View prior versions of this policy
SaaS Car, Inc. dba myodo Effective Date: July 7, 2026 Last Updated: July 7, 2026
This Privacy Policy describes how SaaS Car, Inc. dba myodo ("myodo," "we," "us," or "our") collects, uses, discloses, and retains personal information when you use our website (myodo.co) and related services (collectively, the "Service"). myodo provides software to independent automotive repair shops — including online booking, appointment reminders, two-way customer messaging, and digitized service records. This Policy applies to the vehicle owners who interact with a myodo-powered shop and to the shops and shop staff who use our platform.
| Category | Examples |
|---|---|
| Identifiers | Name, email address, phone number, mailing address |
| Account credentials (shop users) | Email and password |
| Vehicle information | VIN, license plate number, year/make/model |
| Service records | Repair orders, invoices, inspection reports uploaded by a shop |
| Booking details | Requested services, appointment times |
| Communications | Messages you exchange with a shop through the platform, including text messages |
| Payment information (shop subscribers) | Billing address, payment method (processed by a third-party processor) |
| Category | Examples |
|---|---|
| Usage data | Pages viewed, features used, session duration, IP address, browser type, device type |
| Source | Data |
|---|---|
| NHTSA vPIC | Vehicle specifications decoded from VIN |
| Plate lookup services | VIN resolution from license plate |
| Repair shops on our platform | Service records and repair orders performed on your vehicle |
We do not collect precise geolocation or other categories of Sensitive Personal Information.
| Purpose | Categories Used |
|---|---|
| Provide the Service | All categories |
| Enable online booking, appointments, and reminders | Identifiers, vehicle info, booking details |
| Send and receive messages between you and a shop (including SMS) | Identifiers, communications |
| Parse and digitize uploaded service records | Service records, vehicle info |
| Maintain your vehicle's service history | Vehicle info, service records |
| Improve document parsing accuracy | Service records (de-identified) |
| Detect fraud and abuse | Usage data |
| Create aggregated and de-identified vehicle data | Vehicle info, service records (de-identified — see Section 8) |
| Comply with legal obligations | All categories as required |
| Recipient | What We Share | Why |
|---|---|---|
| The repair shop you engage | Name, vehicle info, relevant service history | To fulfill your service request |
| Service providers | As needed for hosting, AI document parsing, email, SMS, mapping, and VIN decoding | To operate the platform |
| Legal authorities | As required | To comply with law, subpoena, or court order |
Our principal service providers are Google Cloud (hosting), Cloudflare (edge), OpenAI (document parsing, under the standard OpenAI Services Agreement, which does not use our inputs or outputs to train its models), SendGrid (email), Twilio (SMS), and NHTSA vPIC / PlateToVIN / Google Maps (VIN decoding and address autocomplete).
We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
If you provide your phone number to a repair shop that uses myodo — through the shop's online booking page, or by phone or in person when scheduling service — you consent to receive service-related text messages from that shop through our platform. These may include appointment confirmations, appointment reminders, updates about your vehicle's service, replies from shop staff, and, where you have agreed to receive them, promotional offers from the shop.
No mobile information will be shared with, or sold to, third parties or affiliates for their marketing or promotional purposes. Information sharing described elsewhere in this policy excludes mobile phone numbers and SMS consent status; text messaging originator opt-in data will not be shared with any third party, except as necessary to deliver messages through our SMS service provider.
We do not sell or share mobile opt-in or consent data with any third party, except our SMS provider solely to deliver the messages you requested.
| Category | Retention Period |
|---|---|
| Account data (shop users) | Duration of account; deleted within 30 days of a deletion request |
| Vehicle service records | Retained per the uploading shop's obligations, including the 3-year minimum under the Bureau of Automotive Repair (Cal. Bus. & Prof. Code § 9884.7), then retained de-identified at the vehicle level (Section 8) |
| Uploaded documents (raw files) | Duration of the shop's account |
| Communications/messages | Duration of the account |
| Usage data | Up to 2 years |
If you are a California resident, you have the following rights:
| Right | Description |
|---|---|
| Know | Request the categories and specific pieces of personal information we collected about you |
| Delete | Request deletion of your personal information |
| Correct | Request correction of inaccurate personal information |
| Opt-Out | Opt out of the sale or sharing of personal information (we do not sell or share) |
| Non-Discrimination | We will not discriminate against you for exercising your rights |
| Portability | Receive your data in a portable, machine-readable format |
We verify your identity by matching at least two data points you provide against information we have on file. For deletion requests, we may require additional verification.
You may designate an authorized agent to submit requests on your behalf. The agent must provide signed written authorization, and we may still verify your identity directly.
Where your request concerns service records that a shop uploaded, that shop is the Business responsible for those records. We will forward your request to the relevant shop within five business days and respond directly as to information we independently control.
We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
If this changes in the future, we will provide a "Do Not Sell or Share My Personal Information" link and honor Global Privacy Control (GPC) browser signals as valid opt-out requests.
myodo creates and maintains a de-identified, vehicle-level dataset of service history, indexed by Vehicle Identification Number (VIN) with all consumer-identifying fields removed. myodo owns this de-identified dataset, and may retain, aggregate, analyze, derive insights from, and commercialize it for any lawful purpose — including vehicle history, benchmarking, analytics, and research — as an independent Business.
For each vehicle, the de-identified dataset may include: vehicle year, make, model, trim, engine, drivetrain, and transmission; service types performed; service notes; inspection findings; recommended services; service-in and service-out dates; service-in and service-out odometer readings; part manufacturers, part names, and part numbers; and shop city and state.
The de-identified dataset does not include: service advisor name; technician name; cost data; shop name or unique shop identifier; or any user identifier.
We treat this dataset as De-Identified Information under Cal. Civ. Code § 1798.140(m). We maintain reasonable technical and organizational measures so the data cannot be used to infer information about, or be linked to, a particular consumer or household; we publicly commit to maintain and use the data only in de-identified form and to not attempt to re-identify it; and we contractually require recipients to do the same. Because this dataset is De-Identified Information, cross-referencing and use of it do not constitute a sale or sharing of personal information.
myodo's retention, ownership, and use of the de-identified dataset survives the deletion of any associated account and the termination of any shop's participation in the platform.
We honor the Global Privacy Control (GPC) signal. When we detect GPC from your browser, we treat it as a valid request to opt out of the sale or sharing of personal information associated with that browser.
Some browsers transmit a "Do Not Track" (DNT) signal. There is no accepted standard for how to respond to DNT signals, and we do not currently respond to them. We honor the Global Privacy Control (GPC) signal as described in Section 9.
The Service is not directed to individuals under 18. We do not knowingly collect personal information from individuals under 18. If we learn we have collected information from an individual under 18, we will delete it.
We implement reasonable administrative, technical, and physical safeguards to protect personal information, including:
No system is 100% secure. If we discover a breach affecting your personal information, we will notify you as required by California Civil Code § 1798.82.
We may update this Privacy Policy periodically. We will notify you of material changes by posting the updated policy on our website and, for material changes, by email or in-app notification at least 30 days before the change takes effect.
Prior versions are archived at myodo.co/privacy/archive once a new version is published.
SaaS Car, Inc. dba myodo Email: privacy@myodo.co Address: 2608 Portola Way, Sacramento, CA 95818 Phone: 916-258-5456
We use essential cookies to make our site work. We'd also like to set analytics cookies to help us improve. See our Privacy Policy for details.