Car Budget GuardCar affordability calculator

Privacy Policy

Effective Date: November 20, 2025

Last Updated: November 20, 2025

Product: Car Budget Guard (the “Service”)

Provider / Data Controller: Car Budget Guard Inc., based in British Columbia, Canada (“Car Budget Guard”, “we”, “us”, or “our”)

This Privacy Policy explains how we collect, use, disclose, and protect personal information when you:

  • Visit our website (including at https://carbudgetguard.com);
  • Use our car affordability and ownership calculator; or
  • Purchase and download a personalized affordability and ownership report (the “Report”).

If you do not agree with this Privacy Policy, you should not use the Service.

The Service is intended for individuals who are 18 years or older. We do not knowingly collect personal information from anyone under 18.

1. Overview

We provide an independent car affordability and ownership calculator and a personalized Report. To do this, we process:

  • Contact details (for example, email address to send you the Report);
  • Financial and usage inputs (for example, income, expenses, savings, and driving habits) that you enter into the calculator;
  • Technical and usage data (for example, device information, IP address, and analytics data); and
  • Limited payment-related information provided by our payment processor.

We use this information to:

  • Provide the calculator and generate your Report;
  • Deliver your purchase and provide customer support;
  • Analyze service performance and improve our models and assumptions; and
  • Comply with legal, tax, and security obligations.

We do not sell your personal information and we do not share it for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act (CCPA/CPRA).

We aim to comply with applicable data protection laws, including:

  • General Data Protection Regulation (EU and UK GDPR);
  • California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA);
  • Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA); and
  • Other similar data protection laws where they apply to our activities.

2. Information We Collect

2.1 Personal Information You Provide Directly

We collect personal information you provide when you use the Service, for example:

a) Contact and identification details

  • Email address (required for purchase and delivery of Reports);
  • First name or display name if you choose to include it in your Report;
  • Country or region (for assumptions and tax/fee modelling, where applicable);
  • Any other information you choose to submit in forms or communications.

b) Financial profile and car usage inputs

To generate a meaningful affordability and ownership estimate, you may enter:

  • Net monthly income;
  • Non-car monthly expenses;
  • Savings and emergency fund amounts;
  • Monthly savings contributions;
  • Existing debts or obligations that affect affordability;
  • Desired car budget or target price;
  • Loan assumptions (term, interest rate, down payment, payment-to-income target);
  • Driving patterns (for example, estimated kilometers per year, city vs highway mix);
  • Assumptions about insurance, fuel, maintenance, taxes, and fees.

This information is used to build an internal financial and usage profile for modelling purposes. We do not use it to perform credit checks or report to credit bureaus.

c) Purchase and transaction information

When you buy a Report, we receive limited transaction details from our payment processor, such as:

  • Transaction amount and currency;
  • Date and time of transaction;
  • Payment method type (for example, card, wallet);
  • Non-sensitive billing details (for example, country, postal code, last 4 digits of a card, if provided by the processor);
  • Internal transaction identifiers used for reconciliation and fraud prevention.

We do not receive or store your full payment card number or CVV. These are processed directly by our payment processor (for example, Stripe).

d) Communications and support

If you contact us by email or through any contact form, we may collect:

  • Your name and email address;
  • The content of your message and any additional information you choose to provide;
  • Our responses and internal notes to resolve the issue.

This information is used to respond to inquiries, handle support issues, and maintain records of communications.

2.2 Information We Collect Automatically

When you use the Service, we automatically collect certain technical and usage information, for example:

a) Device and log data

  • IP address;
  • Browser type and version;
  • Operating system and device type;
  • Referring URLs and exit pages;
  • Dates and times of access;
  • Pages viewed, links clicked, and other interactions with the Service;
  • Error logs and diagnostic information.

We use this data to operate the Service, maintain security, measure performance, and investigate incidents.

b) Analytics data

We use analytics tools (for example, Google Analytics) to understand how visitors use the Service. These tools may collect:

  • Page views and navigation flows;
  • Time spent on pages and features;
  • Basic device and browser details;
  • General location derived from IP address (for example, country or city level).

Where legally required (for example, in the EU/UK), we obtain your consent before setting non-essential analytics cookies or similar technologies.

2.3 Cookies and Similar Technologies

We use cookies and similar technologies (such as local storage or pixels) to:

  • Keep the Service functioning (for example, session management, security);
  • Remember your basic preferences (for example, language);
  • Measure usage and improve the Service (analytics).

The main types of cookies we may use are:

  • Strictly necessary cookies – required for the website and calculator to function and for security. These cannot be switched off in our systems.
  • Preference cookies – remember your choices (for example, region or language) to provide a better experience.
  • Analytics cookies – help us understand how users interact with the Service so we can improve performance and usability.

Where local law requires consent (for example, under GDPR for non-essential cookies), we rely on a consent banner or similar mechanism and set analytics cookies only after you opt in. You can also manage cookies through your browser settings.

2.4 Payment Data (via Third-Party Processor)

Payments for Reports are processed by third-party payment processors such as Stripe. They collect and process:

  • Payment card details (card number, expiry date, CVV);
  • Billing address and postal code;
  • Anti-fraud and compliance data.

They process this data under their own terms and privacy policies. We receive only limited data needed to confirm that a payment has been completed, reconcile transactions, comply with legal obligations, and address fraud or disputes. We do not store full card details on our systems.

2.5 Information We Obtain from Other Sources

We may receive information about you from:

  • Payment processors (for example, transaction status and non-sensitive billing details);
  • Service providers (for example, system logs from hosting providers such as AWS);
  • Public sources (for example, aggregate market data we use to update assumptions).

We combine this information with other data we hold where needed to operate the Service, detect fraud, and comply with law.

2.6 Special Categories of Data

We do not intend to collect special categories of personal data (for example, information about health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, sexual orientation, or similar sensitive information).

You should not provide such information in the calculator inputs, free-text fields, or communications. If we become aware that we have collected such data unintentionally, we will delete or anonymize it where feasible and lawful to do so.

3. How We Use Personal Information

We use personal information for the following purposes:

3.1 Core Product Functionality

  • To provide the calculator and generate affordability and ownership estimates.
  • To produce your personalized Report based on your inputs.
  • To deliver Reports (for example, via download link or email).
  • To tailor assumptions (for example, taxes, fees, and insurance ranges) to your country or region where possible.

3.2 Communication

  • To send transactional emails, such as purchase confirmations, receipts, delivery links, and technical notices.
  • To respond to your questions, support requests, or feedback.
  • To send service-related updates (for example, changes to terms or this Privacy Policy) where legally required.
  • With your consent where required, to send occasional product updates, feature announcements, or content related to car affordability and personal finance.

You may opt out of marketing and non-essential promotional emails at any time by using the unsubscribe link or contacting us directly. You cannot opt out of essential transactional emails related to your ongoing use of the Service.

3.3 Analytics, Product Improvement, and Research

  • To monitor usage patterns, funnel performance, and time-to-value metrics.
  • To improve our models, assumptions, and user experience.
  • To evaluate and test new features, pricing, and flows.
  • To produce de-identified and aggregated statistics (for example, typical affordability bands by income level, common loan terms).

Where possible, we use anonymized or aggregated data that does not identify you. When we use identifiable data for analytics, we do so in line with applicable laws and, where required, based on your consent.

3.4 Security and Abuse Prevention

  • To secure the Service against fraud, abuse, and attacks (for example, DDoS, brute force).
  • To detect and respond to suspicious activity, technical issues, and incidents.
  • To enforce our Terms of Use and other policies.

3.5 Legal, Regulatory, and Tax Compliance

  • To maintain necessary business and accounting records.
  • To respond to lawful requests from regulators, law enforcement, or courts.
  • To comply with tax, financial reporting, and other legal obligations.

Where we are required to keep certain information for legal reasons (for example, transaction records), we will retain it only for as long as necessary to meet those obligations.

4. Legal Bases for Processing (EEA / UK / Similar Jurisdictions)

Where the EU/UK GDPR or similar laws apply, we rely on one or more of the following legal bases:

4.1 Contract

We process your personal information when it is necessary to:

  • Provide the Service you request (for example, running the calculator);
  • Generate and deliver your Report; and
  • Process your payment and complete your purchase.

4.2 Consent

We rely on your consent to:

  • Send certain marketing or promotional communications where required by law;
  • Set non-essential cookies and similar technologies (for example, analytics cookies in the EU/UK);
  • Process any optional information you provide in free-text fields that is not strictly necessary to deliver the Service.

You can withdraw your consent at any time. This does not affect the lawfulness of processing before withdrawal.

4.3 Legitimate Interests

We process personal information where necessary for our legitimate interests and where these are not overridden by your rights and interests, including:

  • Operating, maintaining, and improving the Service;
  • Monitoring and analyzing usage and performance;
  • Preventing fraud and abuse;
  • Protecting our legal rights and interests;
  • Developing new products and features.

When we rely on legitimate interests, we balance our interests with your privacy expectations.

4.4 Legal Obligations

We process personal information where necessary to comply with legal obligations, such as:

  • Tax, accounting, and financial reporting requirements;
  • Responding to lawful requests from authorities;
  • Meeting data protection and security obligations (for example, breach notifications where required).

