Privacy Policy

The controller of your personal data is Telmo Eduardo Antunes Alfarrobeira, IČO 21781478, Kaprova 14, 11000 Prague, Czech Republic ("we"). Privacy questions and requests: info@detailmasters.pro. This policy explains what personal data we process on the platform at detailmasters.pro, why, and what rights you have under the EU General Data Protection Regulation (GDPR).

• Account data — name, e-mail, phone, country, preferred language, password (stored as a salted hash), optional avatar and bio, marketing consent.
• Billing data — optional billing address and tax identifiers you provide for invoices.
• Booking data — services booked, dates and times, prices (range, confirmed price, payments recorded by the business), notes you add, service address for mobile services.
• Vehicle data — vehicles you save (make, model, year, colour, licence plate) and vehicle details entered with a booking.
• Photos — before/after photos of your vehicle uploaded by the business to document the work.
• Payment data — processed by Stripe; we receive only payment references (amounts, status, intent identifiers), never your card number.
• Content — reviews, review responses, appeals, messages sent through service updates.
• Loyalty, coupon and package data — points, redemptions, issued coupons and their usage, purchased packages and used sessions.
• Notification data — in-app notifications and, if you opt in, push subscription endpoints for this device.
• Technical data — IP address, request logs, cookie identifiers described below.

Mostly directly from you. Some data is created by businesses you interact with: a business may record a walk-in booking with your name and contact details, keep customer notes about the services performed, upload photos of your vehicle, and record payments. Businesses are independent controllers of their own customer records; we process this data as part of providing the platform.

• Providing the service (accounts, bookings, payments, packages, loyalty, notifications) — performance of a contract (Art. 6(1)(b) GDPR).
• Invoicing and tax record-keeping — legal obligation (Art. 6(1)(c)).
• Booking reminders and essential service e-mails — performance of a contract.
• Marketing e-mails, promotional coupons, review invitations — your consent (Art. 6(1)(a)), withdrawable at any time in account settings.
• Push notifications — your consent, given per device and withdrawable in account settings or your browser.
• Advertising and conversion measurement (Google Ads, Google Analytics) — your consent (Art. 6(1)(a) GDPR), given or refused in the cookie banner and withdrawable at any time.
• Platform security, fraud prevention, dispute records — legitimate interest (Art. 6(1)(f)).
• Anonymous, aggregated statistics (e.g. specialists, cities, bookings counters) — legitimate interest.

We use a minimal set of first-party storage:

• dp_session (cookie) — marks an active session so protected pages can redirect correctly; expires after 7 days.
• NEXT_LOCALE (cookie) — remembers your language choice; 1 year.
• detailpro_token (localStorage) — your login token on this device.
• dismissed_promo_* (localStorage) — remembers promotional banners you closed.

Analytics and advertising cookies are optional, off by default, and load only with your consent:

• Google Analytics 4 — audience and traffic measurement (e.g. _ga, _ga_* identifiers).
• Google Ads — measuring sign-up conversions from our advertising campaigns. We use enhanced conversions, which send a hashed (irreversible) version of your e-mail address to Google to match a conversion to an ad click; Google may set conversion cookies such as _gcl_*.

We use Google Consent Mode v2: until you choose, advertising and analytics storage stay denied and these services receive only limited, cookieless signals. The cookie banner lets you "Accept all" or "Reject optional"; the strictly necessary storage above remains active either way. You can change your choice at any time by clearing this site's cookies and local storage, which makes the banner reappear.

We share personal data only as needed to run the platform:

• Businesses you book with — receive your booking details, contact data, vehicle details and service address (for mobile services).
• Stripe Payments Europe — payment processing.
• MongoDB Atlas — database hosting.
• Vercel — web hosting and content delivery.
• Resend — transactional and consented marketing e-mail delivery.
• Cloudinary — image hosting (business logos, galleries, vehicle photos).
• Push delivery services of your browser vendor (Apple, Google, Mozilla) — only if you enable push notifications.
• Google (Google Analytics 4 and Google Ads) — audience measurement and advertising conversion tracking, only if enabled and consented to; enhanced conversions share a hashed, irreversible version of your e-mail address.
• Agents — see business-level data of the businesses they referred; they do not receive customer personal data.

Some processors may process data outside the EEA; in such cases transfers rely on adequacy decisions (e.g. the EU–US Data Privacy Framework) or Standard Contractual Clauses.

Account data is kept for as long as your account exists. Booking, review and loyalty records are kept while the account is active to provide your history. Invoicing records are retained for the period required by Czech tax law (up to 10 years). Payment references are retained as required for accounting and dispute resolution. When you delete your account, personal data is deleted or anonymised, except where retention is legally required.

You have the right of access, rectification, erasure, restriction, data portability, objection to processing based on legitimate interest, and the right to withdraw consent at any time without affecting prior processing.

Self-service: you can export your data (account settings → "Your data"), update your details, manage marketing consent and push notifications, and delete your account — all in the app. For anything else, write to us; we respond within one month.

You may lodge a complaint with a supervisory authority — in the Czech Republic the Office for Personal Data Protection (ÚOOÚ, www.uoou.cz); in Portugal the CNPD (www.cnpd.pt); or the authority of your country of residence.

Data is encrypted in transit (TLS). Passwords are stored as salted hashes. Access to production systems is restricted and authenticated; staff accounts within a business operate under granular per-section permissions; payment card data never touches our servers. Invoice documents are served only through authenticated or unguessable capability links.

The platform is not directed at children. You must be at least 18 years old to create an account. We do not knowingly process children's data; if you believe a child has provided us personal data, contact us and we will delete it.

We may update this policy as the platform evolves; material changes will be announced in the app or by e-mail. This policy is provided in English, Portuguese and Czech — in case of discrepancy the English version prevails to the extent permitted by law. Contact: info@detailmasters.pro.