Data Protection and Privacy Policy

1. Who We Are

CarBG LLC, registered in Sheridan, WY 82801, USA (“CarBG,” “we,” “us”) operates the CarBG website, we application, and mobile application, an artificial-intelligence service that removes backgrounds from automobile images. We are a company registered in Wyoming, USA, and we are conducting all our work in the best faith to comply with the California’s Consumer Privacy Act (CCPA), European Union’s General Data Protection Regulation (GDPR), and other globally leading personal data protection acts.

2. Scope and Application

This policy explains how we collect, use, store, share and protect personal data when you:

Create an account or purchase credits;
Upload images or other content to the CarBG platform;
Interact with our websites, applications or marketing communications; or
Participate in our affiliate or referral programs.

It also describes the rights and choices available to individuals in relation to their personal data.

3. Data We Collect

We collect or may collect the following categories of data:

We collect account and identity data such as your name, email, password, phone number, company name, and country. This information is necessary to create and manage user accounts, provide authentication, and offer customer support.
For payment and billing data, we gather details like your payment method (credit card type, last four digits, and expiry), billing address, and tax-relevant identifiers. Full payment card numbers are not stored directly, as we rely on trusted third-party payment processors. This data allows us to process transactions, deliver credits, and comply with accounting obligations.
When you use our services, you may upload images and other user content, including photographs of vehicles, associated metadata, and optional tags or descriptions. These are processed to deliver background removal and image enhancement services. We may temporarily store processed images to generate results and improve performance, but they are deleted after a limited retention period.
We also log usage and technical data such as IP addresses, browser types, device identifiers, operating systems, access times, pages viewed, clickstream data, session details, and log files. This information is used for service operation, monitoring security, performing analytics, and optimizing performance.
Through cookies and tracking technologies, including cookies, pixels, and similar tools, we collect data about your interactions with our website. This includes preferences and browsing behaviour. Our cookie policy provides further details about cookie types and how you can manage them. The purpose of this data is to remember your preferences, analyse site traffic, and deliver relevant advertising, but only with your consent.
We maintain records of marketing and communication preferences, including opt-in or opt-out choices, survey responses, and conversations with our customer support team. These records enable us to manage newsletter subscriptions, promotional messages, and feedback requests.
For those participating in our affiliate programme, we collect data such as your affiliate ID, performance of referral links (clicks and conversions), commission statements, and payment details. This allows us to track referrals, calculate commissions, and provide performance dashboards.
We do not intentionally collect sensitive personal data (e.g., race, religion or health) and request that users avoid uploading such information.
Finally, we hold legal and compliance data. This may include records of user consents, data subject requests, contract acceptances (for example, via clickwrap agreements), and communications related to legal inquiries or disputes. These records are necessary to comply with statutory obligations, handle user rights requests, and maintain accountability.

4. Purposes and Legal Bases for Processing

We process personal data for the following purposes and under the lawful bases:

We use personal data primarily for the provision of services and fulfilment of contracts. This includes activities such as creating user accounts, processing orders, delivering credits, processing uploaded images, and providing customer support. The legal basis for these activities is the performance of our contract with the user.
Another purpose is the improvement and development of our products. We may analyze aggregated usage patterns, test new features, improve AI algorithms (only when using anonymized data), and conduct surveys to better understand user needs. The legal basis here is our legitimate interest in enhancing services, combined with user consent where required, for example, when participating in optional surveys or when training models on personal images.
We also process data for marketing communications, which covers sending updates about new features, promotions, and affiliate opportunities. These activities take place only where the user has provided explicit consent, such as opting in to marketing emails or WhatsApp messages.
In addition, we are required to use certain data to ensure compliance with laws. This involves keeping records for tax, accounting, and consumer protection purposes, as well as responding to lawful requests from public authorities. The legal basis for this is compliance with our legal obligations.
Finally, we rely on data to maintain security and prevent fraud. This includes monitoring access logs, detecting misuse of the platform, and enforcing our Terms and Conditions. The legal basis for these activities is our legitimate interest in protecting our systems and users, as well as compliance with applicable legal obligations.

