Privacy Policy

1. Scope

This Privacy Policy explains how Config and the operators of the platform ("Config", "we", "our", or "us") collect, use, store, disclose, and otherwise process personal data when you access or use the website, applications, feeds, profile features, submissions, moderation tools, or related services made available through the platform (collectively, the "Services").

This Policy is intended to be read together with our Terms. If local law grants you stronger rights than those described here, those rights apply to the extent required by law.

2. Controller and Contact

Config is the controller of personal data processed through the Services unless stated otherwise. Privacy inquiries, access requests, deletion requests not handled in product, and rights complaints may be sent to privacy@globalautos.de.

Contract, legal, and content-rights notices may be sent to legal@globalautos.de. You should ensure these inboxes are monitored before public launch.

3. Data We Collect

Depending on how you use the Services, we may collect the following categories of data:

• Account and identity data: authentication identifiers from our sign-in provider, email address, display name, username, avatar, onboarding status, and account role.
• Profile data: handle, profile name, biography, favorite brand, profile image, hero image, and other profile details you choose to publish or maintain.
• Submission and source data: share links, share codes, detected brand, source URL, extracted configuration details, imported options, pricing, market, performance information, images, extraction confidence, raw payloads, and related workflow diagnostics.
• User-generated content: drafts, post titles, published posts, comments, votes, reports, moderation submissions, and communications you send to us.
• Device, network, and usage data: IP address, request metadata, browser and device signals, timestamps, log data, referral information, routing and page interaction data, and security events.
• Support, trust, and safety data: records of suspected abuse, spam, fraud, platform misuse, policy violations, takedown requests, account enforcement, and moderation/admin actions.
• Payment and billing data: if we later add paid features, we may process limited billing and transaction records through payment providers. We do not currently describe storing full card numbers directly in the Services.

4. Sources of Data

We collect personal data directly from you, automatically from your use of the Services, and from third parties such as:

• identity and authentication providers used for sign-in;
• hosting, infrastructure, storage, analytics, security, and database providers;
• publicly accessible configurator links, share pages, and source URLs submitted through the Services;
• other users who interact with your public content or report it to us; and
• law enforcement, regulators, rights holders, or other parties making valid legal or policy complaints.

5. How We Use Data

We use personal data as reasonably necessary to operate, maintain, improve, secure, and commercialize the Services, including to:

• create and manage accounts, profiles, sessions, and authentication states;
• process share links and codes, run ingestion workflows, prepare drafts, and publish posts;
• display public profiles, comments, feed activity, and community interactions;
• store, format, transform, compress, thumbnail, cache, and deliver content and media;
• personalize feeds, ranking, navigation, recommendations, and product presentation;
• measure product performance, debug failures, prevent abuse, and improve reliability and feature quality;
• review, investigate, moderate, remove, restrict, disable, or preserve content or accounts;
• enforce our Terms, respond to complaints, and protect the rights, property, and safety of users, rights holders, and the platform;
• communicate with you about operational, legal, security, trust and safety, or support matters;
• comply with law, regulation, court orders, lawful requests, or records-retention obligations; and
• support internal business operations such as audits, reporting, forecasting, testing, training, quality assurance, and corporate transactions.

Where permitted by law, we may also use aggregated, de-identified, or appropriately transformed datasets for analytics, benchmarking, research, product planning, abuse prevention, and business improvement.

6. Legal Bases

If the GDPR or similar laws apply, we generally rely on one or more of the following legal bases:

• performance of a contract or steps taken at your request before entering into a contract;
• our legitimate interests in operating, securing, improving, and defending the Services;
• your consent, where we specifically request it;
• compliance with legal obligations; and
• establishment, exercise, or defense of legal claims.

When we rely on legitimate interests, those interests generally include service operations, platform reliability, moderation, fraud prevention, analytics, product development, commercial administration, and protection of our users and rights.

7. Public Nature of Content

Profiles, handles, post titles, post content, imported configuration details, images, comments, votes, and other community interactions may be publicly visible or reasonably inferable from public areas of the Services. Search engines, third parties, and other users may copy, capture, reference, or archive public content.

You should not submit confidential information, personal data of others without a valid basis, or content you are not comfortable making public. We may preserve copies of removed content where necessary for legal, security, moderation, evidentiary, or backup reasons.

8. Sharing and Disclosure

We may share personal data with:

• service providers that help us host, authenticate, store, secure, moderate, analyze, or support the Services;
• other users and the public where content or profile information is intentionally public;
• rights holders, complainants, advisors, auditors, insurers, and professional service firms where reasonably necessary;
• government bodies, courts, regulators, or law enforcement where legally required or reasonably necessary to protect rights and safety; and
• buyers, investors, successors, or counterparties in a financing, restructuring, merger, acquisition, sale of assets, or similar transaction.

Our infrastructure and feature providers may include companies such as authentication, database, storage, hosting, and observability vendors. The providers used at launch may include Clerk, Vercel, Neon, and related subprocessors selected by those vendors.

9. International Transfers

Your data may be processed in countries outside your country of residence, including outside the EEA/UK/Switzerland where our providers or infrastructure operate. Where required by law, we rely on appropriate safeguards for such transfers, which may include adequacy decisions, standard contractual clauses, or equivalent transfer mechanisms.

10. Retention

We retain personal data for as long as reasonably necessary for the purposes described in this Policy, including to operate accounts, preserve public posts, resolve disputes, enforce agreements, investigate abuse, maintain backups, comply with law, and protect the Services.

• account and profile data are generally retained while the account remains active and for a reasonable period afterward;
• public posts, comments, moderation records, and related logs may be retained longer where operational, legal, or trust and safety interests justify retention;
• deleted data may persist temporarily in caches, backups, snapshots, security logs, and disaster recovery systems; and
• where law requires or permits longer retention, we may retain relevant data for that period.

11. Your Rights

Depending on where you live, you may have the right to request access, correction, deletion, restriction, portability, objection, and withdrawal of consent, as well as the right to lodge a complaint with a supervisory authority.

Some requests can be completed directly through your account settings, including account deletion. We may ask you to verify your identity before acting on a request and may deny or limit requests where an exemption or overriding legal basis applies.

12. Cookies and Similar Technologies

We and our providers may use cookies, local storage, session tokens, security identifiers, and similar technologies to authenticate users, keep sessions active, remember settings, measure usage, secure the Services, and improve product performance.

If additional analytics, advertising, or measurement technologies are introduced later, we may provide additional notice or choices where required by law.

13. Security

We use administrative, technical, and organizational measures designed to protect personal data. No system is perfectly secure, and we do not guarantee that unauthorized access, loss, or misuse will never occur. You are responsible for maintaining the security of your device and account credentials.

14. Children

The Services are not directed to children, and you may not use the Services if you are under the age required by applicable law to form a binding agreement in your jurisdiction. If we learn that we collected personal data from a child in violation of applicable law, we may delete the data and restrict the account.

15. Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we may provide notice through the Services or by other reasonable means. The "Last updated" date indicates when this version became effective.