Last updated: May 25, 2026

Introduction

This Privacy Policy describes how Exhaust Expert ("we," "us," or "our") collects, uses, discloses, and protects information when you use the Exhaust Expert mobile application and related services (the "Services").

By using the Services, you agree to this Privacy Policy and our Terms of Service. If you do not agree, please do not use the Services.

Information We Collect

We collect information you provide directly, information generated when you use the Services, and information from integrated service providers.

A. Information you provide

• Account and profile information: name, email address, phone number, business location/address text, user role (customer, sales representative, administrator, or warehouse administrator), shop association, and account status.

• Login and security information: email and password (passwords are stored only in hashed form on our systems), temporary password flags, and sign-in activity such as failed login attempts.

• Account request information: when you request a new account, we collect the details you submit (such as name, email, location/address, optional phone, and requested role) for administrator review.

• Order and checkout information: cart contents, delivery and billing addresses you enter or save, shipping phone numbers, order identifiers, and related fulfillment details. Checkout is completed through Shopify.

• Returns (RMA) information: return reason, description, product and order details, quantities, delivery date, disclaimer acceptance, and photos or other files you upload as evidence (typically 1–5 photos per return request).

• Support information: support ticket subject, messages, and any attachments or images you send through support or RMA chat features.

• Communications: information you send us by email or through in-app flows (including account reactivation or password assistance requests).

B. Information collected automatically

• Authentication and session data: access tokens and refresh tokens issued when you sign in. The app stores these on your device (for example, in local device storage) to keep you signed in.

• Push and in-app notification data: notification titles, messages, and related metadata (such as order, RMA, or account request identifiers) used to route you to the correct screen. If you enable push notifications, we associate your account with a push provider using your account identifier.

• Technical and operational data: server logs, API request metadata, security events, error diagnostics, and similar records needed to operate, secure, and troubleshoot the Services.

C. Verification data

• Phone verification (SMS): if you use phone sign-in, we send a one-time verification code to the phone number on your account through our SMS verification provider. We do not store the SMS code itself in long-term profile fields; verification is validated through the provider.

• Email verification codes: we send one-time codes to your email for purposes such as password reset, first-time password setup, and account deletion request confirmation. These codes are stored in hashed form for a limited time and expire automatically.

Location information

We do not collect precise GPS or continuous device location from the mobile app.

We use delivery, billing, and business addresses that you type or save for ordering, delivery estimates, fulfillment, and related operations. Account requests may include a location/address string you provide for review.

How We Use Your Information

We use personal information to:

• create, review, approve, and manage user accounts;

• authenticate users and maintain secure sessions;

• provide vehicle lookup (including VIN decode and manual vehicle selection) and product discovery;

• process carts, checkout, orders, deliveries, cancellations, and refunds;

• operate returns (RMA), inspections, refunds, and related messaging;

• provide customer support and resolve disputes;

• send transactional communications (email, SMS where applicable, in-app notifications, and push notifications if enabled);

• prevent fraud, abuse, unauthorized access, and policy violations;

• comply with legal, tax, accounting, audit, and regulatory obligations;

• improve reliability, security, and performance of the Services.

We do not sell your personal information to third parties for their own marketing purposes.

How We Share Information

We share information only as described below:

A. Service providers (processors)

We use third-party providers that process data on our behalf to operate the Services, including:

• Shopify — product catalog, customer records, cart, checkout, orders, and payment-related commerce functions;

• Delivery partners (such as DoorDash and Roadie) — pickup, delivery, tracking, and status updates for eligible orders;

• Twilio — SMS-based phone verification for sign-in;

• OneSignal — push notification delivery (using your account identifier as the external user ID when you are logged in);

• Amazon Web Services (AWS) S3 — storage of photos and files you upload for returns and related workflows (accessed via secure upload URLs);

• Email delivery (SMTP) — transactional emails such as verification codes, password notices, order and account notifications, and deletion request updates;

• Vehicle and parts data partners — VIN lookup, vehicle search options, and parts/fitment data used for compatibility and catalog features (your VIN or vehicle selections may be sent to these services to retrieve results);

• Cloud hosting and database providers — application hosting, databases, and infrastructure used to run our backend systems.

