Data Policy

Crovalt Shop OS — Crovalt, LLC

This Data Policy explains how Crovalt, LLC ("Crovalt," "we," "us," or "our") handles data within the Crovalt Shop OS platform (the "Service"), with particular focus on our Network Intelligence model, data sharing practices, data ownership, and your rights as a user.

This policy supplements our Privacy Policy and Terms of Service. In the event of a conflict, the more protective provision shall apply.

1. Data Ownership

1.1. You Own Your Data

All data you enter into or generate through the Service belongs to you.Crovalt does not claim ownership of your shop data, customer information, repair records, or any other data you create or store in the Service ("Your Data").

1.2. License to Operate

By using the Service, you grant Crovalt a limited, non-exclusive license to use Your Data solely for the purposes of: (a) providing and operating the Service; (b) generating anonymized, aggregated insights as described in this policy; and (c) improving the Service and its AI capabilities. This license terminates when your account is closed and your data is deleted.

1.3. Full Data Export

You may export Your Data in full at any time during your active subscription. The Service provides built-in export tools that allow you to download a complete copy of your data in standard, machine-readable formats. There is no charge for data exports.

1.4. Data Portability After Cancellation

Upon cancellation or termination of your account, you may request a full data export within thirty (30) days. After the 90-day post-cancellation retention period, Your Data will be permanently deleted and will no longer be available for export.

2. Network Intelligence Model

2.1. What Is Network Intelligence?

Crovalt's Network Intelligence is a system that aggregates anonymized repair and diagnostic data across the entire network of Crovalt Shop OS users to generate valuable insights. These insights help all participating shops benefit from the collective experience of the network — improving diagnostic accuracy, identifying parts reliability trends, and establishing labor time benchmarks.

2.2. How Network Intelligence Works

Data flows through Network Intelligence in the following stages:

1. Collection: Repair outcomes, diagnostic data, parts usage, and labor times are collected as part of normal shop operations within the Service.
2. Anonymization: All data is stripped of personally identifiable information, shop identity, and business-specific details before entering the Network Intelligence pipeline.
3. Aggregation: Anonymized data is aggregated across the network to identify patterns, trends, and statistical benchmarks.
4. Insight Generation: Aggregated data is used to generate insights such as common failure patterns by vehicle model, parts reliability ratings, and labor time benchmarks.
5. Distribution: Insights are made available to participating shops through the Service's AI Diagnostics and reporting features.

2.3. Benefits of Network Intelligence

Participating shops benefit from:

• More accurate AI diagnostic suggestions informed by real-world repair outcomes across the network
• Parts reliability data based on aggregated failure and longevity reporting
• Labor time benchmarks drawn from actual repair durations across similar jobs
• Emerging issue alerts when new failure patterns are detected across vehicle makes and models

3. What Data IS Shared (Anonymized)

The following categories of data are anonymized, aggregated, and shared across the Network Intelligence system:

3.1. Repair Outcomes

• Types of repairs performed (categorized by system, e.g., brake, engine, transmission)
• Repair success and failure rates
• Follow-up or return visit patterns associated with specific repair types
• Diagnostic-to-repair correlation data (which diagnostic indicators corresponded to which root causes)

3.2. Parts Reliability

• Parts longevity data (how long specific parts last before failure, by vehicle application)
• Failure mode patterns for specific part categories
• Parts substitution outcomes (when alternative parts are used)
• Aggregated defect and recall-related repair trends

3.3. Labor Times

• Actual labor durations for specific repair types, aggregated by vehicle make, model, and year
• Labor time benchmarks compared to published industry standards
• Complexity factors and common complications that affect repair duration

3.4. Diagnostic Data

• OBD-II trouble code frequency and co-occurrence patterns
• Diagnostic-to-resolution pathways (anonymized workflows from symptom to fix)
• AI diagnostic accuracy metrics (aggregated feedback on AI suggestion relevance)

4. What Data Is NEVER Shared

The following categories of data are never shared across shops, never included in Network Intelligence, and never used in any way that could identify an individual shop, its customers, or its business practices:

