Loading car
0%
Portals
Client portal Garage portal
Quick links
Post a request Secure booking

Privacy Policy

Last updated: March 22, 2026

1. Introduction

CarGar ("we", "us", or "our"), based in Dubai, United Arab Emirates, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website at cargar.me and our mobile applications (the "Service").

By using the Service, you consent to the data practices described in this policy. This policy complies with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) and other applicable data protection regulations.

2. Data Controller

CarGar is the data controller for the personal data processed through the Service. For any questions regarding this policy, contact us at office@cargar.me.

3. Data We Collect

3.1 Information You Provide

Data CategoryExamplesPurpose
Account InformationName, email address, phone number, passwordAccount creation and authentication
Profile DataAddress, date of birth, preferred languageService personalization and delivery
Vehicle InformationBrand, model, generation, engine type, mileageMatching you with appropriate service providers
Business Data (Garages)Trade license, TRN, company name, contact details, office locationsGarage verification and onboarding
Service RequestsProblem descriptions, photos, preferred scheduleFacilitating service quotes and appointments
CommunicationsMessages between Clients and Garages, support ticketsService delivery and dispute resolution
Payment DataTransaction amounts, payment statusPayment processing

3.2 Information Collected Automatically

  • Device Information: Device type, operating system, browser type, app version.
  • Location Data: Geographic coordinates (with your consent) for matching you with nearby Garages.
  • Usage Data: Pages visited, features used, timestamps, session duration.
  • IP Address: For security, fraud prevention, and rate limiting.
  • Cookies: Essential and functional cookies for session management and preferences. See Section 9.

3.3 Information from Third Parties

  • Stripe: Payment confirmation and transaction status (we do not store your full card details).
  • Vonage: SMS delivery status for phone verification.
  • DocuSign: Contract signing status for Garage onboarding.

4. How We Use Your Data

We process your personal data for the following purposes:

  • Service Delivery: Matching Clients with Garages, processing bookings, facilitating communication, and managing appointments.
  • Account Management: Creating and managing your account, verifying your identity via email and SMS.
  • Payment Processing: Processing payments securely via Stripe, generating invoices, managing Garage payouts.
  • Platform Improvement: Analyzing usage patterns to improve our Service, fix bugs, and develop new features.
  • Communication: Sending service-related notifications, appointment reminders, and important platform updates.
  • Security: Detecting and preventing fraud, abuse, and unauthorized access.
  • Legal Compliance: Complying with applicable laws, regulations, and legal processes.

5. Legal Basis for Processing

Under the UAE PDPL, we process your data based on:

  • Consent: When you create an account and agree to these terms.
  • Contractual Necessity: To perform the service agreement between you and CarGar.
  • Legitimate Interest: For platform security, fraud prevention, and service improvement.
  • Legal Obligation: To comply with UAE laws and regulations.

6. Data Sharing

We share your personal data only as necessary:

  • Between Clients and Garages: When a service request is submitted, relevant details (vehicle information, location, service description) are shared with matching Garages. Contact details are shared only after a booking is confirmed.
  • Payment Processors: Stripe processes all payments. They operate under their own privacy policy and PCI DSS compliance.
  • Service Providers: We use trusted third-party services:
    • Vonage (SMS verification)
    • DocuSign (electronic contract signing)
    • Firebase Cloud Messaging (push notifications)
    • SMTP email services (transactional emails)
  • Legal Requirements: When required by law, court order, or government authorities in the UAE.

We do not sell your personal data to third parties for marketing purposes.

7. Data Retention

  • Account Data: Retained for the duration of your account plus 2 years after deletion.
  • Transaction Records: Retained for 7 years as required by UAE commercial law.
  • Service Requests: Retained for 3 years after completion for reference and dispute resolution.
  • Messages: Retained for 2 years after the last message in a thread.
  • Verification Codes: Automatically deleted after 10 minutes (email/SMS codes).
  • Log Data: Retained for up to 12 months for security analysis.

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • HTTPS encryption for all data in transit.
  • Password hashing using bcrypt.
  • Verification codes are hashed and time-limited (10 minutes, max 5 attempts).
  • Rate limiting on sensitive endpoints to prevent brute-force attacks.
  • Session-based authentication with automatic expiration.
  • Access controls restricting data access to authorized personnel only.

9. Cookies

We use cookies and similar technologies:

  • Essential Cookies: Required for the platform to function (session management, authentication). Cannot be disabled.
  • Functional Cookies: Remember your preferences (language, theme settings).

We do not use advertising or tracking cookies. You can manage cookie preferences via the cookie settings button on our website.

10. Your Rights

Under the UAE PDPL, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right of Rectification: Request correction of inaccurate or incomplete data.
  • Right of Erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Right to Restrict Processing: Request that we limit how we use your data.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Withdraw Consent: Withdraw your consent at any time (this does not affect prior processing).

To exercise any of these rights, contact us at office@cargar.me. We will respond within 30 days.

11. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

12. International Data Transfers

Your data is primarily stored and processed in the UAE. Some of our third-party service providers (Stripe, Firebase, DocuSign) may process data outside the UAE. In such cases, we ensure appropriate safeguards are in place as required by the UAE PDPL.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or platform notification. The "Last updated" date at the top of this page indicates when the policy was last revised.

14. Contact Us

For privacy-related inquiries or to exercise your data rights: