E
EPC Data

Privacy Policy

Last updated: April 16, 2026

1. Information We Collect

When you create an account, we collect your email address. When you use our services, we may collect:

  • Account information (email, name, company, country, role)
  • Vehicle identification numbers you look up (to provide the service)
  • API usage data (endpoints called, timestamps, response times)
  • Payment information (processed securely by Creem.io — we do not store card details)
  • Browser type, IP address, and cookies for session management

2. How We Use Your Information

  • To provide and maintain our automotive parts reference service
  • To process vehicle identification and parts lookups
  • To manage your account and subscriptions
  • To enforce rate limits and prevent abuse
  • To send transactional emails (magic links, password resets)
  • To improve our service based on usage patterns

3. Data Storage & Security

Your personal data is stored on secure servers located in the EU. Passwords are hashed using industry-standard algorithms. Session tokens and API keys are stored as irreversible cryptographic hashes — we cannot retrieve your original key after generation. Payment processing is handled entirely by our payment provider (Creem.io) under PCI-compliant infrastructure. We do not store credit card numbers or payment credentials on our servers.

4. Cookies

We use a single session cookie (epc_session) to keep you logged in. We do not use advertising or tracking cookies. No data is shared with third-party advertisers.

5. Third-Party Services

We use a limited number of third-party services to operate our platform. Your data is shared with them only as necessary to provide the service:

  • Creem.io — payment processing (see their privacy policy)
  • Resend — transactional email delivery (sign-in links, password resets only)

We do not sell, rent, or share your personal data with any other third parties for marketing or advertising purposes.

6. Your Rights

You can request access to, correction of, or deletion of your personal data at any time by contacting us at support@toyotaepc.com. You can delete your account from the Dashboard.

7. Data Retention

Account data is retained while your account is active. API usage logs are retained for 90 days for service quality and billing purposes. Anonymous lookup counters (IP-based) expire automatically after 24 hours. Upon account deletion, all personal data is removed within 30 days. You may request full data export or deletion at any time by contacting us.

8. Catalog Data

The automotive parts reference data displayed on our platform is aggregated from publicly available sources across the internet and compiled into a structured database. This data (part numbers, technical specifications, compatibility information) is provided for reference and identification purposes only. We are an independent service and are not affiliated with, endorsed by, or sponsored by any vehicle manufacturer. We do not collect or store any proprietary data from vehicle manufacturers' internal systems.

9. Changes

We may update this policy from time to time. Changes will be posted on this page with an updated date.

10. Contact

For privacy-related questions: support@toyotaepc.com