Legal

Privacy Policy.

Last updated · 2026-05-17

This Privacy Policy describes how Flaw Cars (“we”, “us”) collects, uses, and shares information when you use flawcars.com (the “Service”).

1. Information we collect

We collect three categories of information:

  • Information you provide directly. When you create an account or submit a contact form, we collect your name, email address, phone number (if provided), and the content of any message or vehicle inquiry you send us.
  • Information from authentication. We use Supabase Auth to manage sign-in. When you sign in we receive your email address and a session token; we do not see or store your password (authentication is via emailed one-time link).
  • Information collected automatically. Like most websites, we collect basic usage data: pages viewed, referring URLs, approximate location based on IP address, browser type, and timestamps. We use this to understand how the Service is used and to detect abuse.

2. Cookies and similar technologies

The Service uses cookies and local storage for three purposes:

  • Session cookies set by Supabase to keep you signed in across pages. These are essential for the Service to function and cannot be disabled while signed in.
  • Preference storage (local storage) to remember your locale (en or ar) and theme (light or dark).
  • Analytics may be added in the future to measure aggregate usage. If we add analytics that use cookies, we will update this policy and provide a cookie banner where required.

3. How we use information

We use the information we collect to:

  • Operate and maintain the Service.
  • Respond to inquiries and provide quotes.
  • Send transactional emails (sign-in links, inquiry confirmations).
  • Detect and prevent fraud and abuse.
  • Improve the Service based on aggregate usage patterns.

We do not sell your personal information. We do not use your data to train third-party machine-learning models.

4. Service providers we share data with

We rely on the following service providers, each of which receives only the data necessary to perform its function:

  • Supabase — hosts our user accounts and database. Stores your email address, session, and any data you save through the Service.
  • Vercel — hosts and serves the Service. Receives standard request metadata (IP address, user agent) to deliver pages.
  • Emailit — sends transactional emails on our behalf (contact-form notifications, sign-in links). Receives the email address of the recipient and the message content.
  • Sanity — powers our editorial content (blog). Does not receive personal data; reads are anonymous.

We do not share your data with marketing partners or advertisers.

5. Data retention

We retain account information for as long as your account is active. Contact-form submissions are retained for two years after the last interaction so we can follow up on quotes and reference earlier conversations. You can request deletion at any time (see Section 7).

6. Security

We use industry-standard safeguards including encryption in transit (HTTPS), encrypted storage at rest, and access controls on our backend. No system is perfectly secure; if we become aware of a breach that affects your personal data, we will notify you within a reasonable time and as required by applicable law.

7. Your rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate personal data.
  • Delete your account and associated personal data, subject to any retention required by law.
  • Object to certain processing or withdraw consent where processing is based on consent.
  • Port your data to another service in a structured, machine-readable format.

To exercise any of these rights, email hello@flawcars.com from the address on your account. We respond within 30 days.

8. International transfers

Our service providers operate in the United States and Europe, meaning your personal data may be transferred outside the UAE. We rely on those providers’ standard data-protection commitments and only share what is necessary to operate the Service.

9. Children

The Service is not directed to children under 18 and we do not knowingly collect personal data from anyone under 18. If you believe a child has provided us personal data, contact us and we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected on this page with a revised “Last updated” date. We encourage you to review the policy periodically.

11. Contact

Questions about this Privacy Policy can be sent to hello@flawcars.com or via the contact page.

This Privacy Policy is provided as a starting point and has not been reviewed by a UAE-licensed attorney. Before relying on it, please have it reviewed and adapted to your specific business and to applicable UAE data-protection law (including Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data) by qualified counsel.