← Back to AutoNergy

Privacy Policy

Last updated: 1 May 2026 · Version 2026-05-01

1. Who we are

AutoNergy ("we") is an independent automotive intelligence project operated by Vinit Jhawar. The website autonergy.co is the data controller. Contact privacy@autonergy.co.

2. What this policy covers

This explains what personal data AutoNergy collects, why, how long we keep it, and your rights under the EU GDPR, UK GDPR, California Consumer Privacy Act (CCPA/CPRA), and equivalent laws in India and Ireland.

3. Data we collect

3.1 Email address (only if you subscribe). We send your email to our email service provider (Resend, Inc., USA) to confirm your subscription and deliver the newsletter. We also record the date, your IP address (truncated to /24), and the policy version you consented to so we can demonstrate consent under GDPR Art. 7.

3.2 Approximate location (only with your consent). If you accept "Accept all" on the cookie banner, your browser fetches a country code from ipapi.co. ipapi.co receives your IP. We use the country code to load the relevant market dashboard. If you decline, we use your browser's Accept-Language header instead — that never leaves your browser.

3.3 Browser-local storage. We store the following on your device only (not transmitted to us): theme preference, last selected year range, dismissal flags, and your consent choice. These are not cookies and are not used for tracking. See our Cookie Policy.

3.4 Server logs. Vercel Inc. (USA) automatically logs IP, User-Agent, and request URL for up to 30 days for security and abuse-prevention. These logs are not linked to your email subscription.

3.5 Third-party CDN requests. Some scripts load from cdn.jsdelivr.net and unpkg.com. These services see your IP and User-Agent. We are working on bundling these locally to remove the dependency.

4. What we do not collect

• No Google Analytics, Facebook Pixel, or any advertising tracker.
• No HTTP cookies.
• We do not sell or rent personal data.
• No profiling for advertising.

5. Lawful basis (EU/UK)

• Newsletter subscription: consent (GDPR Art. 6(1)(a)). Withdraw any time via the unsubscribe link in any email.
• IP geolocation: consent (Art. 6(1)(a) and ePrivacy Art. 5(3)).
• Server logs: legitimate interests in operating and securing the site (Art. 6(1)(f)).

6. International transfers

Resend (USA), Vercel (USA), and ipapi.co (EU/CZ) may receive data outside your country. Resend and Vercel rely on the EU-US Data Privacy Framework. ipapi.co is in the EU. Where transfers go to the USA outside DPF coverage, we rely on Standard Contractual Clauses.

7. Retention

• Email subscription: until you unsubscribe, then deleted from our active list within 30 days. Consent records retained for 24 months for compliance.
• Server logs: 30 days.
• Local browser storage: until you clear it.

8. Your rights

Under GDPR / UK GDPR / CCPA you have the right to: access your data, correct it, delete it, port it, restrict or object to its use, and withdraw consent. Email privacy@autonergy.co with subject "DSAR" — we respond within 30 days.

If unsatisfied, complain to the Irish Data Protection Commission (dataprotection.ie), the UK ICO (ico.org.uk), or your local supervisory authority.

9. Children

AutoNergy is not directed to children under 16. We do not knowingly collect data from anyone under 16. If you believe we have, contact us and we will delete it.

10. Security

All traffic is served over HTTPS with HSTS preload. Strict Content-Security-Policy and X-Frame-Options headers are enforced. API keys are stored as encrypted environment variables on Vercel and are never exposed to the browser. The newsletter API enforces rate limits, input validation, and double opt-in. We do not store payment data and do not run any financial transactions.

11. Changes to this policy

We will post any material change here and bump the version date. If you are subscribed, we will email you for any change that requires renewed consent.

12. Contact

Vinit Jhawar (sole proprietor) · privacy@autonergy.co