
My account Check VIN
Legal information

Privacy Policy

Last updated: May 7, 2026. How we collect, use, and protect your data.

1 General principles

VinStatus respects every user's right to privacy. This Policy describes what information we collect when you use vinstatus.store, how we process it, and what measures we take to protect it.

We follow data-minimization principles: we collect only what is necessary to provide the service, do not request excessive information, and do not share it with third parties beyond what is necessary. Personal data is processed in accordance with applicable law, including the GDPR (for EU/EEA users) and similar rules in other jurisdictions.

By using the Service, you confirm that you have read this Policy and agree to the data-processing procedures described in it.

2 What data we collect

We collect the following categories of information:

Category What's included When collected
Contact data Email address At checkout
Query data VINs for which reports were generated When generating reports
Payment information Not stored on our servers. Processed directly by Stripe At payment
Account credentials Password hash (bcrypt), login history, session tokens At registration and login
Technical data IP address, browser type, operating system, referrer When visiting the site
Usage data Pages viewed, actions on the site, session duration When using the site

We do not collect passport, driver's-license, or similar document data. All information needed for a report is obtained from open sources using the 17-character VIN.

3 Purposes of processing

The collected data is used solely for the following purposes:

  • Providing the service — generating reports, sending them by email, maintaining the account;
  • Payment processing — correct execution of transactions via Stripe;
  • Communication — sending receipts, subscription notifications, and support replies;
  • Security — protection against fraud, unauthorized access, and abuse;
  • Service improvement — analysis of anonymized usage statistics;
  • Legal obligations — compliance with applicable law.

We do not use your data for marketing mailings without your separate consent and do not sell it to third parties.

4 Legal bases

Personal data is processed on the following bases (Art. 6 GDPR):

  • Performance of a contract — to provide the services paid for by the User;
  • Legitimate interests — to ensure security, prevent fraud, and improve the site;
  • Consent — for the use of optional cookies and any marketing communications;
  • Legal obligations — to meet tax, accounting, and other applicable legal requirements.

5 Sharing data with third parties

We engage a limited number of trusted contractors (data processors) who help us provide the service. Each works under a contract requiring confidentiality and compliance with applicable data-protection requirements.

Processor Purpose What data
Stripe Payment processing Email, card data (directly via Stripe)
SMTP provider Email delivery Email, message contents
Hosting provider Hosting the server infrastructure All site data (encrypted)
Data suppliers Obtaining VIN information (NHTSA, MarketCheck, etc.) VIN only, without the user's personal data
Google Analytics Visit analytics (anonymized) Technical data, on-site behavior

Data is disclosed to government authorities only upon a lawful request (court order, official directive).

6 Storage and deletion

Data retention periods:

  • Accounts — until deletion at the User's request or after 24 months of inactivity;
  • Generated reports — 30 days from creation, then deleted automatically;
  • Payment transactions — 7 years (accounting requirement);
  • Logs and technical data — up to 12 months;
  • Email correspondence with support — up to 24 months.

After the retention periods expire, data is deleted or anonymized. You can request deletion of your account and associated data at any time by writing to info@vinstatus.store.

7 Data security

We apply technical and organizational measures to protect your data:

  • Data-transfer encryption via TLS 1.3 (256-bit);
  • Password hashing with the bcrypt algorithm and an individual salt;
  • Payments are processed by a PCI DSS Level 1 provider (Stripe) — card data does not reach our servers;
  • Access to the server infrastructure is limited to a small group of staff with two-factor authentication;
  • Regular backups and security monitoring;
  • Access-rights restriction (least-privilege principle) for all internal systems.

Despite all measures, no system can be 100% secure. In the event of an incident that could affect your rights and freedoms, we will notify you and the competent authorities within the legally required timeframes.

8 Your rights

Under the GDPR and similar rules, you have the following rights:

  • Right of access — to receive a copy of the data we hold about you;
  • Right to rectification — to request correction of inaccurate data;
  • Right to erasure ("right to be forgotten") — to request deletion of your data;
  • Right to restriction of processing — to request suspension of processing in certain cases;
  • Right to data portability — to receive your data in a machine-readable format;
  • Right to object — to express disagreement with the processing of your data;
  • Right to withdraw consent — at any time, without giving reasons;
  • Right to lodge a complaint with the competent data-protection supervisory authority.

To exercise any of these rights, write to info@vinstatus.store. We'll reply within 30 days. The service is free.

9 Cookies and analytics

The site uses cookies for basic operation (sessions, payment cart) and for visit analytics. A detailed description of the cookies used is on the Cookie Policy page.

On your first visit, you can accept or decline optional cookies via the cookie banner. You can change your preferences at any time.

10 Children

The Service is not intended for persons under 16. We do not knowingly collect children's personal data. If you are a parent or guardian and learn that your child has provided us with their data, contact us and we will delete it.

11 Policy changes

We may update this Policy periodically. The current version is always available on this page — the last-updated date is shown at the top of the document.

We will notify you of material changes affecting users' rights by email or via an account notification at least 14 days before they take effect.

12 Contacts

For any questions regarding the processing of your personal data, contact:

Operator contact details
Email: info@vinstatus.store
Service: VinStatus
Website: vinstatus.store
Response time: up to 30 days
For EU/EEA users: you have the right to lodge a complaint with the data-protection supervisory authority in your country of residence, work, or the alleged infringement. List of authorities: edpb.europa.eu.