Privacy Policy

Introduction

Urban Systems Group LLC ("PlatePin," "we," "us," or "our") operates the PlatePin mobile application and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and being transparent about our data practices. This policy is written to be accurate to how our systems actually operate.

1. Information We Collect

1.1 Information You Provide Directly

Account Information

• Email address (required for account creation)
• Username (required, user-chosen)
• Phone number (optional, for phone authentication)
• Password (securely hashed, never accessible to us)
• Profile photo (optional)

Social Login Data (if you choose these methods)

• Google OAuth: Email, display name, profile photo URL
• Apple Sign-In: User ID, email (if you choose to share), full name (if you choose to share)

Report Content

• License plate numbers you report or subscribe to
• Report descriptions (up to 1,000 characters)
• Report photos (maximum 8MB per image, EXIF metadata stripped)
• Report category and severity
• Sign/parking restriction details

Verification Documents (for vehicle ownership verification)

• Vehicle registration or insurance card images
• Driver's license or state ID images
• Documents are processed using automated AI extraction services (see Section 13) and deleted within 30 minutes after processing
• Extracted data (name, address, plate number, VIN, expiration dates) is used only for cross-validation between documents and is not stored separately from the verification result
• Only verification status (approved/rejected), confidence score, and extraction summary are retained

Messages and Communications

• Direct messages with other users
• Temporary chat messages (expire after 24-90 days depending on type)
• Lost item communications
• Support inquiries

Payment Information

• Processed by third-party payment processors
• We store only transaction IDs, billing city/state/postal code (not street address), and verification status
• We never see or store your full credit card number

1.2 Information Collected Automatically

Location Data

• City and state (always collected with reports for geographic context)
• Precise GPS coordinates (only when you explicitly enable "precise location" for a report)
• Approximate location (for map clustering, not exact GPS)
• Location data is retained with reports for 14-90 days depending on report lifecycle

Device Information

• Device type and operating system
• App version and build number
• Push notification token (for sending alerts)
• Platform type (iOS/Android)

Usage Analytics (Opt-Out Available)

• Screen views and navigation patterns
• Feature usage (reports created, subscriptions added)
• App performance metrics
• Error occurrences (with PII automatically scrubbed)

Technical Data

• IP address (partially masked, used for rate limiting and security)
• Browser/app user agent
• Timestamps of activities

1.3 Information from Third Parties

• Payment Processors: Transaction confirmations, billing details
• Document Processing: Text and data extracted from verification documents using third-party AI services (see Sections 4.2 and 13)
• Authentication Providers: Basic profile information (Google, Apple)

2. How We Use Your Information

2.1 Core Service Operations

• Create and maintain your account
• Process vehicle reports and deliver notifications to relevant subscribers
• Enable communication between users about vehicle incidents
• Process vehicle ownership verification ($0.99 fee)
• Provide customer support
• Enforce our Terms of Service and Community Guidelines

2.2 Safety and Security

• Detect and prevent fraud, abuse, and violations of our terms
• Moderate content using automated tools and AI
• Rate limit API calls to prevent abuse
• Verify device authenticity to prevent unauthorized access
• Protect against bot and spam attacks

2.3 Analytics and Improvement

After opt-in consent (analytics enabled by default, opt-out available in Settings):

• Understand how users interact with features
• Identify and fix bugs and performance issues
• Improve app functionality and user experience
• Generate aggregate insights (no individual identification)

2.4 Anonymized Data and Business Intelligence

After 14-90 days (depending on report type), report data undergoes anonymization:

• User identifiers are removed
• License plate numbers are removed
• Photos are deleted
• Location data (city/state/coordinates) is preserved for geographic analysis

Anonymized data may be used for:

• Creating geographic heatmaps of incident patterns
• Traffic and parking trend analysis for urban planning
• Safety analytics for municipalities and researchers
• Commercial licensing of aggregated insights

Your personal information is NEVER included in commercial datasets.

2.5 Legal Compliance

• Comply with legal obligations and valid legal process
• Respond to lawful requests from law enforcement
• Protect the rights, safety, and property of PlatePin and its users
• Enforce our agreements and policies

3. Data Retention Schedule

We retain data for the minimum period necessary for the stated purpose:

4. Data Sharing and Disclosure

4.1 With Other Users

• Public Reports: Report content (without your email or phone) is visible to subscribers of that vehicle's license plate
• Username Display: Your username appears on reports you create (anonymous reporting available in settings)
• Messages: Only shared with conversation participants

4.2 With Service Providers (Subprocessors)

We share data with trusted service providers under data processing agreements:

4.3 With Partners (Anonymized Only)

• Municipalities: Aggregated, anonymized incident patterns for urban planning
• Researchers: Anonymous traffic and parking trend data
• No PII: Individual user data is never shared with partners

4.4 Legal Requirements

We may disclose information when:

• Required by law, court order, or valid legal process
• Necessary to protect our legal rights or defend against claims
• Needed to prevent illegal activities, fraud, or threats to safety
• Required to enforce our Terms of Service

4.5 We Do NOT

• Sell your personal information to third parties
• Share your email or phone with other users without consent
• Provide advertisers access to your personal data
• Include any PII in commercial data products
• Share data with data brokers

5. Data Security

5.1 Technical Safeguards

• Encryption in Transit: All data transmitted via HTTPS with modern encryption
• Encryption at Rest: All stored data is encrypted at rest
• Authentication: Secure password hashing and authentication protocols
• Device Verification: Device attestation prevents unauthorized API access
• Rate Limiting: Distributed rate limiting prevents abuse attacks
• Input Validation: License plates limited to alphanumeric characters, text fields sanitized

