This Privacy Policy ("Policy") describes how Gearz ("Gearz," "we," "us," or "our") collects, uses, discloses, and protects information when you access or use our website, web and mobile applications, and all related services (collectively, the "Service"). The Service includes, without limitation, the Gearz social platform, vehicle garage features, club management tools, event discovery, ticketing, and gamification features such as the Gearhead Score.
This Policy applies to all individuals who access or use the Service, whether as registered members, event attendees, club organizers, or casual visitors. It does not govern information you share directly with other users, club organizers, or third-party services linked from the Service.
Throughout this Policy, the following definitions apply:
Gearz is the Controller of Personal Data processed through the Service. We are responsible for deciding how and why your Personal Data is processed, and for ensuring that such Processing complies with applicable data-protection laws.
If you have questions, concerns, or requests regarding this Policy or the Processing of your Personal Data, you may contact us at:
We aim to respond to all legitimate requests within thirty (30) calendar days. In certain circumstances, it may take longer if your request is particularly complex or you have made multiple requests, in which case we will notify you and keep you informed of our progress.
Depending on how you interact with the Service, we may collect the following categories of Personal Data:
We collect Personal Data that you voluntarily submit when you create an account, complete your profile, add vehicles to your garage, join or create a club, RSVP to or purchase tickets for an event, post to the activity feed, subscribe to a paid tier, or contact us for support.
When you access the Service, we automatically collect Technical Data and Usage Data through server logs, cookies, pixel tags, and similar technologies. This information helps us operate, maintain, and improve the Service.
We may receive Personal Data about you from third-party sources, including:
We process Personal Data only where we have a valid legal basis to do so. The table below sets out the primary purposes for which we process your Personal Data and the corresponding legal basis under applicable data-protection law.
| Purpose | Legal Basis |
|---|---|
| Create and manage your account, profile, and subscription | Performance of a contract |
| Process ticket purchases and subscription payments via Stripe | Performance of a contract |
| Operate club management, event discovery, garage features, and the activity feed | Performance of a contract |
| Calculate and display your Gearhead Score and gamification metrics | Legitimate interest |
| Send transactional communications (e.g., receipts, event reminders, account alerts) | Performance of a contract |
| Send promotional or marketing communications about Gearz features and events | Consent (or legitimate interest where permitted) |
| Display nearby events and clubs based on your location | Consent (precise) / Legitimate interest (approximate) |
| Improve, personalize, and secure the Service, including fraud detection and abuse prevention | Legitimate interest |
| Conduct analytics and research to understand usage patterns | Legitimate interest |
| Comply with legal obligations, respond to lawful requests, and protect our rights | Legal obligation / Legitimate interest |
Where Processing is based on consent, you may withdraw that consent at any time by contacting us at privacy@gearz.io or by adjusting your account settings. Withdrawal of consent does not affect the lawfulness of Processing carried out before withdrawal.
We do not sell your Personal Data. We may share your Personal Data with the following categories of recipients, only to the extent necessary for the purposes described in this Policy:
We engage third-party vendors who process Personal Data on our behalf to provide infrastructure, payment processing, analytics, communication, and support services. Key providers include:
Each service provider is contractually obligated to process Personal Data only in accordance with our instructions and applicable data-protection law.
When you join a club or RSVP to a club event, certain Profile Data and Vehicle Data may be shared with the club's organizer(s) to facilitate membership management and event coordination. Organizers receive only the data necessary for these purposes.
We may disclose Personal Data to law enforcement, regulatory bodies, or other public authorities where we are legally required to do so, or where disclosure is reasonably necessary to protect our rights, safety, or property, or those of our users or the public.
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your Personal Data may be transferred to the acquiring entity. We will notify you via email and/or a prominent notice on the Service before your Personal Data is transferred and becomes subject to a different privacy policy.
We may share your Personal Data with other third parties when you have given us your explicit consent to do so, or when you direct us to share it (for example, sharing your garage publicly or posting on the activity feed).