4.1. Customer Personally Identifiable Information (PII)

• Customer names, addresses, phone numbers, or email addresses
• Vehicle identification numbers (VINs) when linked to an identifiable individual
• Any information that could directly or indirectly identify a specific customer

4.2. Shop Identity

• Shop name, location, or contact information
• Shop owner or employee names
• Any information that could identify a specific shop within the network

4.3. Pricing and Financial Data

• Shop pricing, rate sheets, or markup structures
• Revenue, profit margins, or financial performance data
• Customer billing amounts or payment information
• Competitive or business-sensitive financial information of any kind

4.4. Business Operations Data

• Customer lists or customer relationship data
• Marketing or promotional information
• Internal business notes, communications, or proprietary workflows
• Employee performance data or compensation information

5. Data Anonymization Standards

5.1. Anonymization Process

All data that enters the Network Intelligence pipeline undergoes a rigorous anonymization process that includes:

• Removal of all direct identifiers (names, addresses, contact information, VINs)
• Removal of all indirect identifiers that could enable re-identification when combined
• Aggregation to ensure no data point represents fewer than a minimum threshold of contributing sources
• Statistical noise injection where appropriate to prevent inference attacks

5.2. Irreversibility

Our anonymization process is designed to be irreversible. Once data has been anonymized and aggregated, it cannot be traced back to any individual shop or customer.

5.3. Review and Audit

Crovalt regularly reviews its anonymization processes to ensure they meet or exceed industry standards and applicable regulatory requirements.

6. Opt-Out Mechanism

6.1. Right to Opt Out

You may opt out of contributing your anonymized data to the Network Intelligence system at any time. To opt out:

• Navigate to Settings > Data & Privacy > Network Intelligence within the Service, or
• Contact us at privacy@crovalt.com with the subject line "Network Intelligence Opt-Out"

6.2. Effect of Opting Out

If you opt out of Network Intelligence:

• Your data will no longer be included in anonymized aggregation pipelines
• You will continue to have access to existing Network Intelligence insights generated by the broader network
• Core Service functionality will not be affected
• AI Diagnostic features will continue to function but may provide less network-informed suggestions over time

6.3. Opt-Out Processing

Opt-out requests will be processed within fifteen (15) business days. Previously anonymized and aggregated data that has already been incorporated into network models cannot be extracted, as it is no longer identifiable or separable.

6.4. Opting Back In

You may opt back into Network Intelligence at any time through the same settings or by contacting us.

7. AI Model Training

7.1. How Data Is Used for AI

Crovalt uses anonymized, aggregated data to train and improve its AI diagnostic models. This process:

• Uses only data that has been fully anonymized as described in Section 5
• Trains models on patterns and correlations, not individual records
• Improves diagnostic accuracy and suggestion relevance for all users
• Never incorporates PII, shop identity, or pricing data into model training

7.2. Model Outputs

AI models generate outputs based on learned patterns. These outputs do not contain or expose any individual shop's or customer's data. Outputs are probabilistic suggestions, not reproductions of any specific shop's data.

8. Third-Party Data Sharing

8.1. No Sale of Data

Crovalt does not sell your data — identifiable or anonymized — to third parties.

8.2. Service Providers

Data may be shared with trusted service providers (e.g., Supabase for storage, Stripe for payments) solely for the purpose of operating the Service, subject to strict confidentiality and data processing agreements.

8.3. Research and Industry Reports

Crovalt may publish aggregated, anonymized industry reports or benchmarks derived from Network Intelligence data. Such publications will never contain information that could identify any individual shop or customer.

9. Data Security

We implement robust security measures to protect Your Data, including encryption at rest and in transit, role-based access controls, regular security audits, and incident response procedures. For additional detail, see Section 4 of our Privacy Policy.

10. Changes to This Data Policy

We may update this Data Policy from time to time. Material changes will be communicated through the Service and by updating the "Last updated" date. Continued use of the Service after changes are posted constitutes acceptance.

11. Contact Us

If you have questions about this Data Policy, our data practices, or wish to exercise any of your data rights, please contact us at:

Crovalt, LLC

Austin, TX 78701

Email: privacy@crovalt.com

Website: www.crovalt.com