5. How We Share Information

We do not sell personal information. We share personal information only in the following circumstances:

5.1 Service Providers and Contractors

We engage third parties to provide services such as:

  • Hosting and infrastructure (for example, AWS);
  • Payment processing (for example, Stripe);
  • Analytics (for example, Google Analytics);
  • Email delivery;
  • Error monitoring and logging;
  • Professional services (for example, legal, accounting, and security).

These service providers process personal information on our behalf and are contractually required to:

  • Use the information only for the services we request; and
  • Implement appropriate security measures.

5.2 Analytics and Usage Measurement

We share limited usage and technical data with analytics providers to help us understand and improve the Service. Where required, this sharing is based on your consent (for example, through cookies), and we configure tools to minimize the use of personal identifiers where feasible.

5.3 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our business, personal information may be transferred as part of the transaction, subject to applicable law. We will take steps to ensure the receiving party respects this Privacy Policy or provides a comparable level of protection.

5.4 Legal Requirements and Protection of Rights

We may disclose personal information if we reasonably believe such disclosure is necessary to:

  • Comply with law, regulation, legal process, or enforceable governmental request;
  • Enforce our Terms of Use or other agreements;
  • Protect the rights, property, or safety of Car Budget Guard, our users, or the public.

Where legally permitted, we will notify you of such disclosure if it directly relates to your personal information.

5.5 De-Identified and Aggregated Data

We may share or publish information that has been de-identified and/or aggregated so that it can no longer reasonably be linked to an identified or identifiable individual. For example, we may publish statistics about typical affordability ranges or ownership costs by income band. This type of information is not considered personal information under most data protection laws.

6. International Data Transfers

We are based in Canada and primarily target users in Canada and the United States, but our Service may be accessed from other countries.

6.1 Where Data Is Processed

Personal information may be processed and stored in:

  • Canada;
  • The United States; and
  • Other countries where our service providers operate.

These countries may have data protection laws that differ from those in your jurisdiction.

6.2 Transfers from the EEA, UK, and Similar Jurisdictions

If you are located in the European Economic Area (EEA), United Kingdom (UK), or another jurisdiction with cross-border data transfer restrictions, we rely on appropriate safeguards when transferring personal information, such as:

  • Adequacy decisions (for example, the EU’s recognition of Canada’s private-sector privacy regime for certain purposes); and/or
  • Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent instruments under UK law, where applicable.

We implement additional safeguards where required by law and best practice (for example, security controls, limited access, and data minimization).

6.3 Your Rights in Relation to Transfers

Where your local law grants you specific rights in relation to international transfers (for example, the right to request information about transfer mechanisms), you may contact us to obtain more details.

7. Data Retention

We keep personal information only for as long as reasonably necessary to:

  • Provide the Service and your Report;
  • Fulfil the purposes described in this Privacy Policy;
  • Comply with legal, tax, accounting, and reporting obligations; and
  • Resolve disputes and enforce our agreements.

In practice, this generally means:

  • Calculator inputs and Report generation data: kept for as long as needed to generate and deliver your Report and to operate and improve the Service. Where feasible, we later anonymize or aggregate this data for analytics so it no longer identifies you.
  • Contact and transaction records: kept for the period required by tax and accounting laws (often up to 7 years, depending on the jurisdiction).
  • Support communications: kept for a period necessary to manage our relationship with you and maintain a record of issues (for example, up to 3 years after our last interaction), unless a longer period is required by law or to resolve disputes.
  • Technical logs and security data: kept for a shorter operational period (for example, months rather than years), unless needed for security investigations, legal proceedings, or compliance.

When personal information is no longer needed for any permitted purpose, we will delete it or irreversibly de-identify it, unless we are legally required or permitted to keep it longer.

8. Your Rights and Choices

Your rights depend on your location and applicable law. We aim to provide a consistent, reasonable set of controls for all users, even where laws differ.

8.1 Rights Available to Many Users

Subject to applicable law and certain exceptions, you may have the right to:

  • Access – Request confirmation whether we process your personal information and obtain a copy.
  • Correction – Ask us to correct or update inaccurate or incomplete personal information.
  • Deletion – Request that we delete personal information, for example when it is no longer needed for the purposes collected or you withdraw consent.
  • Restriction – Ask us to limit processing in certain cases (for example, while we verify accuracy or handle an objection).
  • Objection – Object to certain processing based on legitimate interests (for example, direct marketing).
  • Withdraw consent – Withdraw consent at any time where processing is based on consent (for example, marketing or non-essential cookies).
  • Data portability – Request a copy of certain personal information in a structured, commonly used, machine-readable format, and ask us to transmit it to another controller where technically feasible.

