Privacy Policy

1.1 Personal Identification Information: When you request repair services, we collect your full legal name, residential or business address, phone number(s), email address, and government-issued identification (driver's license number and state) for identity verification, tax reporting, and loaner vehicle authorization.

1.2 Vehicle Information: We collect and store your Vehicle Identification Number (VIN), make, model, year, mileage, license plate number, and color. We may also access your vehicle's onboard diagnostic system (OBD-II) to retrieve fault codes, engine parameters, and electronic system data necessary for proper repair and state-mandated documentation.

1.3 Insurance Information: If you file an insurance claim, we collect your insurance carrier name, policy number, claim number, adjuster contact information, and coverage details.

1.4 Financial Data & Statutory Invoice Records: We utilize trusted third-party payment processors for all electronic transactions.

In-Person Payments: Tap-to-pay, chip, and swipe transactions at our facility are processed securely via Merchant Lynx Services.
Booking & Online Payments: Appointments, deposits, and digital invoices are processed via Square, Inc.

Sensitive Data Handling: When you pay using Credit/Debit Cards, Google Pay, Apple Pay, Cash App Pay, or Afterpay, your sensitive financial information (such as full card numbers, CVV codes, and bank credentials) is encrypted and transmitted directly to the respective processor (Merchant Lynx or Square). Nuplus Corp does not store, access, or possess your raw payment card data on our servers.

Invoice Archival (Mandatory Storage): To comply with New York State Department of Taxation and Finance regulations and NYC Department of Consumer and Worker Protection (DCWP) laws, we are legally required to retain a copy of the final invoice. This invoice record includes: Transaction ID, Payment Method (e.g., "Visa ending in 1234"), Date, Customer Name, Address, Phone Number, Vehicle VIN, License Plate, Mileage, and Itemized Service List. These records are stored securely for tax audit and warranty purposes.

1.5 Photographic Documentation: We capture photographs and video recordings of your vehicle before, during, and after repairs for quality control, insurance documentation, and dispute resolution purposes. These images may include the vehicle's interior if interior damage or cleaning is involved.

1.6 Communications: We retain records of phone calls, emails, text messages, and in-person conversations related to your repair service, including appointment scheduling, estimate approvals, and service updates.

2.1 Service Delivery: Your information is primarily used to perform collision repairs, mechanical work, order parts, schedule appointments, communicate repair status, and process payments.

2.2 Insurance Processing: We submit estimates, supplements, and photographic evidence to insurance carriers on your behalf to facilitate claim approval and payment.

2.3 Legal & Tax Compliance: We use your data to generate detailed invoices and receipts as required by New York State Tax Law. We must maintain these records to demonstrate compliance with sales tax collection, income reporting, and automotive repair facility regulations enforced by the NYS DMV and NYC DCWP.

2.4 Quality Assurance: Photographs and repair records are reviewed internally to maintain quality standards and train technicians.

2.5 Safety and Fraud Prevention: We may analyze data to detect fraudulent insurance claims, prevent theft, and ensure facility security through video surveillance.

3.1 Third-Party Service Providers: We share information with trusted partners who assist in business operations:

• Parts Suppliers: VIN and vehicle specifications for accurate parts ordering (e.g., OEM dealerships, aftermarket distributors).
• Paint Manufacturers: Color codes and paint formulas are shared with PPG for Moonwalk system color matching.
• Towing Companies: Vehicle location and your contact information for recovery services.
• Rental Car Agencies: Driver's license and insurance information for loaner vehicle authorization.
• Payment Processors: We share transaction data with Merchant Lynx (for in-person terminals) and Square (for booking/invoicing) to facilitate payments via Card, ACH, Digital Wallets, and Buy Now Pay Later services. Please refer to their respective Privacy Policies for details on how they handle your financial data.

3.2 Insurance Companies: We are required to share estimates, photographs, repair invoices, and vehicle history with your insurance carrier to process claims. This may include third-party appraisal services hired by insurers.

3.3 Legal Authorities: We will disclose information when required by law, including responses to subpoenas, court orders, tax audits, law enforcement requests, or to establish/defend legal claims.

3.4 Business Transfers: In the event of a merger, acquisition, or sale of assets, customer data may be transferred to the acquiring entity, subject to the same privacy protections.

3.5 No Sale of Data: We do NOT sell, rent, or trade your personal information to third-party marketers, data brokers, or advertisers.

4.1 Physical Security: Paper records containing personal information are stored in locked filing cabinets within secure areas of our facility. Access is restricted to authorized personnel only. Surveillance cameras monitor entry points 24/7.

