Privacy Policy

1.1 Personal Identification Information: When you request repair services, we collect your full legal name, residential or business address, phone number(s), email address, and high-resolution digital scans or photographs of your government-issued identification (driver's license number and state) for identity verification, tax reporting, and loaner vehicle authorization.

1.2 Vehicle Information: We collect and store your Vehicle Identification Number (VIN), make, model, year, mileage, license plate number, and color. We may also access your vehicle's onboard diagnostic system (OBD-II) to retrieve fault codes, engine parameters, and electronic system data necessary for proper repair and state-mandated documentation.

1.3 Insurance Information: If you file an insurance claim, we collect your insurance carrier name, policy number, claim number, adjuster contact information, and coverage details.

1.4 Financial Data & Statutory Invoice Records: We utilize trusted third-party payment processors for all electronic transactions.

In-Person Payments: Tap-to-pay, chip, and swipe transactions at our facility are processed securely via Merchant Lynx Services.
Booking & Online Payments: Appointments, deposits, and digital invoices are processed via Square, Inc.

Sensitive Data Handling: When you pay using Credit/Debit Cards, Google Pay, Apple Pay, Cash App Pay, or Afterpay, your sensitive financial information (such as full card numbers, CVV codes, and bank credentials) is encrypted and transmitted directly to the respective processor (Merchant Lynx or Square). Nuplus Corp does not store, access, or possess your raw payment card data on our servers.

Invoice Archival (Mandatory Storage): To comply with New York State Department of Taxation and Finance regulations and NYC Department of Consumer and Worker Protection (DCWP) laws, we are legally required to retain a copy of the final invoice. This invoice record includes: Transaction ID, Payment Method (e.g., "Visa ending in 1234"), Date, Customer Name, Address, Phone Number, Vehicle VIN, License Plate, Mileage, and Itemized Service List. These records are stored securely for tax audit and warranty purposes.

1.5 Photographic & Video Documentation: We capture high-resolution photographs and video recordings of your vehicle before, during, and after repairs for quality control, insurance documentation, and dispute resolution purposes. These images may include the vehicle's interior, dashboard, and electronic system readouts. These digital assets are securely stored on Cloudinary.

1.6 Communications: We retain records of phone calls, emails, text messages, and in-person conversations related to your repair service, including appointment scheduling, estimate approvals, and service updates. This includes phone numbers and email addresses provided for the purpose of receiving digital invoices or transaction receipts.

1.7 Digital Signature & Identity Data: We collect and store digital captures of your signature for authorization forms and legal releases. We also store digital copies of vehicle titles, registrations, and insurance cards as required for repair validation and New York State compliance. These records are encrypted and hosted via our secure third-party media management provider, Cloudinary.

2.1 Service Delivery: Your information is primarily used to perform collision repairs, mechanical work, order parts, schedule appointments, communicate repair status, and process payments.

2.2 Insurance Processing: We submit estimates, supplements, and photographic evidence to insurance carriers on your behalf to facilitate claim approval and payment.

2.3 Legal & Tax Compliance: We use your data to generate detailed invoices and receipts as required by New York State Tax Law. We must maintain these records to demonstrate compliance with sales tax collection, income reporting, and automotive repair facility regulations enforced by the NYS DMV and NYC DCWP. This includes the retention of all information required by government authorities for audit purposes.

2.4 Quality Assurance: Photographs and repair records are reviewed internally to maintain quality standards and train technicians.

2.5 Safety and Fraud Prevention: We may analyze data to detect fraudulent insurance claims, prevent theft, and ensure facility security through video surveillance.

2.6 Automated & Requested Delivery: We use your contact information to deliver digital invoices and receipts, either upon your specific request or automatically following a payment trigger. These communications are strictly transactional and are processed via Brevo (Email) and SignalWire (SMS).

2.7 Digital Identity Management: Scanned identification and digital signatures are used exclusively to prove authorization of repairs, satisfy lien requirements, and prevent identity theft during vehicle release.

3.1 Third-Party Service Providers: We share information with trusted partners who assist in business operations:

• Parts Suppliers: VIN and vehicle specifications for accurate parts ordering (e.g., OEM dealerships, aftermarket distributors).
• Paint Manufacturers: Color codes and paint formulas are shared with PPG for Moonwalk system color matching.
• Towing Companies: Vehicle location and your contact information for recovery services.
• Rental Car Agencies: Driver's license and insurance information for loaner vehicle authorization.
• Payment Processors: We share transaction data with Merchant Lynx (for in-person terminals) and Square (for booking/invoicing) to facilitate payments via Card, ACH, Digital Wallets, and Buy Now Pay Later services.
• Media & Document Hosting (Cloudinary): We utilize Cloudinary for the secure storage, optimization, and delivery of high-resolution vehicle photos, identification scans, and signature records. Cloudinary employs advanced security protocols and encryption to ensure the integrity of your digital records.
• Communication Gateways (SignalWire & Brevo): These providers act as data processors to transmit requested invoices, receipts, and service updates. They process your contact information (email/phone) and the content of the message solely to facilitate delivery and provide us with delivery logs. They are contractually prohibited from using your data for any other purpose.

3.2 Insurance Companies: We are required to share estimates, photographs, repair invoices, and vehicle history with your insurance carrier to process claims. This may include third-party appraisal services hired by insurers.