5.2 Data Protection Measures

• PII Scrubbing: Error logs automatically remove personal information
• EXIF Stripping: Photo metadata removed before storage
• Document Deletion: Verification documents deleted within 30 minutes of processing
• Access Controls: Role-based access with principle of least privilege
• Audit Logging: All admin actions and data deletions logged

5.3 Incident Response

• Security incidents investigated within 24 hours
• Affected users notified within 72 hours of confirmed breach
• Regulatory authorities notified as required by law

6. Your Rights and Choices

6.1 Access and Control

You have the right to:

• Access: View your personal data via Settings > Privacy Dashboard
• Export: Download your data in JSON or CSV format (3 exports per 24 hours)
• Correct: Update inaccurate profile information
• Delete: Request account deletion (Settings > Privacy Dashboard or email us)
• Opt-Out of Analytics: Disable in Settings > Privacy & Security

6.2 Vehicle Privacy Controls

• Opt-Out: Vehicle owners can opt their plate out of PlatePin at no cost (CCPA requirement)
• Verification: Verify ownership for enhanced privacy controls ($0.99)
• Report Visibility: Control who can see reports about your verified vehicles

6.3 Notification Preferences

• Push notifications (on/off)
• Email notifications (on/off)
• Proximity alerts for nearby parking restrictions
• Weekly digest (premium feature)
• Quiet hours configuration

6.4 How to Exercise Your Rights

• In-App: Settings > Privacy Dashboard > Manage Data
• Email: legal@platepin.com
• Response Time: Within 30 days for most requests (45 days for complex requests)
• Verification: We may verify your identity before processing requests

7. California Privacy Rights (CCPA/CPRA)

California residents have additional rights:

7.1 Right to Know

You may request disclosure of:

• Categories of personal information collected
• Sources of personal information
• Business purposes for collection
• Third parties with whom we share data
• Specific pieces of personal information we hold about you

7.2 Right to Delete

You may request deletion of your personal information, subject to exceptions for:

• Completing transactions you initiated
• Security and fraud prevention
• Legal obligations and compliance
• Internal uses consistent with your expectations

7.3 Right to Opt-Out of Sale

We do not sell personal information. We do not share personal data with third parties for their direct marketing purposes.

7.4 Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

7.5 Shine the Light

California residents may request information about disclosure of personal information to third parties for direct marketing. Contact legal@platepin.com.

To submit a CCPA request: Email legal@platepin.com with subject "CCPA Request" or use Settings > Privacy Dashboard.

8. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland:

8.1 Legal Basis for Processing

8.2 Your Rights Under GDPR

• Access: Obtain a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion ("right to be forgotten")
• Restriction: Limit processing of your data
• Portability: Receive data in machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Revoke consent for analytics at any time

8.3 Data Transfers

Your data may be transferred to and processed in the United States. We rely on:

• Standard Contractual Clauses (SCCs) with our service providers
• Data Processing Addendums with our service providers
• Appropriate safeguards for international transfers

8.4 Supervisory Authority

You have the right to lodge a complaint with your local data protection authority.

9. Children's Privacy

PlatePin is not intended for users under 16 years of age.

• We do not knowingly collect information from children under 16
• If we discover such collection, we delete it immediately
• Parents or guardians may contact us to request deletion of child data
• Users under 18 require parental consent

10. Changes to This Policy

We may update this Privacy Policy periodically:

• Material Changes: 30-day advance notice via email and in-app notification
• Minor Updates: Notice in app with updated "Last Updated" date
• Continued Use: Constitutes acceptance of updated policy after notice period
• Previous Versions: Available upon request

11. Contact Information

General Privacy Questions:
Email: legal@platepin.com

Data Protection Officer:
Email: legal@platepin.com

Security Issues:
Email: support@platepin.com

Legal Inquiries:
Email: legal@platepin.com

Mailing Address:
Urban Systems Group LLC
Attn: Privacy Team
Philadelphia, PA 19103
United States

Response Time: We respond to privacy inquiries within 30 days.

12. Cookie Policy (Web Properties)

Our web properties (platepin.app, id.platepin.app, admin.platepin.app) use:

Essential Cookies

• Authentication session management
• Security tokens (CSRF protection)
• User preferences (theme, language)

Analytics Cookies (with consent)

• Usage analytics
• Performance monitoring

How to Manage Cookies

• Browser settings to block or delete cookies
• Our cookie consent banner on first visit
• Settings > Privacy to adjust analytics preferences

13. AI and Automated Decision-Making

13.1 How We Use AI

• Content Moderation: AI-powered analysis of text for toxicity, hate speech, and policy violations
• Image Categorization: AI suggests report categories from photos
• Verification Document Extraction: AI extracts structured data (name, address, plate number, VIN, expiration dates) from vehicle registration and driver's license documents to automate cross-validation. Document content is sent to third-party AI services under data processing agreements that prohibit use for model training. Extracted data is used solely for verification processing and is not retained separately.
• Plate Recognition: Computer vision identifies license plate numbers

13.2 Human Review

• AI moderation decisions flagged as uncertain go to human review
• All vehicle ownership verifications are reviewed by a human administrator, regardless of AI extraction results
• All vehicle ownership disputes include human moderator review
• You may appeal AI-based content removal via support@platepin.com

13.3 Your Rights

• You are not subject to fully automated decisions with legal effects without human review
• You may request human review of automated moderation decisions

Policy Version: 3.1 | Last Reviewed: January 31, 2026

© 2026 Urban Systems Group LLC. All rights reserved.