Plain-English explanation of what data MechIQ collects, why, and how we protect it. No legalese.
[Solicitor review pending] — This policy has been drafted in good faith but has not yet been reviewed by a qualified legal professional. Final legal sign-off is required before publication.
Last updated: 26 May 2026
MechIQ is a cloud-based workshop management platform built for independent automotive garages. We are an Irish company. Our registered address will be published here once our Companies Registration Office (CRO) registration is complete.
For the purposes of the EU General Data Protection Regulation (GDPR), MechIQ is the data processor. Your garage (the subscribing business) is the data controller for the customer and vehicle data you enter into MechIQ. MechIQ is the data controller for account, billing, and usage data related to the garage's subscription.
Data protection queries: privacy@mechiq.ie
Business name, address, VAT number, contact email and phone, staff names and login credentials, subscription and billing details.
Customer names, email addresses, phone numbers, postal addresses. This data is entered and managed by garage staff on behalf of their customers.
Registration plates, VIN numbers, make, model, year, engine type, mileage history, MOT/NCT status.
Fault codes (OBD-II/EOBD), diagnostic scan results, job descriptions, work plans, technician notes, photos, voice notes, vehicle health check results.
Quotes, invoices, parts pricing, labour rates, VAT calculations, payment status. We do not store credit card numbers — payment processing is handled by your chosen payment provider.
Login timestamps, feature usage patterns, browser type, device information. Used to improve the platform and troubleshoot issues.
| Purpose | Legal basis |
|---|---|
| Providing the MechIQ service | Contract performance (your subscription agreement) |
| Processing customer/vehicle data | Legitimate interest of the garage (service delivery to their customers) |
| AI diagnostic analysis and quoting | Legitimate interest (core service feature, disclosed at signup) |
| Cross-garage learning (anonymised) | Legitimate interest (improving diagnostic accuracy across the network) |
| SMS notifications to garage customers | Legitimate interest of the garage (customer communication) |
| Marketing emails about MechIQ | Consent (opt-in only, unsubscribe at any time) |
| Platform analytics and improvement | Legitimate interest (service quality and reliability) |
MechIQ uses AI (powered by Anthropic's Claude API) to provide diagnostic analysis, generate work plans, estimate quotes, and draft customer communications. Here is exactly what happens:
What is sent to the AI: Fault codes, vehicle make/model/year/mileage, job descriptions, and diagnostic scan data are sent to the Anthropic Claude API for analysis. Customer names, phone numbers, and email addresses are not sent to the AI for diagnostic or quoting purposes.
How Anthropic handles it: Anthropic does not use data sent via their API to train their models. Data is processed in transit and not retained beyond what is necessary to provide the response. See Anthropic's privacy policy for details.
AI outputs are advisory: All AI-generated recommendations (diagnostics, quotes, work plans) are presented to your staff for review. A human always makes the final decision.
When a technician confirms or corrects an AI diagnosis, the outcome is recorded. A strictly anonymised version of this correction is added to a shared knowledge pool that improves diagnostic accuracy for all garages on the platform.
What is shared: Fault code, vehicle make/model/year, and the confirmed repair outcome.
Never shared: Customer names, registration plates, garage identity, quote pricing, labour rates, profit margins, or any other commercially sensitive data.
We only share your data with third parties that are necessary to deliver the service. We never sell your data.
| Provider | Purpose | Data shared |
|---|---|---|
| Anthropic (Claude API) | AI diagnostic analysis, quoting, work plans | Vehicle data, fault codes, job descriptions |
| Twilio | SMS notifications to garage customers | Customer phone numbers, message content |
| Sage / Xero / QuickBooks | Accounting sync (if enabled by garage) | Invoice data, customer names, VAT details |
| Vehicle registration providers | Registration plate lookup | Registration plate number |
| AWS (Amazon Web Services) | Cloud hosting infrastructure | All data (encrypted at rest and in transit) |
All third-party providers are bound by data processing agreements. Accounting integrations are only activated when a garage explicitly connects their account via OAuth2.
Active subscription: All data is retained for as long as your garage subscription is active.
Financial records: Invoice and transaction data is retained for 7 years after creation to comply with Irish and UK tax requirements (Revenue Commissioners / HMRC).
After cancellation: Your data is available for export for 30 days after cancellation, then permanently deleted. Anonymised cross-garage learning data (which contains no identifying information) is retained.
Backups: Encrypted database backups are retained for up to 35 days for disaster recovery, then automatically purged.
If you are a garage subscriber, you can exercise these rights directly through the platform or by contacting us. If you are a garage customer whose data is stored in MechIQ, please contact the garage directly in the first instance — they are the data controller for your information.
Request a copy of all data we hold about you or your garage.
Request correction of inaccurate data. Garage staff can also update records directly in the platform.
Request deletion of your data. Note: financial records must be retained for 7 years for tax compliance.
Export your garage data in standard formats (CSV, JSON) at any time through the platform.
Object to processing based on legitimate interest. We will stop processing unless we have compelling grounds to continue.
Request that we limit how we use your data while a concern is being resolved.
To exercise any of these rights, email privacy@mechiq.ie. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Irish Data Protection Commission (dataprotection.ie).
Session authentication and security tokens. Required for the platform to function. Cannot be disabled.
UI preferences such as dark mode setting and sidebar state. Stored locally in your browser.
Aggregate usage metrics to help us improve the platform. No personal data is shared with third-party analytics providers.
We do not use advertising cookies or tracking pixels.
Full details are on our Security page. In summary:
Database-level Row-Level Security isolates every garage's data
AES-256 encryption at rest, TLS 1.2+ encryption in transit
Role-based access control within each garage (admin, front-of-house, technician)
Hosted on AWS in the EU region
Your data is hosted on AWS infrastructure in the EU. Some third-party processors (such as Anthropic and Twilio) may process data in the United States. Where data is transferred outside the EEA, it is protected by Standard Contractual Clauses (SCCs) or an adequacy decision by the European Commission. Anthropic operates under their published Data Processing Addendum.
MechIQ is a business-to-business service for automotive garages. We do not knowingly collect personal data from anyone under 18 years of age. If you believe a child's data has been entered into the platform, please contact us at privacy@mechiq.ie and we will delete it promptly.
We may update this privacy policy from time to time. Material changes will be communicated via an in-app notification to all garage administrators at least 14 days before taking effect. The "Last updated" date at the top of this page will always reflect the most recent version.
For any privacy-related questions or to exercise your data rights:
Email: privacy@mechiq.ie
General enquiries: hello@mechiq.ie
Postal address: [To be published following CRO registration]
Supervisory authority: Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, Ireland — dataprotection.ie