Driven History
Legal

Privacy Policy

Last updated: March 2026

Overview

Driven History ("we", "us", or "our") operates www.drivenhistory.com and the Driven History mobile app. We are committed to protecting your personal information and being transparent about what we collect and why.

This Privacy Policy explains what data we collect, how we use it, who we share it with, and what choices you have. By using Driven History you agree to the practices described here.

Information We Collect

We collect only what is necessary to provide the service:

  • Account information — your email address and a securely hashed password (we never store your password in plain text).
  • Car data — make, model, year, photos, specs, and any notes or stories you choose to add to your garage.
  • Photos you upload — stored on Vercel Blob CDN and linked to your car records.
  • Usage data — standard web server logs (IP address, browser type, pages visited). We do not use third-party analytics trackers.

How We Use Your Information

  • To display your garage and car timeline to you when you are logged in.
  • To power AI features — car spec lookups and AI image generation — via OpenAI. Only car make, model, and year are sent to OpenAI; your email or personal details are never included.
  • To search for car photos via SerpAPI. Only the car make, model, and year are sent as search queries; no personally identifiable information (PII) is shared.
  • To send transactional emails you request — such as password reset links and magic-link sign-in emails — via Resend.
  • To maintain your authenticated session via a single, secure cookie (see Cookies below).

We do not sell, rent, or share your personal data with third parties for marketing purposes.

Third-Party Services

Driven History relies on the following sub-processors. Each is bound by their own privacy policy:

Data Storage & Security

  • Account and car data is stored in a Neon Postgres database located in the United States.
  • Photos are stored on Vercel's global Blob CDN.
  • Passwords are hashed using scrypt (Node.js built-in crypto) before storage — we cannot retrieve your plain-text password.
  • All data in transit is encrypted via HTTPS / TLS. There is no unencrypted HTTP access to the application.
  • Access to the production database is restricted to server-side application code only.

Your Rights

You have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Correction — update or correct your account details at any time from within the app.
  • Deletion — request deletion of your account and all associated data. We will process deletion requests within 30 days.
  • Portability — request an export of your car data.

To exercise any of these rights, email us at Valet@DrivenHistory.com.

Cookies

We use a single cookie to keep you logged in: dh_session. This is an HttpOnly, Secure, SameSite cookie that stores a signed JWT. It expires after 7 days and is strictly necessary for authentication — without it you cannot remain logged in.

We do not set any third-party tracking, advertising, or analytics cookies.

Children's Privacy

Driven History is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, please contact us at Valet@DrivenHistory.com and we will delete the account promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Your continued use of Driven History after any changes constitutes acceptance of the updated policy. For material changes we will make reasonable efforts to notify you (for example, via email to your registered address).

Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please reach out:

Driven History
Valet@DrivenHistory.com

Back to Driven History