Privacy Policy for Glovebox

Effective date: April 21, 2026

App: Glovebox (package com.glovebox.app)

Publisher: ClearFlow Content · outreach@clearflowcontent.com

      The short version. Glovebox keeps your vehicle records
      on your device. Your vehicles, service history, receipt photos, mileage
      logs, reminders, and chat history never leave your phone. A small amount
      of data is sent to outside services to make specific features work
      (recall lookups, AI answers, manual downloads, crash reports) — each is
      listed below in plain language. We do not sell your data. We do not show
      ads. There is no account, no login.
    

1. What stays on your device

All of the following is stored locally on your phone and is never sent to us or anyone else:

Vehicle profiles (VIN, year, make, model, nickname, mileage)
Service records and maintenance history
Receipt photos you attach
Maintenance reminders and schedules
Fuel and cost entries
Owner's manual content cached for offline reading
AI chat conversation history
OBD-II diagnostic readouts and trouble codes
App preferences and settings

Uninstalling the app removes all of this from your device.

2. What leaves your device, and why

Glovebox contacts four external services, each for a specific feature. If you don't use the feature, the request isn't made.

2.1 Vehicle recalls and VIN decoding — NHTSA (US government)

Service: National Highway Traffic Safety Administration (vpic.nhtsa.dot.gov, api.nhtsa.gov).

When: When you add a vehicle (VIN decode) or view safety recalls.

What is sent: VIN, or year/make/model.

Purpose: Decode your VIN; look up open safety recalls.

Privacy: NHTSA is a US federal agency and does not track users. See nhtsa.gov/privacy-policy.

2.2 AI chat answers — Google Gemini (via our Cloudflare Worker)

Service: Google Gemini 2.5 Flash, accessed through a Cloudflare Worker we operate.

When: Each time you send a message in the in-app AI chat, or when the app generates a summary of an owner's manual.

What is sent:

Your chat message.
Relevant snippets of your own service history (to let the AI give grounded answers about your specific vehicle).
The vehicle's year/make/model.

Not sent: your VIN, your photos, your name, your email, or any other identifier that ties this request back to you.

Our Worker: Relays the request to Google and returns the reply. The Worker does not store the chat text after responding. Standard server logs may retain IP addresses for up to 30 days for abuse prevention.

Google's handling: Google processes prompts to produce a response. See Google's AI processing terms at ai.google.dev/gemini-api/terms.

2.3 Owner's manual lookup and caching — Cloudflare Worker + Brave Search

Service: Cloudflare Worker we operate, which in turn uses the Brave Search API.

When: When you open an owner's manual for a vehicle whose manual isn't already cached on the server.

What is sent: Year, make, and model of the vehicle.

Not sent: VIN, your location, or any personal identifier.

Stored: The structured manual content is cached on our Cloudflare D1 database, keyed by year/make/model, so other users with the same vehicle can reuse it. This cache does not contain any user-specific data.

2.4 Crash reports and basic usage analytics — Firebase

Service: Firebase Crashlytics and Firebase Analytics (Google).

When: Automatically, while the app is running — unless you opt out (see below).

What is sent:

Crashlytics: Stack traces, device model, Android version, app version, and a Firebase installation ID (a random identifier that can be reset). Used only to diagnose crashes.
Analytics: Screen names viewed, basic app events (screen opens, feature use), approximate location derived from IP address, and a Firebase installation ID.

Purpose: Understand which features are used and fix crashes.

Retention: Default Firebase retention windows apply (14 months for most event data).

Opting out: The first time you open Glovebox you are shown a "Help improve Glovebox" dialog that explains what is collected and asks you to choose either Allow or Opt out. You can change your mind at any time from Settings → Share anonymous usage data. When the toggle is off, Glovebox calls Firebase's analytics and crash-reporting opt-out APIs so no further analytics or crash data is sent from your device.

Google's handling: Firebase is subject to Google's privacy policy at policies.google.com/privacy.

2.5 Payments — Google Play Billing

Service: Google Play Billing.

When: Only if you choose to buy an optional in-app unlock (for example, the AI assistant or OBD-II diagnostics). The core app — vehicle records, service history, reminders, mileage logs, receipt photos, recalls, manual viewer — is free.

What is sent: Nothing goes from Glovebox to Google that identifies you. Your purchase is handled entirely by the Google Play Store. Glovebox receives only a signed confirmation that you own the entitlement; we never see your card number, billing address, or Google account email.

Google's handling: Purchases are processed under the Google Payments Privacy Notice at payments.google.com.

3. Permissions the app requests

Glovebox only requests permissions needed for specific features:

Permission	Why it's needed
Internet	Contact NHTSA, the AI chat backend, and Firebase
Camera	Take photos of receipts and documents (stays on device)
Read photos / media	Pick existing receipt photos from your gallery
Post notifications	Deliver maintenance reminder notifications
Bluetooth (scan / connect)	Connect to OBD-II diagnostic adapters. Scan is marked `neverForLocation` — we do not derive location from Bluetooth.
Access network state	Required so Wi-Fi OBD-II adapters can be reached even when they don't provide internet
Receive boot completed	Re-schedule your maintenance reminders after a phone restart

We never request contacts, precise location, SMS, call logs, calendar, or health data.

4. Children

Glovebox is not directed at children under 13 and we do not knowingly collect personal information from children. If you believe a child has used the app in a way that provided us personal data, email outreach@clearflowcontent.com and we will act promptly.

5. Security

All network requests use HTTPS. The app blocks cleartext traffic via an Android network security configuration.
The Cloudflare Worker is authenticated with a shared secret so third parties cannot impersonate the app.
Your Google Gemini API key is not stored in the app. All AI requests go through our Worker, which holds the key server-side.
Local data is stored in Android's app-private sandbox. Other apps cannot read it.

No system is perfectly secure. If you discover a vulnerability, please report it to outreach@clearflowcontent.com.

6. Your choices and rights

Delete all data: Uninstall the app. All locally stored vehicles, records, chats, and cached manuals are removed.
Request deletion of server-side data: Email outreach@clearflowcontent.com. Server-side data is limited to (a) cached manual content keyed by year/make/model (contains no user-specific info) and (b) Firebase analytics/crash data tied to a Firebase installation ID. We will honor deletion requests within 30 days.
California (CCPA/CPRA), EU (GDPR), UK residents: You have rights to access, correct, delete, and port personal information, and to object to certain processing. To exercise these rights email outreach@clearflowcontent.com. We do not sell personal information.

7. Changes to this policy

If the policy changes in a material way, the in-app Settings screen will link to the updated policy. The "Effective date" at the top will be updated. We recommend re-reading the policy after any major app update.

8. Contact

Questions, data-access requests, or privacy concerns:
Email: outreach@clearflowcontent.com