Autochamak
Get the app

Autochamak Privacy Policy

Effective date: 9 May 2026 Last updated: 9 May 2026

Autochamak ("we", "us", "the Service") is a subscription car-wash booking platform. This policy explains what personal information we collect from customers using our mobile app and how we use it. It applies to the Autochamak customer mobile app (Android and iOS) and the autochamak.com website.

If you have questions, contact us at [email protected].

1. Who we are

Autochamak is operated by Autochamak, a sole proprietorship of Chandra Kiran Rapeti, registered as an MSME (Micro enterprise) under the Government of India's Udyam Registration scheme, having its principal place of business at D.No. 40-51-17/2, Santhosh Nagar, Thatichetlapalem, Visakhapatnam – 530024, Andhra Pradesh, India. The car-wash business that serves you ("the carwash", or your "organization") is a separate business that uses Autochamak software to run its operations. We process your data on behalf of that carwash so they can deliver the service you signed up for.

2. What we collect

We collect only what we need to run the service. Specifically:

Account information (you give us this when you sign up)

  • Email address — used as your login (via a one-time code sent to your inbox) and for receipts, reminders, and service notifications
  • Google account identifier (optional) — only if you choose "Sign in with Google". We receive your name, email, and a Google-issued user ID. We do not store your Google password or access any other Google data.
  • Name — shown to the carwash team and on your receipts
  • Phone number — used by the carwash team to call or message you about your washes (e.g. when the crew can't find your gate). Not used for login at this time. We may add SMS-based login as an additional sign-in option in a future release; if we do, this policy will be updated to describe how it's used.

Service information (you give us this while using the app)

  • Vehicle details — registration plate, make, model, colour, and whether it's a 2-wheeler or 4-wheeler
  • Service address (home-delivery customers only) — the address where you want the wash performed, including pincode and approximate coordinates so the staff can find you
  • Subscription, booking, and payment history — which plans you bought, which washes happened, ratings you left, cash receipts issued

Device information (collected by the app)

  • Push notification token — a token issued by Apple or Google so we can send you reminders and arrival notifications. We never receive your device's hardware ID, advertising ID, or contact list.
  • Approximate location (only when you tap "I'm here" on a job) — used at that moment to confirm you're at the carwash branch. We don't track you in the background; the app does not request background location permission.

Things we do NOT collect

  • Payments: we do not currently process card or UPI payments inside the app. Payment is collected in cash by the carwash staff. When we add online payments in the future, this policy will be updated and you will be told.
  • Photos: the customer app does not take or upload photos. The carwash staff (using a separate employee app) may take before/after photos of your vehicle so you can verify the work — those photos are shown to you in the app but never come from your device.
  • Camera frames (when you tap "Scan QR"): we use your phone's camera to read a car wash QR code at the counter. The image stream is processed entirely on your device — no photo is taken, no frame is saved, and nothing is uploaded. The only thing we extract is the text-encoded URL from the QR code itself.
  • Analytics or behaviour tracking: we do not embed any analytics, advertising, or attribution SDKs. We do not sell your data to anyone.
  • Background location: never collected.
  • Microphone, camera, contacts, calendar, SMS, or call logs: not collected.

3. How we use your information

  • To create and run your subscriptions, bookings, and walk-in visits
  • To send service notifications (upcoming wash, arrival reminder, receipt, payment reminder, ratings request) by push or email
  • To verify your email through one-time passwords (OTPs) at sign-in
  • To let the carwash team contact you about your service
  • To produce GST-compliant receipts and tax records
  • To investigate and resolve disputes or service quality complaints
  • To prevent fraud and abuse of the platform

We do not use your data for advertising, profiling, or any purpose unrelated to running the service.

4. Who we share it with

  • Your carwash organization — the staff and admin of the carwash business you signed up with see your name, phone, vehicles, addresses, bookings, and ratings. This is necessary to deliver the service.
  • Email provider — when we send you a verification code, your email address is shared with our email vendor (Resend, https://resend.com) solely for delivery. If we add SMS-based login in a future release, an Indian DLT-registered SMS provider would receive phone numbers for the same delivery purpose, and this policy will be updated.
  • Push notification services — Apple Push Notification service and Google Firebase Cloud Messaging deliver notifications to your device.
  • Cloud infrastructure — our servers run on Amazon Web Services (AWS) in India. AWS stores the encrypted data on our behalf.
  • Law enforcement — only when compelled by valid legal process from Indian authorities.

We do not sell your data, share it with advertisers, or transfer it to data brokers.

5. Where your data lives

Your data is stored on servers located in India (AWS Mumbai region).

6. How long we keep it

  • Account, vehicles, addresses, subscriptions, bookings: kept while your account is active.
  • Receipts and tax records: kept for 8 years to comply with Indian GST and Income Tax recordkeeping rules, even if you delete your account.
  • Push tokens: deleted when invalidated by Apple/Google or when you uninstall the app.
  • OTP codes: hashed before storage; expire and are deleted within ~10 minutes.

7. Your rights

You can ask us to:

  • See the personal data we hold about you
  • Correct anything that's wrong
  • Delete your account and personal data (we'll keep only the records Indian law requires us to keep — see Section 6)
  • Export your data in a machine-readable format
  • Stop sending you marketing-style notifications (service notifications about your active washes will still be sent)

To exercise these rights, email [email protected] from the address linked to your account or write to us at the address in Section 1. We respond within 30 days.

8. Children

Autochamak is not intended for children under 18. We do not knowingly collect data from anyone under 18. If you believe a child has signed up, contact us and we will delete the account.

9. Security

  • All network traffic uses HTTPS (TLS 1.2 or higher).
  • Passwords are hashed with Argon2; OTP codes are hashed before storage.
  • Authentication tokens stored on your device are kept in the OS-level secure storage (iOS Keychain / Android Keystore).
  • We restrict employee access to customer data on a need-to-know basis.

No system is perfectly secure. If we discover a breach affecting your data we will notify you and the relevant Indian authorities as required by law.

10. Changes to this policy

If we change this policy in a way that affects how we handle your data, we will tell you in the app and by email at least 30 days before the change takes effect.

11. Grievance Officer (India)

In line with the Information Technology Rules, 2011 and the Digital Personal Data Protection Act, 2023:

Grievance Officer: Chandra Kiran Rapeti Email: [email protected] Address: D.No. 40-51-17/2, Santhosh Nagar, Thatichetlapalem, Visakhapatnam – 530024, Andhra Pradesh, India

You can write to the Grievance Officer if you believe your rights have been violated. We will acknowledge within 24 hours and resolve within 15 days.

This policy is provided in English. A Hindi translation is available on request.

← Back to autochamak.com