Privacy Policy
1. Who we are
OBD Pilot is an iOS app developed by Shashank Mallela (sole proprietor) ("we", "us"). The app reads diagnostic data from your vehicle via an OBD2 adapter and helps you understand it in plain English using AI.
We can be reached at hello@obdpilot.com for any privacy-related questions or requests.
2. What we collect
OBD Pilot is designed to keep your data on your device whenever possible. The categories below describe everything we can see, even briefly:
On your device only (never sent to us)
- Saved diagnostic scan records (trouble codes, freeze-frame snapshots, sensor data, vehicle make/model/VIN if your adapter reports it)
- Chat conversations with the AI assistant
- App preferences (theme, accent colour, units, car nickname)
- Your OpenAI API key, if you choose to provide one (stored in the iOS Keychain)
Sent to OpenAI when you use AI features
- The current question or photo you send to the chat
- The trouble codes, freeze-frame data, and live vehicle readings needed to answer your question
- A short rolling history of your recent chat with the AI
Sent to our backend proxy (Pro subscribers only)
- An Apple-signed transaction token proving your subscription is active (we do not receive your name, email, Apple ID, or any personally identifying account info from Apple)
- The chat / analysis request itself, which we then forward to OpenAI on your behalf
Sent to Apple
- Subscription purchase events handled entirely by Apple's StoreKit. Apple's own privacy policy governs that data.
3. What we do NOT collect
- No analytics, telemetry, or crash reports sent to any third party
- No advertising identifiers
- No location data
- No contacts, calendar, or photo metadata beyond the specific photo you choose to send in a chat
- No tracking across apps or websites
This is also reflected in the app's Privacy Manifest (PrivacyInfo.xcprivacy) bundled with each release.
4. Why your data goes to OpenAI
OBD Pilot uses OpenAI's API to translate cryptic diagnostic codes into useful, conversational advice. OpenAI processes the request, returns an answer, and (per OpenAI's API policy at the time of writing) does not use API content to train their models.
You can read OpenAI's current API privacy and data handling policy at openai.com/policies/api-data-usage-policies.
If you prefer not to use AI features, you can:
- Skip the chat tab and use the app for basic scan-and-display only
- Use Demo Mode, which never sends any data to OpenAI
5. Our sub-processors
| Service | Purpose | What they see |
|---|---|---|
| OpenAI | AI answers and image analysis | The text/photo of your question + the diagnostic context needed to answer it |
| Vercel | Hosts our proxy for Pro users | Forwards your request to OpenAI; does not log request bodies or persist user data |
| Apple | Subscription management | Subscription transactions and payment details (per Apple's own policies) |
6. How long data is kept
- On-device data: stays on your device until you delete the app or use the in-app delete actions (Reports → swipe to delete, New Chat to clear history, Settings → Clear API Key, etc.).
- OpenAI: OpenAI retains API request data for up to 30 days for abuse monitoring, then deletes it. See OpenAI's policy linked above.
- Vercel proxy: stateless; nothing is logged or persisted.
- Apple subscription data: retained per Apple's own policies.
7. Your rights
You can at any time:
- Stop using the app: delete it from your device and all on-device data is removed.
- Delete your own API key in Settings → OpenAI Key.
- Cancel your subscription via iOS Settings → [Your Name] → Subscriptions.
- Request access, correction, or deletion of any data we hold about you by emailing hello@obdpilot.com. Note that because OBD Pilot doesn't have user accounts and we don't store your data on our servers, there is typically nothing on our end to delete — but we will confirm that in writing.
If you are in the EU/UK, you also have the rights afforded under the GDPR — including access, rectification, erasure, restriction, portability, and objection — and the right to lodge a complaint with your local data protection authority. If you are in California, you have the rights described under the CCPA, which we respect for all users globally.
8. Children
OBD Pilot is not directed at children under 13 (or the applicable minimum digital consent age in your jurisdiction). We do not knowingly collect data from children.
9. International data transfers
OpenAI processes requests on servers in the United States. Vercel also processes requests in the United States. By using AI features in OBD Pilot, you consent to this transfer.
10. Changes to this policy
If we materially change this policy we will update the "Last updated" date above and notify users via an in-app prompt on next launch.
11. Contact
Privacy questions or requests: hello@obdpilot.com