We use cookies, pixel tags, local storage, and similar technologies to operate the Service, remember your preferences, understand usage patterns, and improve your experience. These technologies may collect Technical Data and Usage Data as described in Article 3.
We classify cookies into the following categories:
Where required by law — including in the European Economic Area (EEA), the United Kingdom (UK), and under the ePrivacy Directive — we obtain your consent before placing non-essential cookies on your device. You may manage your cookie preferences at any time through the cookie-consent banner or your browser settings.
For complete details on the cookies we use, their purposes, and how to manage them, please refer to our Cookie Policy.
Gearz is operated from the United States. If you access the Service from outside the United States — including from the EEA, UK, or Switzerland — your Personal Data may be transferred to, stored in, and processed in the United States or other countries that may not provide the same level of data-protection as your jurisdiction of residence.
Whenever we transfer Personal Data outside the EEA, UK, or Switzerland, we implement appropriate safeguards designed to ensure that your data receives a level of protection substantially equivalent to that provided under European data-protection law. These safeguards include:
You may request a copy of the safeguards we have put in place by contacting us at privacy@gearz.io.
We implement reasonable administrative, technical, and physical safeguards designed to protect your Personal Data against accidental loss, unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:
No method of electronic transmission or storage is completely secure. While we strive to use commercially reasonable means to protect your Personal Data, we cannot guarantee absolute security. If you have reason to believe your interaction with the Service is no longer secure, please contact us immediately at privacy@gearz.io.
We retain your Personal Data only for as long as reasonably necessary to fulfill the purposes for which it was collected, including to satisfy legal, regulatory, tax, accounting, or reporting obligations. The specific retention period depends on the nature of the data and the purpose of Processing.
The following are illustrative retention periods:
When we no longer have a legitimate business need to process your Personal Data, we will either delete it or anonymize it in accordance with applicable law. If deletion is not immediately possible (for example, because data resides in backup archives), we will securely isolate it from further Processing until deletion is feasible.
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and equivalent local laws afford you certain rights with respect to your Personal Data. Subject to applicable exceptions, you have the right to:
To exercise any of these rights, please contact us at privacy@gearz.io with the subject line "GDPR Rights Request." We may ask you to verify your identity before fulfilling your request. We will respond within thirty (30) days, or within the extended period permitted by applicable law if necessary.
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights regarding your Personal Data:
To submit a request, email us at privacy@gearz.io with the subject line "CCPA Rights Request." We will verify your identity by matching information you provide against our records. We will respond within forty-five (45) days, or within the extended period permitted by the CCPA if necessary.
The Service is not directed at individuals under the age of sixteen (16). We do not knowingly collect Personal Data from children under 16. If you are under 16, please do not register for the Service or submit any Personal Data to us.
If we become aware that we have collected Personal Data from a child under 16 without verifiable parental consent, we will take reasonable steps to delete such data promptly. If you believe a child under 16 has provided Personal Data to us, please contact us at privacy@gearz.io so that we may investigate and take appropriate action.
For users in the United States, this commitment is consistent with the requirements of the Children's Online Privacy Protection Act (COPPA).
We may update this Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will revise the "Last updated" date at the top of this Policy.
For material changes — such as a new category of Personal Data being collected, a change in the purposes of Processing, or a reduction in your rights — we will provide you with at least thirty (30) days' advance notice by posting a prominent notice on the Service and, where you have provided us with an email address, sending you an email notification.
Your continued use of the Service after the effective date of a revised Policy constitutes your acceptance of the changes. If you do not agree with any modification, you should discontinue use of the Service and, if applicable, delete your account.
If you have any questions, concerns, or requests regarding this Policy or our privacy practices — or if you wish to exercise any of your rights described herein — please contact us:
If you are located in the EEA, UK, or Switzerland and are not satisfied with our response, you have the right to lodge a complaint with your local data-protection supervisory authority. We nonetheless encourage you to contact us first so that we may attempt to resolve your concern directly.