These providers process information according to their own terms and privacy policies and only as needed to perform their services for us.

B. Within your organization’s account structure

Depending on your role, certain information (such as orders, shops, RMAs, or support tickets) may be visible to authorized sales representatives, warehouse administrators, or Exhaust Expert administrators for legitimate business operations.

C. Legal and safety

We may disclose information if required by law, court order, or government request, or when we believe disclosure is necessary to protect rights, safety, security, or the integrity of the Services.

Account Deletion

Customers and sales representatives may request account deletion from the app (Profile → Delete Account).

How the process works:

You confirm that you want to request deletion.

1. We email a 6-digit verification code to your registered email address. You enter this code in the app to verify the request. Codes expire after a limited time (currently 15 minutes).
2. After verification, we create a pending account deletion request for administrator review. You will receive email confirmation that the request was received.
3. An administrator approves or declines the request. You will be emailed the outcome. Account deletion is not completed immediately when you enter the verification code.

If you cannot access the app, contact us at info@exhaustexpert.com. We will help with verified deletion requests subject to identity and security checks.

Administrators and warehouse administrators cannot complete self-service deletion through this in-app flow; contact info@exhaustexpert.com for assistance.

What Happens When Deletion Is Approved

When an administrator approves your deletion request, we disable access and anonymize or remove personal profile data, including:

• account access disabled and login sessions/tokens revoked;

• email replaced with an anonymized placeholder;

• name and display name anonymized;

• phone number removed;

• saved addresses and saved phone numbers removed;

• password and related login secrets removed or invalidated;

• linked Shopify customer personal data anonymized where supported by our integration.

Data We May Retain After Deletion

Even after account deletion, we may retain certain information where required or permitted by law or legitimate business needs, including:

• order, payment, tax, invoice, and refund records;

• RMA and return/refund history;

• support ticket records and related messages;

• account request and deletion request audit records;

• security, fraud-prevention, and operational logs;

• records needed for disputes, enforcement, and compliance.

Where feasible, retained records are limited, anonymized, or de-identified.

Data Retention

We retain personal information only as long as reasonably necessary for the purposes described in this Policy, including providing the Services, meeting legal and tax obligations, resolving disputes, preventing fraud, and enforcing our agreements.

When retention periods end, we delete, anonymize, or securely archive data according to applicable requirements.

Security

We use reasonable technical and organizational safeguards designed to protect personal information, including:

• password hashing (argon2) for credentials stored on our systems;

• encryption for certain sensitive integration secrets (such as encrypted Shopify customer credentials on our servers);

• access controls and authentication for API access;

• secure upload flows for user-provided photos and documents.

No method of transmission or storage is completely secure. We cannot guarantee absolute security.

Your Rights and Choices

Depending on your location, you may have rights to access, correct, delete, or restrict certain processing of your personal information.

You may:

• update certain profile details in the app where available;

• disable push notifications in your device settings (transactional email may still be sent for account and order activity);

• choose not to use phone OTP sign-in if you prefer email/password sign-in where offered;

• contact us to request access, correction, or deletion subject to verification and legal exceptions.

We may retain certain information where required by law or for legitimate business purposes (for example, completed orders or tax records).

Children’s Privacy

The Services are intended for business users and are not directed to children under 13 (or a higher minimum age where required by law). We do not knowingly collect personal information from children. If you believe we collected such information, contact us at info@exhaustexpert.com and we will take appropriate steps.

International Users

Our Services are primarily operated in the United States. Your information may be processed in the United States and in other countries where we or our service providers operate. By using the Services, you understand that your information may be transferred to, stored in, and processed in those locations subject to applicable law.

Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised version with an updated "Last updated" date. Material changes may also be communicated through the app or by email where appropriate. Continued use of the Services after the effective date means you accept the revised Policy, to the extent permitted by law.

Contact Us

For privacy questions, requests, or account deletion assistance:

Email: info@exhaustexpert.com