Privacy Policy

Effective Date: January 1, 2026 — Last Updated: January 1, 2026

Phlite Software LLC ("Carmic," "we," "us," or "our") provides vehicle repair management software through our mobile applications for iOS and Android (the "Mobile App"), our Windows desktop application (the "Desktop App"), and our web portal at carmicai.com (the "Web Portal," and collectively with the Mobile App and Desktop App, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use any part of the Service.

By creating an account or using the Service, you consent to the practices described herein. If you do not agree with this Privacy Policy, do not use the Service.


1. Information We Collect

1.1 Account Information

1.2 Repair File and Project Data

1.3 OEM Procedures and Third-Party Reference Materials

Important: How Carmic Handles OEM Procedures and Copyrighted Materials.

Carmic's AI features assist technicians in comprehending and executing OEM (Original Equipment Manufacturer) repair procedures and other industry reference materials within the context of a specific repair on a specific vehicle. Carmic does not aggregate, index, compile, redistribute, or create a searchable database of OEM procedures or other copyrighted materials. OEM procedures and third-party reference documents are accessed, referenced, and applied exclusively as work product within individual repair files belonging to your account. These materials are never grouped across accounts, shared between accounts, made publicly accessible, or used to build derivative databases. Each account's use of such materials is isolated to that account's specific repair files for specific repairs.

1.4 Device and Sensor Data

1.5 Contacts and Calendar (Optional)

With your permission, the Mobile App may access your contacts (for customer lookup) and calendar (for scheduling). This data is used only for the feature you initiated and is not transmitted to our servers or shared with third parties.

1.6 Automatically Collected Data


2. How We Use Your Information

PurposeData Used
Provide and operate the Service across all platformsAccount info, repair file data, photographs, annotations
AI-powered analysis (tag suggestions, estimate extraction, document comprehension)Cropped/resized image regions, document content, capture mode context
Transcribe voice notes and annotationsAudio recordings
Sync your data across your devicesRepair files, photographs, annotations, settings
Generate reports and exportsRepair file data, photographs, annotations, measurements
Deliver real-time notificationsAccount identifier, device type, notification content
Send service communications (email, SMS)Email address, phone number (when provided)
Process paymentsPayment tokens, billing address
Improve the ServiceAnonymized usage analytics, crash reports
Respond to support requestsSupport communications, account info
Comply with legal obligationsAs required by applicable law

We do not:

• Sell your personal information or repair file data to third parties

• Use your photographs, voice recordings, or repair data for advertising purposes

• Train AI models on your content

• Share your repair file data with other Carmic accounts unless you explicitly initiate sharing

• Aggregate or redistribute OEM procedures or other copyrighted reference materials across accounts

• Create searchable databases or compilations of third-party copyrighted content


3. Data Storage and Security

3.1 Local Storage

The Mobile App and Desktop App store photographs, voice recordings, and repair file data locally on your device. Core features function fully offline. Cloud sync is used to back up your data and enable access across devices.

3.2 Cloud Storage

When you use the Service, your synced data is stored on cloud infrastructure hosted in the United States (Amazon Web Services). Data is encrypted in transit (TLS 1.2+) and at rest (AES-256).

3.3 Account Isolation

Each Carmic account's data is logically isolated. Repair files, photographs, documents, and all associated data belong to and are accessible only by the account that created them. We do not aggregate data across accounts or provide cross-account access unless you explicitly share a specific item with a specific recipient.

3.4 Security Measures

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.


4. Third-Party Services

The Service integrates with the following categories of third-party services to provide its functionality:

Service CategoryWhat Is SharedPurpose
AI/LLM Vision and Language Models (e.g., Google Gemini via OpenRouter)Cropped, resized image regions; document text; structured promptsAI tag suggestions, estimate analysis, document comprehension, OEM procedure interpretation for specific repairs
Speech-to-Text Services (e.g., ElevenLabs, Deepgram)Audio streamTranscribe voice notes and annotations
Text-to-Speech Services (e.g., ElevenLabs)Text contentVoice playback of AI responses
Offline Speech Recognition (Vosk, SherpaOnnx)Audio processed locally on deviceOn-device transcription without network
Cloud Storage (AWS S3)Photographs, audio files, synced repair dataCloud storage and cross-device sync
Email Delivery (AWS SES)Recipient email, message contentTransactional and notification emails
SMS (Twilio)Phone number, message contentSMS notifications when configured by your account
Payment ProcessingPayment method detailsSubscription billing
Analytics (anonymized)Anonymized usage events, crash dataApp stability and improvement

Each third-party service is bound by its own privacy policy and, where applicable, data processing agreements with us. We select providers that meet industry-standard privacy and security requirements. We do not permit third-party providers to use your data for purposes other than providing the requested service.

AI inference providers process your submitted data in real time and do not retain images, documents, or text content after returning results. We do not send full-resolution photographs to AI services — only cropped, resized, low-resolution excerpts necessary for the specific analysis task.


5. Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following limited circumstances:

Repair file data is never shared across accounts. Each account's repair files, customer information, photographs, and related data are isolated to that account. We do not provide any mechanism for cross-account data access, aggregation, or search.


6. Your Rights and Choices

6.1 Access and Portability

You can access your data at any time through the Service. You may export repair files, photographs, and reports in standard formats (PDF, JPEG, CSV). We will provide a copy of your personal data upon written request within 30 days.

6.2 Correction

You may update your account information, repair file data, tags, labels, and annotations at any time through the Service or by contacting us.

6.3 Deletion

You may delete individual photographs, repair files, or your entire account. When you delete your account, we will delete your personal data and repair file data from our active systems within 30 days. Some data may persist in encrypted backups for up to 90 days before being purged.

6.4 Device Permissions

The Mobile App requests the following device permissions, all of which can be managed in your device settings:

PermissionPurposeRequired?
CameraPhoto/video capture, AR markout viewfinderRequired for core features
MicrophoneVoice notes, voice annotations, real-time transcriptionOptional
LocationGPS tagging of photos, shop location associationOptional
Motion & SensorsAR tracking (accelerometer, gyroscope)Required for AR features
ContactsCustomer contact lookupOptional
CalendarScheduling and event syncOptional
Photo LibrarySave/import photosOptional
BluetoothPeripheral device connectivityOptional
NotificationsReal-time repair file updates and alertsOptional

6.5 Marketing Communications

You may opt out of marketing emails at any time by clicking "unsubscribe" in any marketing email or updating your preferences in settings. Service-related communications (security alerts, billing receipts, critical product notifications) are not subject to opt-out.

6.6 California Residents (CCPA/CPRA)

If you are a California resident, you have the right to: (a) know what personal information we collect and how it is used, (b) request deletion of your personal information, (c) opt out of the sale or sharing of personal information (we do not sell personal information), (d) correct inaccurate personal information, and (e) not be discriminated against for exercising your rights. To exercise these rights, contact us at the address below.

6.7 European Residents (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights including access, rectification, erasure, restriction of processing, data portability, and objection. Our legal bases for processing are: performance of a contract (providing the Service), legitimate interests (improving the Service, security), and consent (where applicable). To exercise these rights, contact us at the address below.


7. Data Retention


8. Children's Privacy

The Service is designed for professional use and is not directed to children under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete it promptly.


9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by: (a) posting the updated policy on the Site with a revised "Last Updated" date, (b) sending an in-app notification, and/or (c) sending an email for significant changes. Your continued use of the Service after the effective date constitutes acceptance of the changes.


10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Phlite Software LLC
Attn: Privacy
Phlite Software LLC
55 Hoffman Road
Monroe Twp., NJ 08831
Email: privacy@carmicai.com