Privacy Policy

Automoti ("we", "us", "our") operates the car search platform at automoti.co.uk. We are the data controller for personal data collected through the Service. For privacy-related queries, contact us at: Email: hello@automoti.co.uk We are committed to protecting your personal data and processing it in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We collect the following personal data when you use Automoti: Account & authentication data • Email address (collected when you sign in via magic link) • Full name and intended use case (collected optionally during sign-up) Usage data • Chat messages and car search queries you submit • Car preferences inferred from your conversations (budget, fuel type, body type, seats, etc.) • Pages visited and features used (via Vercel analytics) Listing data (if you submit a car for sale) • Vehicle details (make, model, year, mileage, price, description) • Contact details (name, email address, phone number) Technical data • IP address, browser type, and device information (collected automatically by our infrastructure) • Authentication session tokens (stored in secure, httpOnly cookies)

We use the data we collect to: • Provide the Service — process your search queries, generate AI recommendations, and display car listings • Improve AI recommendations — analyse anonymised search patterns to improve the accuracy of our recommendation engine • Manage your account — authenticate you, maintain your session, and let you view past searches • Process listing submissions — review and publish car listings submitted via the Sell page • Contact you regarding your listing — if you submit a car for sale, we may contact you at the email or phone number you provide • Comply with legal obligations — retain records as required by applicable law

We process your personal data on the following legal bases under UK GDPR: • Contract performance — processing necessary to provide the Service you have requested (e.g., running AI search, displaying recommendations) • Legitimate interests — improving the Service, preventing fraud, and ensuring security, where these interests are not overridden by your rights • Consent — where we have asked for and received your consent (e.g., signing up with your email to save searches) • Legal obligation — where processing is required to comply with applicable law You may withdraw consent at any time by contacting hello@automoti.co.uk or deleting your account.

We use the following third-party services to operate Automoti. Each acts as a data processor on our behalf under appropriate data processing agreements: Supabase (Supabase Inc.) • Purpose: Database, authentication, and storage • Data: Email addresses, session tokens, chat history, listing data • Privacy policy: supabase.com/privacy Vercel (Vercel Inc.) • Purpose: Hosting, serverless compute, and analytics • Data: IP addresses, request logs, page analytics • Privacy policy: vercel.com/legal/privacy-policy Anthropic (Anthropic PBC) • Purpose: AI model processing (Claude Haiku) • Data: Chat messages and car preference data sent to the API • Privacy policy: anthropic.com/privacy • Note: Anthropic processes messages to generate responses but does not use API data to train models. Resend (Resend Inc.) • Purpose: Transactional email delivery (magic links) • Data: Email addresses • Privacy policy: resend.com/legal/privacy-policy We do not sell your personal data to any third party.

We retain your personal data for as long as necessary to provide the Service and comply with legal obligations: • Account data (email, name): retained until you request deletion • Chat history and search queries: retained until you delete your account • Listing submissions: retained for 90 days after review, then deleted unless there is a legal requirement to retain them • Authentication session tokens: expire after 7 days of inactivity • Server logs: retained for up to 30 days You may request deletion of your data at any time by emailing hello@automoti.co.uk.

Under UK GDPR, you have the following rights regarding your personal data: • Right of access — request a copy of the personal data we hold about you • Right to rectification — request correction of inaccurate or incomplete data • Right to erasure — request deletion of your personal data ("right to be forgotten") • Right to restriction — request that we restrict processing of your data in certain circumstances • Right to data portability — receive your data in a structured, machine-readable format • Right to object — object to processing based on legitimate interests • Rights related to automated decision-making — we do not make solely automated decisions with legal or significant effects To exercise any of these rights, email hello@automoti.co.uk. We will respond within 30 days. We may need to verify your identity before processing your request.

Automoti uses a minimal set of cookies: Session cookies (strictly necessary) • Set by Supabase to maintain your authenticated session • These are httpOnly, secure cookies — they cannot be accessed by JavaScript • They expire after 7 days of inactivity • No consent required as these are strictly necessary for the Service to function We do not use advertising, tracking, or analytics cookies. We do not use third-party cookies. You can disable cookies in your browser settings, but this will prevent you from signing in and saving searches.

Some of our third-party service providers (Supabase, Vercel, Anthropic, Resend) are based in or operate infrastructure in the United States. Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, including reliance on UK adequacy decisions or standard contractual clauses (SCCs) approved by the UK Information Commissioner's Office (ICO).

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include: • Encrypted connections (HTTPS/TLS) for all data in transit • httpOnly, secure session cookies • Row-level security policies on our database • Access controls limiting who can access personal data No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at: Email: hello@automoti.co.uk Website: automoti.co.uk If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO): Website: ico.org.uk Telephone: 0303 123 1113 Last updated: April 2026