Privacy Policy
Recume - AI Car Scanner | MVR Systems LLC
Last updated: June 2026
1. Overview
Recume is operated by MVR Systems LLC, 1115 Melrose Blvd, Manalapan, NJ 07726. We collect only what we need, we do not sell your data, and you stay in control.
2. Data We Collect
Directly from you: account info (email, display name, hashed password), waitlist info (name + email only), onboarding answers (all optional), scan inputs (images/videos), VIN metadata if provided.
Generated by use: scan history (part name, condition score, cost estimate, recommendations), chat history, subscription status (plan type, renewal dates, Stripe customer ID).
Automatically: server logs (IP, browser/device, request URL), Supabase auth cookies, Cloudflare security cookies.
We do not use advertising trackers, third-party analytics cookies, or sell any user data.
3. How We Use Your Data
- Provide the diagnostic service and maintain scan history
- Process payments
- Send transactional emails via Resend
- Enforce security and prevent abuse
- Respond to support and legal requests
Raw images are not used to train AI models unless user explicitly opts in.
4. Third-Party Services
- Supabase (auth & database)
- Stripe (payments, PCI-DSS compliant — we never see your card)
- Anthropic / Cloudflare Workers AI (inference)
- Resend (email)
- Vercel (hosting)
- @react-pdf/renderer self-hosted (PDF generation)
5. Data Retention
- Uploaded images: deleted after inference unless saved.
- Scan & chat history: until user deletes or closes account.
- Account data: purged within 30 days of deletion request.
- Payment records: 7 years per financial regulations (stored by Stripe).
- Backups: encrypted daily snapshots kept 30 days.
6. Cookies
- Strictly necessary: Supabase auth cookies.
- Functional: theme / preference memory.
- Analytics: none.
- Advertising: none.
7. Security
HTTPS + HSTS, Supabase row-level security, Stripe PCI-DSS, rate limiting on scan and chat endpoints, secrets in environment variables (never committed to repo).
8. Your Rights
Access, correct, delete, restrict, or export your data. Requests processed within 30 days.
Email privacy@recumeai.com.
9. Children
Not directed at children under 16. Contact privacy@recumeai.com if a minor's data has been submitted.
10. Changes to This Policy
Material changes communicated via email and in-app notice. “Last updated” date reflects most recent revision.