← Back to Home

Privacy Policy

Last updated: April 17, 2026  |  Effective: April 17, 2026

ATTMoc ASC ("we", "our", "us") operates the ATTMoc Auto Service Center Management System available at asc.attmoc.space (the "Platform"). This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights regarding your data.

By registering for or using the Platform, you agree to the practices described in this policy.

1. Who This Policy Applies To

  • Service Center Owners (Subscribers) — businesses that subscribe to the Platform to manage their operations.
  • Staff Members — employees added by a Service Center Owner to use the Platform.
  • Customers — vehicle owners whose data is entered into the Platform by a subscribed service center.

2. Data We Collect

2.1 Account & Identity Data

  • Full name, email address, phone number
  • Hashed password (we never store plain-text passwords)
  • Role (Owner, Staff, Customer), IP address and browser/device info at login
  • Two-factor authentication secret (stored encrypted)

2.2 Service Center Data

  • Business name, address, phone, email, website
  • Business registration number, tax ID, logo, uploaded documents
  • Subscription plan, payment proof documents, specialty brands, operating currencies

2.3 Customer & Vehicle Data

  • Customer names, email, phone, and address
  • Vehicle make, model, year, VIN, license plate, mileage
  • Appointment history, service records, invoice totals, payment methods and references
  • Internal notes added by service center staff

2.4 Usage & Technical Data

  • Login activity logs (timestamp, IP, browser)
  • Actions performed within the Platform (audit trail)
  • API request logs for security and debugging

3. How We Use Your Data

  • To provide, operate, and maintain the Platform
  • To authenticate users and protect accounts (including 2FA)
  • To process subscription approvals and manage billing
  • To send transactional emails (verification, password reset, subscription status)
  • To display service history, invoices, and appointments within the Platform
  • To enforce subscription limits (staff count, customer count)
  • To detect security threats, fraud, and unauthorized access
  • To comply with legal obligations
  • To provide customer support — our team may access your account data solely to resolve your reported issue

We do not sell your data to third parties. We do not use your business or customer data for advertising purposes.

4. Platform Operator Access

⚠️ Important Disclosure

As the operator of the Platform, we have infrastructure-level access to the database for maintenance, backup, security monitoring, and customer support. This is standard practice for all hosted SaaS platforms.

We commit to the following:

  • We will not access your business financial data, customer records, or service history unless you request support or we are legally required to do so.
  • All administrative access to service center data is logged in our audit trail.
  • We will not share your business data with competitors or other service centers on the Platform.
  • Your customer data is isolated per service center — other service centers cannot see your customers.

5. Data Sharing & Third Parties

We share data only with the following trusted service providers:

ProviderPurposeData Shared
RailwayHosting & DatabaseAll platform data (encrypted at rest)
ResendTransactional EmailEmail address, email content
NHTSA (US Gov)Vehicle Make/Model LookupNo personal data — public API

We do not sell your data to any party.

6. Data Security

  • All data in transit is encrypted via TLS/HTTPS
  • Database is encrypted at rest by our hosting provider (Railway)
  • Passwords are hashed using bcrypt — never stored in plain text
  • Two-factor authentication secrets are encrypted using AES-256
  • Session tokens are signed JWTs with 30-day expiration
  • Role-based access control ensures staff can only access their own service center
  • All critical actions are logged in an immutable audit trail

In the event of a data breach that affects your data, we will notify you within 72 hours of becoming aware.

7. Data Retention

  • Active accounts: Data retained for the duration of your subscription.
  • Cancelled subscriptions: Data retained for 30 days after cancellation, then permanently deleted.
  • Suspended accounts: Data retained for 30 days from suspension date, then permanently deleted.
  • Activity logs: Retained for 12 months for security purposes.
  • Payment proof documents: Retained for 7 years for legal/accounting compliance.

8. Your Rights

  • Access: Request a copy of the data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your account and associated data.
  • Portability: Request your data in a machine-readable format.
  • Objection: Object to specific processing of your data.

To exercise any of these rights, contact us at privacy@attmoc.com. We will respond within 30 days.

9. Cookies & Session Storage

CookiePurposeExpiry
authjs.session-tokenAuthentication session30 days
device-trust-token2FA trusted device30 days

We do not use advertising cookies or tracking pixels.

10. Children's Privacy

The Platform is intended for businesses and individuals aged 18 and over. We do not knowingly collect data from children under 18. Contact privacy@attmoc.com if you believe a child has provided us data.

11. Changes to This Policy

We will notify active subscribers via email at least 14 days before significant changes take effect. Continued use of the Platform after changes constitutes acceptance.

12. Contact Us

ATTMoc ASC — Privacy Team

Privacy: privacy@attmoc.com

Support: support@attmoc.com

Website: asc.attmoc.space

Terms of Service·Back to Home