Policy and data

A clear explanation of how AutoStat handles your data

This page covers data processing, payments, report access, and customer communication. It stays connected to SEO and can be updated from the admin panel.

The goal is simple: customers should understand which data is used before and after buying a report.

Read policy Home

AutoStat

Data protection at a glance

VIN and account

Data is used to search reports, keep check history, and support the customer account.

Payments

Payment flows are separated from report content and recorded to grant access correctly.

Access

Purchased reports stay available in the account, while technical service data is not exposed publicly.

Official text

Privacy Policy

Updated: 22.04.2026

AutoStat Privacy Policy

This Privacy Policy describes how AutoStat (autostat.md) collects, uses, stores and protects your personal data when you use our website and mobile application. By using our services, you agree to the terms of this policy.

Last updated: April 21, 2026

1. Data Controller

The controller of your personal data is:
AutoStat
Website: autostat.md
Email: info@autostat.md
Republic of Moldova

2. What Data We Collect

2.1 Data You Provide Directly

  • Phone number — for identity verification via SMS code (OTP) when placing an order or registering.
  • Email address — for delivering reports, notifications and account recovery.
  • Vehicle VIN code — for performing vehicle history checks. VIN is not considered personal data under Moldovan Law No. 133/2011.
  • Payment data — processed exclusively by payment providers (Paynet and others). We do not store full bank card details.

2.2 Automatically Collected Data

  • IP address (anonymized after processing)
  • Browser type and version / operating system
  • Pages and sections you visit
  • Date and time of visits
  • Cookie data and similar technologies
  • Device identifier and mobile application data

2.3 Mobile Application Data

When using the AutoStat mobile application (iOS/Android), we may additionally collect:

  • Unique device identifier
  • Push token for sending notifications (only with your consent)
  • Application and operating system version
  • Error and crash logs (to improve stability)

3. Vehicle Data Sources

To generate vehicle reports, we obtain data from the following sources:

  • Moldova — BNAA (National Bureau of Automotive Insurers) registries, customs, pledge and restriction registries. Data is provided in accordance with Moldovan legislation.
  • USA — NHTSA (National Highway Traffic Safety Administration), ClearVIN, CheapCARFAX. Data includes accident history, odometer readings, manufacturer recalls.
  • Europe — Vincario, Vehicle Databases. Data on registration, technical inspections, insurance claims in EU countries.

Vehicle data (make, model, year, VIN, history) does not constitute personal data of individuals and is processed separately from your personal data.

4. Purposes and Legal Bases for Processing

  • Contract performance — processing orders, generating and delivering reports, technical support.
  • Identity verification — OTP verification by phone or email to protect the account.
  • Billing and payments — storing transaction information in accordance with accounting requirements.
  • Security — fraud prevention, anomaly detection, protection against unauthorized access.
  • Service improvement — usage analysis to improve functionality (based on legitimate interest).
  • Marketing communications — only with your explicit consent; you may opt out at any time.

Legal bases: Art. 5 of Moldovan Law No. 133/2011 on personal data protection; for EU users — Art. 6(1)(a)(b)(c)(f) GDPR.

5. Sharing Data with Third Parties

We do not sell your data. Data may only be transferred to the following categories of recipients:

  • Payment providers — Paynet (Moldova) and other payment processing systems.
  • SMS providers — for sending confirmation codes.
  • Email services — for sending reports and notifications.
  • Vehicle data API providers — NHTSA, ClearVIN, Vincario and others (VIN code only, without your personal data).
  • Cloud infrastructure — servers for data storage and processing.
  • Government authorities — upon lawful request from Moldovan law enforcement.

6. International Data Transfers

Part of the data processing takes place outside the Republic of Moldova (USA, EU). We ensure an adequate level of data protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data processing agreements with each provider
  • Selection of providers certified under international security standards

7. Data Retention Periods

  • Account data — until account deletion + 3 years after last activity
  • Purchase and transaction data — 10 years (accounting requirements)
  • VIN reports — 2 years from the date of purchase
  • OTP codes — 10 minutes, then automatically deleted
  • Technical logs — 90 days
  • Marketing data — until consent withdrawal

8. Your Rights

Under applicable data protection law, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of data (where legally permitted)
  • Restriction of processing — limit processing during a dispute
  • Objection — object to processing based on legitimate interests
  • Data portability — receive data in a machine-readable format
  • Withdrawal of consent — withdraw consent for marketing communications at any time

To exercise your rights, send a request to info@autostat.md marked "Personal Data Request". A response will be provided within 30 days.

You also have the right to lodge a complaint with the National Centre for Personal Data Protection of Moldova (datepersonale.md).

9. Cookies and Tracking

We use cookies for site operation, analytics and improving user experience. Categories:

  • Essential — for proper session operation and security (cannot be disabled)
  • Analytical — Google Analytics to understand user behaviour (with IP anonymization)
  • Marketing — only with your consent

The mobile application uses similar tracking technologies. You can manage permissions in your device settings.

10. Data Security

We apply technical and organizational measures to protect your data:

  • HTTPS/TLS encryption for all data transfers
  • Password hashing (bcrypt)
  • Limited employee access to personal data
  • Regular system security updates
  • CSRF protection on all forms
  • Login attempt rate limiting

11. Children

Our service is not intended for persons under 18 years of age. We do not knowingly collect data from minors. If you become aware that a child has provided us with data, please contact us.

12. Policy Changes

We reserve the right to update this policy. For significant changes, we will notify you by email or through a notice on the site/application. Continued use of the service after an update constitutes agreement with the new version.

13. Contact

For any questions related to personal data processing:
Email: info@autostat.md
Website: autostat.md

Need help with data or access?

If a customer has a question about a report, payment, or saved data, the FAQ is the fastest next step.

Open FAQ