4.2 Digital Security: Our website is hosted on Cloudflare Pages with SSL/TLS encryption to protect data transmission between your browser and our servers. We do not store sensitive payment details (like full credit card numbers) on our own systems; this data is tokenized and stored by our PCI-compliant processors (Merchant Lynx and Square).

4.3 Employee Training: All staff members receive annual privacy and security training and sign confidentiality agreements.

4.4 Secure Disposal: Physical documents are cross-cut shredded after the retention period. Digital files are securely wiped using DOD 5220.22-M standards.

4.5 Breach Notification: In the unlikely event of a data breach affecting your information, we will notify you via email and/or postal mail within 72 hours of discovery, as required by New York State law (NY General Business Law § 899-aa).

5.1 Active Records (Tax & Legal): Invoice data, payment receipts, and repair orders containing customer and vehicle information must be retained for a mandatory minimum period of seven (7) years. This retention is strictly enforced to comply with New York State Department of Taxation and Finance audit requirements, IRS regulations, and the statute of limitations for contract and warranty claims.

5.2 Insurance Records: Documents related to insurance claims are retained for up to ten (10) years due to extended claim dispute windows and re-inspection rights held by carriers.

5.3 Marketing Data: If you opt into marketing communications, your contact information is retained until you unsubscribe.

5.4 Video Surveillance: Security camera footage is retained for 90 days unless needed for an investigation or legal proceeding.

6.1 Access: You have the right to request a copy of the personal information we hold about you. We will provide this within 30 days of a verified request.

6.2 Correction: If your information is inaccurate or incomplete, you may request corrections by contacting us at [email protected].

6.3 Deletion: You may request deletion of your personal information. However, please note that we cannot delete invoice records, transaction histories, or repair orders that we are legally required to maintain for tax and regulatory purposes (as outlined in Section 5.1). We will only delete non-essential data.

6.4 Opt-Out of Marketing: You may unsubscribe from promotional emails at any time by clicking the unsubscribe link or emailing [email protected].

6.5 Do Not Track: Our website currently does not respond to "Do Not Track" browser signals, but we do not track users across third-party websites.

7.1 Website Analytics: We use privacy-focused analytics tools to understand how visitors interact with our website and improve your experience. Specifically, we use:

• Cloudflare Web Analytics: A privacy-first analytics service that does not use cookies, does not track users across websites, and does not collect any personally identifiable information. All data is aggregated and anonymized.
• Google Analytics (optional): When enabled, this service uses cookies to collect anonymous usage data. We configure Google Analytics with privacy-enhanced settings, including IP anonymization.

7.2 Data Collected: Our analytics tools collect only non-personal, aggregated information such as:

• Pages visited and time spent on each page
• Traffic sources (how visitors found our website)
• Device type, browser, and screen resolution
• Geographic location (city/country level only, never precise location)
• General usage patterns (page navigation, scroll depth)

7.3 Privacy Protection: Our analytics implementation is designed with your privacy in mind. We do not:

• Collect names, email addresses, or contact information through analytics
• Track you across other websites
• Create individual user profiles or behavioral histories
• Sell or share analytics data with advertisers or third parties
• Use analytics data for anything other than improving our website

7.4 Your Cookie Choices: You can control cookie preferences in your browser settings. Most browsers allow you to:

• Block all cookies
• Accept cookies only from specific sites
• Delete existing cookies
• Receive notifications when cookies are set

You can also opt out of Google Analytics specifically by installing the Google Analytics Opt-out Browser Add-on. Note that Cloudflare Web Analytics does not require cookies and cannot be opted out of via browser settings, as it collects no personal data.

7.5 Theme Preference: We store your light/dark mode preference locally in your browser (localStorage) to remember your choice on future visits. This data never leaves your device and is not transmitted to our servers.

7.6 No Advertising or Tracking: We do not use advertising cookies, tracking pixels, or share data with advertising networks. All analytics data is used exclusively for understanding website performance and making improvements to serve you better.

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors without parental consent. If you believe we have inadvertently collected information from a child, please contact us immediately at [email protected] for prompt deletion.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information (subject to exceptions)
• Right to opt-out of the sale of personal information (we do not sell data)
• Right to non-discrimination for exercising CCPA rights

To exercise these rights, email [email protected] or call (347) 692-8698.

We reserve the right to modify this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or business operations. The "Last Updated" date at the top of this page indicates when the policy was last revised. Material changes will be communicated via email to customers with active service records or by posting a notice on our website for 30 days.