3.3 Legal Authorities: We will disclose information when required by law, including responses to subpoenas, court orders, tax audits, law enforcement requests, or to establish/defend legal claims and satisfy government reporting requirements.

3.4 Business Transfers: In the event of a merger, acquisition, or sale of assets, customer data may be transferred to the acquiring entity, subject to the same privacy protections.

3.5 No Sale of Data: We do NOT sell, rent, or trade your personal information to third-party marketers, data brokers, or advertisers.

3.6 Messaging Privacy Policy: No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

4.1 Physical Security: Paper records containing personal information are stored in locked filing cabinets within secure areas of our facility. Access is restricted to authorized personnel only. Surveillance cameras monitor entry points 24/7.

4.2 Digital Security & Cloud Storage: Our website is hosted on Cloudflare Pages with SSL/TLS encryption. Sensitive identification scans, signatures, and vehicle media are stored using Cloudinary's secure infrastructure, featuring AES-256 encryption at rest and secure HTTPS/TLS transmission. We do not store sensitive payment details on our own systems; this data is tokenized by Merchant Lynx and Square.

4.3 Employee Training: All staff members receive annual privacy and security training and sign confidentiality agreements regarding the handling of sensitive customer identification and digital records.

4.4 Secure Disposal: Physical documents are cross-cut shredded after the retention period. Digital files, including those on Cloudinary, are securely deleted using permanent erasure protocols when no longer required by law.

4.5 Breach Notification: In the unlikely event of a data breach affecting your information (including data stored with our third-party providers), we will notify you via email and/or postal mail within 72 hours of discovery, as required by New York State law (NY General Business Law § 899-aa).

5.1 Active Records (Tax & Legal): Invoice data, payment receipts, digital signatures, identification scans, and repair orders containing customer and vehicle information must be retained for a mandatory minimum period of seven (7) years. This retention is strictly enforced to comply with New York State Department of Taxation and Finance audit requirements, IRS regulations, and the statute of limitations for contract and warranty claims.

5.2 Insurance & Claim Records: Documents and photographic evidence related to insurance claims are retained for up to ten (10) years due to extended claim dispute windows and re-inspection rights held by carriers.

5.3 Marketing Data: If you opt into marketing communications, your contact information is retained until you unsubscribe.

5.4 Video Surveillance: Security camera footage is retained for 90 days unless needed for an investigation or legal proceeding.

6.1 Access: You have the right to request a copy of the personal information we hold about you. We will provide this within 30 days of a verified request.

6.2 Correction: If your information is inaccurate or incomplete, you may request corrections by contacting us at [email protected].

6.3 Deletion: You may request deletion of your personal information. However, please note that we cannot delete invoice records, identification scans associated with authorized repairs, digital signatures, transaction histories, or repair orders that we are legally required to maintain for tax and regulatory purposes (as outlined in Section 5.1). We will only delete non-essential data.

6.4 Opt-Out of Marketing: You may unsubscribe from promotional emails at any time by clicking the unsubscribe link or emailing [email protected].

6.5 Do Not Track: Our website currently does not respond to "Do Not Track" browser signals, but we do not track users across third-party websites.

7.1 Website Analytics: We use privacy-focused analytics tools to understand how visitors interact with our website and improve your experience. Specifically, we use:

• Cloudflare Web Analytics: A privacy-first analytics service that does not use cookies, does not track users across websites, and does not collect any personally identifiable information. All data is aggregated and anonymized.
• Google Analytics (optional): When enabled, this service uses cookies to collect anonymous usage data. We configure Google Analytics with privacy-enhanced settings, including IP anonymization.

7.2 Data Collected: Our analytics tools collect only non-personal, aggregated information such as:

• Pages visited and time spent on each page
• Traffic sources (how visitors found our website)
• Device type, browser, and screen resolution
• Geographic location (city/country level only, never precise location)
• General usage patterns (page navigation, scroll depth)

7.3 Privacy Protection: Our analytics implementation is designed with your privacy in mind. We do not:

• Collect names, email addresses, or contact information through analytics
• Track you across other websites
• Create individual user profiles or behavioral histories
• Sell or share analytics data with advertisers or third parties
• Use analytics data for anything other than improving our website

7.4 Your Cookie Choices: You can control cookie preferences in your browser settings. Most browsers allow you to:

• Block all cookies
• Accept cookies only from specific sites
• Delete existing cookies
• Receive notifications when cookies are set

You can also opt out of Google Analytics specifically by installing the Google Analytics Opt-out Browser Add-on. Note that Cloudflare Web Analytics does not require cookies and cannot be opted out of via browser settings, as it collects no personal data.

7.5 Theme Preference: We store your light/dark mode preference locally in your browser (localStorage) to remember your choice on future visits. This data never leaves your device and is not transmitted to our servers.

7.6 No Advertising or Tracking: We do not use advertising cookies, tracking pixels, or share data with advertising networks. All analytics data is used exclusively for understanding website performance and making improvements to serve you better.

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors without parental consent. If you believe we have inadvertently collected information from a child, please contact us immediately at [email protected] for prompt deletion.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information (subject to exceptions)
• Right to opt-out of the sale of personal information (we do not sell data)
• Right to non-discrimination for exercising CCPA rights

To exercise these rights, email [email protected] or call (347) 692-8698.

We reserve the right to modify this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or business operations. The "Last Updated" date at the top of this page indicates when the policy was last revised. Material changes will be communicated via email to customers with active service records or by posting a notice on our website for 30 days.