Privacy Policy

1. Introduction

Welcome to EAM (Endless Automotive Management), operated at eamportal.net. EAM is a cloud-native SaaS platform designed for automotive service businesses, including repair shops, wrap studios, and detailing businesses. We are committed to protecting the privacy of our users and their customers. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, website, and related services (collectively, the "Service"). By accessing or using the Service, you agree to the terms of this Privacy Policy. If you do not agree with the practices described herein, please do not use the Service.

2. Information We Collect

We collect several categories of information depending on how you interact with the Service.

2.1 Account and Personal Information

When you create an account, we collect your name, email address, phone number, and business information such as shop name, address, and business type. Authentication is handled through our identity provider, Clerk, which may collect additional authentication data such as password hashes, multi-factor authentication details, and session tokens.

2.2 Shop and Business Data

As part of operating your business through EAM, you may input shop configuration details, team member information, business hours, bay/workstation setup, tax rates, labor rates, and other operational data necessary to run your shop.

2.3 Customer and Vehicle Data

You may store information about your customers, including their names, email addresses, phone numbers, mailing addresses, and vehicle details such as year, make, model, VIN, mileage, and license plate number. This data is entered and managed by you as the shop operator. EAM processes this data on your behalf.

2.4 Service and Transaction Data

The Service stores repair orders, estimates, invoices, inspection reports, appointment schedules, inventory records, parts catalog lookups, and related transactional data. This also includes photos and media uploaded during inspections, before/after documentation, and project tracking.

2.5 Communications Data

Messages sent through the platform, including SMS messages to customers, in-app conversations, and AI agent interactions, are stored to provide the Service and maintain conversation history.

2.6 Usage and Analytics Data

We automatically collect information about how you use the Service, including pages visited, features used, timestamps of activity, browser type, operating system, device information, IP address, and referring URLs. This data helps us improve the Service and diagnose technical issues.

2.7 Cookies and Similar Technologies

We use cookies and similar tracking technologies to maintain your session, remember your preferences, and analyze usage patterns. Essential cookies are required for the Service to function properly, including authentication session cookies. You can control non-essential cookies through your browser settings, though disabling them may affect certain features.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Providing the Service: To operate, maintain, and deliver the features of the platform, including repair order management, scheduling, invoicing, inventory tracking, and customer communications.
• AI-Powered Features: To provide AI agent capabilities, including the customer-facing assistant and the business intelligence agent. Conversation data may be sent to our AI provider, Anthropic, for processing. Anthropic does not use your data to train their models.
• Payment Processing: To facilitate invoicing and payment collection through our payment processor, Stripe.
• Communications: To send SMS messages, email notifications, appointment reminders, and other service-related communications on your behalf through Twilio and other providers.
• Account Management: To manage your account, authenticate your identity, and enforce access controls within your organization.
• Analytics and Improvement: To understand usage trends, measure the effectiveness of features, and improve the Service.
• Security: To detect, prevent, and respond to fraud, abuse, security incidents, and other harmful activity.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

4. Third-Party Services

EAM integrates with the following third-party services to deliver the platform. Each provider has its own privacy policy governing their use of data:

Clerk (Authentication)

We use Clerk for user authentication, session management, and organization management. Clerk processes your email address, name, and authentication credentials. For more information, see Clerk's Privacy Policy.

Stripe (Payments)

Payment processing is handled by Stripe. When you or your customers make payments, Stripe collects and processes payment card details, billing addresses, and transaction data. EAM does not store full credit card numbers on our servers. For more information, see Stripe's Privacy Policy.

Twilio (SMS and Communications)

We use Twilio to send SMS messages, including appointment reminders, status updates, and other communications between shops and their customers. Twilio processes phone numbers and message content. For more information, see Twilio's Privacy Policy.

Anthropic (AI Agents)

Our AI-powered features, including the customer-facing agent and the business intelligence agent, are powered by Anthropic's Claude. When you use these features, relevant contextual data (such as repair order details, customer information, or business metrics) may be sent to Anthropic for processing. Anthropic does not use data submitted via their API to train their models. For more information, see Anthropic's Privacy Policy.

Amazon Web Services (Hosting and Infrastructure)

EAM is hosted on Amazon Web Services (AWS). Our infrastructure includes ECS (compute), Aurora PostgreSQL (database), S3 (file storage), and related services. All data is stored in the United States (us-east-1 region). AWS provides physical and infrastructure-level security. For more information, see AWS's Privacy Policy.

5. Data Sharing and Disclosure

We do not sell your personal information. We share data only in the following circumstances:

• Service Providers: With the third-party services described in Section 4, strictly to the extent necessary to provide the Service.
• Within Your Organization: Data within your shop account is accessible to authorized team members within your organization as configured by your account administrator.
• Legal Requirements: When required by law, subpoena, court order, or other legal process, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your data.
• With Your Consent: We may share information with third parties when you have given explicit consent to do so.

6. Data Security

We take the security of your data seriously and implement industry-standard measures to protect it, including:

• Encryption of data in transit using TLS/SSL and encryption of data at rest.
• Multi-tenant architecture with strict data isolation. Each shop's data is logically separated, and every database query is scoped to the authenticated tenant. No shop can access another shop's data.
• Database hosted in a private VPC (Virtual Private Cloud) with no direct public internet access.
• Role-based access controls within organizations, allowing shop owners to manage team member permissions.
• Regular security reviews and monitoring of infrastructure and application layers.
• Secure authentication via Clerk, supporting multi-factor authentication and session management best practices.

While we strive to protect your information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to maintaining robust protections and promptly addressing any security incidents.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. When you close your account, we will delete or anonymize your data within 90 days, except where we are required to retain it for legal, regulatory, or legitimate business purposes (such as resolving disputes, enforcing agreements, or complying with tax and accounting obligations). Backup copies may persist in our systems for up to an additional 30 days before being permanently removed. You may request earlier deletion of your data by contacting us at the email address listed in Section 11.

8. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal information:

• Access: You may request a copy of the personal information we hold about you.
• Correction: You may request that we correct inaccurate or incomplete personal information.
• Deletion: You may request that we delete your personal information, subject to certain legal exceptions.
• Data Export: You may request a machine-readable export of your data, including customer records, repair orders, invoices, and other business data stored on the platform.
• Opt-Out of Communications: You may opt out of non-essential marketing communications at any time. Service-related communications (such as billing notices and security alerts) will continue as long as your account is active.
• Restrict Processing: In certain circumstances, you may request that we limit the processing of your personal information.

To exercise any of these rights, please contact us at support@eamportal.net. We will respond to your request within 30 days. We may ask you to verify your identity before fulfilling your request.

9. Children's Privacy

The Service is designed for use by businesses and their authorized representatives. It is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at support@eamportal.net.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, for significant changes, by sending a notification through the Service or via email. We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: