Privacy Policy

At MMELEMENT (also referred to as "MME Car Intel," "we," "our," or "us"), we are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website mmecarintel.com and use our services. Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

1. Information We Collect

1.1 Information You Provide Directly

• Account information — name, email address, and password when you create an account.
• Vehicle Identification Numbers (VINs) — VINs you submit for decoding, deal analysis, or ownership cost prediction. VINs are used to retrieve vehicle specifications from government databases.
• Vehicle data — listing URLs, vehicle photos, make, model, year, mileage, asking price, and other car-related information you submit for analysis.
• Negotiation context — vehicle details and market data you provide when generating negotiation scripts.
• Chat conversations — messages you exchange with our AI Car Buying Assistant chatbot.
• Communications — messages you send us via the contact form or email.
• Community content — posts, comments, or tips you contribute to Community Wisdom.

1.2 Information Collected Automatically

• Usage analytics — pages visited, features used (Deal Analyzer, Red Flag Scanner, VIN Decoder, Negotiation Script Generator, etc.), time spent, clicks, and search queries within the Service.
• Device information — IP address, browser type and version, operating system, and device identifiers.
• Cookies and similar technologies — session cookies, persistent cookies, and local storage tokens used for authentication, theme preferences, and analytics.
• Log data — server logs including access times, referring URLs, and error reports.

1.3 Information from Third Parties

• Vehicle specification data from the National Highway Traffic Safety Administration (NHTSA) API, including recalls, complaints, safety ratings, and vehicle specifications decoded from VINs.
• Vehicle listing data from publicly accessible sources (e.g., Craigslist, Facebook Marketplace, Autotrader) when you submit a URL for analysis.
• Market pricing data from third-party automotive data providers.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the Service, including generating AI-powered vehicle reports, negotiation scripts, and chatbot responses.
• Decode VINs and retrieve vehicle specifications from NHTSA databases.
• Generate personalized negotiation playbooks based on vehicle data and market analysis.
• Power the AI Car Buying Assistant chatbot with contextual vehicle intelligence.
• Authenticate users and maintain account security.
• Personalize your experience (e.g., saved vehicles, garage history, theme preferences).
• Send transactional emails (e.g., account confirmation, password reset).
• Send product updates, newsletters, and promotional content — only with your consent.
• Analyze usage patterns to improve our AI models and product features.
• Detect, prevent, and address fraud, abuse, and security incidents.
• Comply with legal obligations and enforce our Terms of Service.

3. Third-Party Services and Data Sharing

We do not sell your personal information. The Service integrates with the following third-party services to provide its functionality:

• NHTSA API — VIN numbers you submit are sent to the National Highway Traffic Safety Administration's public API to retrieve vehicle specifications, recall data, safety ratings, complaints, and investigation records. NHTSA's privacy policy governs their handling of this data.
• OpenAI API — Vehicle data, chat messages, and analysis context are sent to OpenAI's API to power AI-generated deal analyses, negotiation scripts, red flag scanning, and chatbot responses. OpenAI processes this data according to their API data usage policy. We use the API tier which does not use customer data for model training.
• Service providers — trusted third-party vendors who assist us in operating the Service (e.g., cloud hosting, analytics, email delivery), bound by confidentiality agreements.
• Legal requirements — when required by law, subpoena, or other legal process, or to protect the rights, property, or safety of MMELEMENT, our users, or the public.
• Business transfers — in connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
• With your consent — in any other circumstances where you have given us explicit permission.

4. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience. You can control cookies through your browser settings; however, disabling certain cookies may affect the functionality of the Service. We use:

• Essential cookies — required for authentication and core functionality.
• Analytics cookies — help us understand how users interact with the Service and which features are most used.
• Preference cookies — store your settings such as dark/light theme preference and saved vehicle data in local storage.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specific retention periods include:

• Account data — retained until you request deletion.
• VIN decode results — cached for performance optimization and deleted after 90 days.
• Chat conversations — retained for the duration of your browser session; not permanently stored on our servers.
• Analysis reports — retained in your browser's local storage until you clear it or delete the data.
• Server logs — retained for up to 90 days for security and debugging purposes.

You may request deletion of your account and associated data at any time by contacting us at [email protected]. We may retain certain information as required by law or for legitimate business purposes (e.g., fraud prevention, dispute resolution).

6. Data Security

We implement industry-standard security measures including encryption in transit (TLS/HTTPS), access controls, and regular security reviews. API keys for third-party services (NHTSA, OpenAI) are stored securely on the server side and are never exposed to client-side code. However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.

7. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access — request a copy of the personal information we hold about you.
• Correction — request correction of inaccurate or incomplete data.
• Deletion — request deletion of your personal information ("right to be forgotten").
• Portability — request a machine-readable copy of your data.
• Opt-out of marketing — unsubscribe from marketing emails at any time via the link in any email or by contacting us.
• Do Not Sell — we do not sell personal information; no opt-out is required for this purpose.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

8. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately and we will take steps to delete such information.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

• The right to know what personal information we collect, use, disclose, and sell.
• The right to delete your personal information.
• The right to opt out of the sale or sharing of your personal information. As noted above, we do not sell personal information.
• The right to correct inaccurate personal information.
• The right to limit the use and disclosure of sensitive personal information.
• The right to non-discrimination for exercising your privacy rights.

To exercise your California privacy rights, contact us at [email protected].

10. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict processing, data portability, and object to processing. Our legal basis for processing your data includes: consent, performance of a contract, legitimate interests, and compliance with legal obligations. To exercise your GDPR rights or to lodge a complaint, contact us at [email protected].

11. International Data Transfers

MMELEMENT is operated from the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. By using the Service, you consent to such transfers. We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact our Privacy Team: