Privacy Policy
Last updated: 18 February 2026
1. Who We Are
CarNote ("we", "us", "our") is an Australian service that provides QR code stickers for vehicles. Our website is carnote.com.au. For privacy inquiries, contact us at help@carnote.com.au.
2. Information We Collect
Account holders (vehicle owners):
- Email address (for account creation and notifications)
- Vehicle nickname and type (for display purposes)
- Registration number (optional, stored privately, never displayed publicly)
Reporters (people who scan QR codes):
- Report category and message content
- Hashed IP address (for rate limiting and abuse prevention only; we never store your raw IP address)
Waitlist subscribers:
- Email address
Automatically collected:
- Basic analytics data via Google Analytics (page views, device type, general location)
- Browser user agent string
3. How We Use Your Information
- To provide the CarNote service (delivering reports to vehicle owners)
- To send email notifications about reports and account activity
- To prevent abuse (rate limiting, content moderation, IP blocking)
- To improve our service through anonymous analytics
- To communicate service updates (waitlist notifications, welcome emails)
4. Reporter Anonymity
Reporters are fully anonymous. We do not collect names, emails, or phone numbers from reporters. Vehicle owners cannot see who submitted a report. The hashed IP address stored with reports is a one-way hash and cannot be reversed to identify the reporter.
5. Data Storage & Security
Your data is stored on Google Firebase servers located in Australia (region: australia-southeast1). We use industry-standard security measures including encrypted connections (HTTPS), Firebase Authentication, and Firestore security rules to protect your data.
6. Third-Party Services
We use the following third-party services:
- Google Firebase — hosting, authentication, database
- Google Analytics (GA4) — anonymous usage analytics
- Google reCAPTCHA — spam and abuse prevention
- Resend — transactional email delivery
- OpenAI — content moderation for report messages
Each service operates under its own privacy policy. We share only the minimum data necessary for each service to function.
7. Data Retention
Account data is retained for as long as your account is active. Reports are retained indefinitely unless deleted by the vehicle owner. Waitlist entries are retained until launch. Rate limiting data is automatically cleaned after 1 hour.
8. QR Code Disabling Policy
Vehicle owners may disable their QR code at any time. When a QR code is disabled:
- A 5-minute grace period allows you to undo the action
- After the grace period, the QR code will stop accepting reports
- You may re-enable a disabled QR code at any time from your dashboard
- QR codes are permanently assigned to one vehicle and cannot be reassigned
If a vehicle is removed from your account, the associated QR code is permanently deactivated and cannot be reused.
9. Your Rights
You can:
- Access your data via your dashboard
- Delete individual reports from your dashboard
- Request full account deletion by emailing help@carnote.com.au
- Disable your QR code to stop receiving reports
10. Cookies
We use essential cookies for authentication and session management. Google Analytics uses cookies for anonymous usage tracking. No advertising or tracking cookies are used.
11. Children's Privacy
CarNote is not intended for use by children under 16. We do not knowingly collect personal information from children.
12. Changes to This Policy
We may update this policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of CarNote after changes constitutes acceptance of the updated policy.
13. Contact
For privacy questions or concerns, email us at help@carnote.com.au.