To exercise these rights, contact us using the details in the “Contact Information” section. We may need to verify your identity before fulfilling your request.

We will respond within the time frames required by applicable law and will explain if we cannot fully comply with a request (for example, where we must retain certain data for legal reasons).

8.2 Additional Rights for EEA / UK / Similar Jurisdictions

If you are in the EEA, UK, or another jurisdiction with similar rights, you also have the right to:

  • Lodge a complaint with a supervisory authority (for example, your local data protection authority or the Information Commissioner’s Office in the UK) if you believe we have not handled your personal information in accordance with applicable law.

We encourage you to contact us first so we can address your concerns.

8.3 Additional Rights for California Residents (CCPA/CPRA)

If you are a resident of California, you may have additional rights under the CCPA/CPRA, including:

  • Right to know – The right to request that we disclose the categories and specific pieces of personal information we have collected about you, the sources, the purposes for collection, and the categories of third parties to whom we disclosed personal information.
  • Right to delete – The right to request deletion of personal information we collected from you, subject to certain exceptions.
  • Right to correct – The right to request correction of inaccurate personal information we maintain about you.
  • Right to non-discrimination – We will not discriminate against you for exercising any of your CCPA/CPRA rights (for example, by denying services or offering different prices, except where permitted by law).

Sale and sharing of personal information:

We do not sell your personal information and do not share it for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA. Therefore, we do not provide a “Do Not Sell or Share My Personal Information” link.

To exercise your CCPA/CPRA rights, contact us using the details in the “Contact Information” section. If you submit a request, we may need to verify your identity and residence before acting on it.

8.4 Additional Rights for Canadian Users (PIPEDA and Similar)

If you are in Canada, you may have rights under PIPEDA or similar provincial laws, including:

  • The right to access personal information we hold about you;
  • The right to challenge the accuracy and completeness of your personal information and have it corrected;
  • The right to withdraw consent, subject to legal and contractual restrictions and reasonable notice.

You also have the right to complain to the Office of the Privacy Commissioner of Canada or your provincial privacy regulator if you are not satisfied with our response.

8.5 Managing Marketing and Cookies

  • You can opt out of marketing emails at any time by using the unsubscribe link in the email or contacting us.
  • You can manage cookies through your browser settings and, where we provide one, through a cookie banner or preference center. Blocking cookies may affect your experience and some parts of the Service may not function properly.

9. Security Measures

We implement technical and organizational measures designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include, as appropriate:

  • Encrypting data in transit using HTTPS/TLS;
  • Limiting access to personal information to personnel and service providers who need it to perform their duties;
  • Using access controls, authentication, and logging on systems that process personal information;
  • Maintaining backup and recovery processes;
  • Applying security patches and updates to infrastructure;
  • Periodically reviewing security practices and configurations.

No method of transmission or storage is completely secure. While we work to protect your data, we cannot guarantee absolute security. You are responsible for:

  • Keeping your devices secure;
  • Using reasonable safeguards such as strong passwords and updated software; and
  • Protecting any downloaded Reports and related information from unauthorized access.

10. Children’s Privacy

The Service is intended for individuals who are 18 years of age or older.

We do not knowingly collect personal information from anyone under 18. If we learn that we have collected personal information from a person under 18 without appropriate consent or legal basis, we will take reasonable steps to delete it.

If you believe a person under 18 has provided us with personal information, please contact us using the details below.

11. Third-Party Websites and Services

The Service may contain links to third-party websites or services (for example, content resources, blogs, or tools). This Privacy Policy does not apply to those third parties, and we are not responsible for their privacy practices.

We encourage you to review the privacy policies of any third-party sites or services before providing personal information to them.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in the Service;
  • Changes in our data practices; or
  • Changes in applicable laws and regulations.

When we make material changes, we will:

  • Update the “Last Updated” date at the top of this Privacy Policy; and
  • Where reasonably practicable, provide additional notice (for example, via the website or by email to recent purchasers).

Your continued use of the Service after an updated Privacy Policy becomes effective means that you accept the changes. If you do not agree with the updated policy, you should stop using the Service.

13. Contact Information

If you have questions, concerns, or requests about this Privacy Policy or our handling of personal information, you can contact us at:

Email: support@carbudgetguard.com

If you are located in the EEA, UK, or another jurisdiction with data protection authorities, you also have the right to lodge a complaint with your local supervisory authority, as described in Section 8.

If you prefer to contact us by mail, you may email us for the most current mailing address of Car Budget Guard Inc. in British Columbia, Canada, and we will provide the appropriate details.