Privacy Policy
Last updated: 2026-06-20
This Privacy Policy explains what personal data CarVinVin processes when you use this website, why, and the rights you have. We keep data collection to a minimum: there are no user accounts and no advertising or cross-site tracking cookies.
Who is responsible
The controller for the data described here is ShpatikStudio SRL, a company registered in Moldova. For any question about your data or this policy, contact us at shpatik.studio.srl@gmail.com.
What data we process
We process: (1) basic technical and usage data your browser sends automatically (such as your IP address, approximate country, device and browser type, and the pages you visit), collected through privacy-friendly analytics; and (2) any Vehicle Identification Number (VIN) you choose to enter to run a check. The core service is free and needs no account, and we do not ask for your name or payment details. If you choose to join the launch waitlist, we additionally process the email address you provide — see the “Launch waitlist (email)” section below.
Launch waitlist (email)
If you choose to join our launch waitlist, we store the email address you enter so we can send you a notification when the paid vehicle-history report becomes available. We process it on the basis of your consent (Art. 6(1)(a) GDPR), which you give by ticking the box on the form. You can withdraw consent at any time using the unsubscribe link in our email or by contacting us at shpatik.studio.srl@gmail.com, after which we delete your address. Your email is stored and the message is sent by our email provider Brevo (Sendinblue SAS, France), acting as our processor within the EU. We use it only for this launch notification and never sell or share it for advertising.
Analytics
We use Vercel Web Analytics to understand aggregate traffic. It is cookieless, sets no persistent identifier, and does not track you across other websites. It processes your IP address transiently to derive coarse, anonymous statistics; we do not use it to identify you. For this reason no cookie-consent banner is shown.
VIN lookups
When you enter a VIN, we send it to the public NHTSA vPIC service (operated by the United States government) to decode the vehicle, and we may query NHTSA records for safety recalls. We do this only to provide the result you requested. A VIN can, in some cases, relate to an identifiable person, so we treat it as personal data and never store it alongside your identity.
Legal basis
We rely on our legitimate interest (Art. 6(1)(f) GDPR) in operating and securing the website and understanding aggregate usage, and on the necessity of processing your VIN to perform the lookup you asked for (Art. 6(1)(b)/(f)). Sending your VIN to a service outside the EU is necessary to deliver that requested lookup (Art. 49(1)(b)).
International transfers
Some processors are located outside the European Economic Area, including in the United States: our hosting and analytics provider (Vercel Inc.) and the NHTSA vPIC service your VIN is sent to. Such transfers happen only as needed to run the site and deliver your requested result.
How long we keep data
We do not keep a personal profile of you. Analytics data is retained only in aggregate. VINs you enter are processed to return your result and are not stored in a way that links them to you.
Your rights
Under the GDPR you have the right to access, rectify, erase and restrict processing of your personal data, to object to processing, and to data portability. To exercise any right, email us at shpatik.studio.srl@gmail.com. You also have the right to lodge a complaint with a data protection supervisory authority in your country.
Changes to this policy
We may update this policy as the service evolves — for example when the paid vehicle-history report launches. The date below shows when it was last changed.
Contact
Questions about your data or this policy? Email shpatik.studio.srl@gmail.com.
This notice is provided in good faith for transparency. It is not legal advice.