5. How We Share Data

We may share personal data with:

Payment processors and financial institutions, to handle transactions securely.
Cloud hosting providers, to store data and operate servers globally. These providers may process data in countries outside your location; we rely on standard contractual clauses or equivalent safeguards for cross-border transfers.
Service providers and contractors, such as customer support software, analytics vendors, email service providers and AI infrastructure partners. We require them to process data only on our instructions and under confidentiality agreements.
Affiliates and marketing partners, only to attribute referrals and calculate commissions; we do not share customer contact details for unrelated marketing without consent.
Legal or governmental authorities, if required to comply with laws or to protect our rights or the safety of others.
Business transfers, if we sell or transfer part of our business, customer data may be included as part of the transaction with appropriate safeguards.

6. Data Retention

We keep personal data only as long as necessary for the purposes described above:

Images and processed outputs are stored for up to 90 days to allow downloads and quality review; automatically deleted thereafter unless retention is required for debugging or with the user’s explicit consent.
Account data is retained for the life of the account. If an account is deleted, we will erase or anonymize data within 90 days except where needed for billing or legal purposes.
Transaction and billing records are retained for at least seven years (or longer if required by tax laws).
Logs and technical data are stored for up to 12 months for security, analytics and audit trails.
Marketing preferences are retained until you opt out or until we stop sending communications.
Affiliate programme records are retained for the duration of the affiliate agreement and as required by accounting laws.

We may retain anonymized data (which cannot identify individuals) indefinitely.

7. Cookies and Tracking Technologies

Our websites use cookies to remember user preferences and to enhance functionality. We are compliant with the CCPA and the EU Cookie Law; thus, visitors will be alerted that cookies are in use and given the option to opt out. Our cookie policy describes:

What cookies are (small text files stored on your device);
The types of cookies we use (essential, functional, analytics, advertising);
How and why we use them (e.g., remembering login details, measuring website performance); and
How users can opt out or change cookie settings.

We provide a cookie banner to obtain consent and allow users to reject non-essential cookies.

8. International Transfers

Because we operate globally, data may be transferred to and stored on servers in countries outside your own. These countries may have data-protection rules that differ from those of your country. When we transfer personal data to a third country, we rely on the standards approved by official transfer mechanisms.

9. Security Measures

We continuously aim to implement technical and organizational measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction or damage. These may include:

Encryption of data at rest and in transit.
Role-based access control and two-factor authentication for administrative accounts.
Regular security audits, penetration tests and vulnerability scans.
Secure software development practices.
Employee training on data protection obligations
Incident response and data-breach notification procedures (see Section 2.8).

10. Your Rights and Choices

Right of access – You can request a copy of your personal data and information about how it is being processed.
Right to rectification – You can request correction of inaccurate or incomplete personal data.
Right to erasure (“right to be forgotten”) – You can request deletion of your personal data under certain circumstances.
Right to restriction – You can request that we limit processing of your data in specific situations.
Right to data portability – You can request to receive your personal data in a structured, commonly used and machine-readable format or to have it transferred to another controller.
Right to object – You can object to processing based on legitimate interests or direct marketing.
Right to withdraw consent – If processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

We will respond to verifiable requests within the timeframe required by law (45 days in most cases) and provide a free means to exercise these rights. You may exercise these rights by contacting us through the channels below or via an online self-service portal (where available).

11. Changes to This Policy

We may update this policy to reflect changes in our practices or in the law. We update our privacy policy every 12 months. We will notify users of significant changes by email or in-app notification and post the updated policy on our website with a new effective date.

12. Contact us

If you have questions or concerns about this policy or wish to exercise your rights, please get in touch with us:

Email: hello@carbackground.ai