PRIVACY
POLICY
Last updated: May 5, 2026
This Privacy Policy explains what information Natural State Repairs collects from customers, how we use it, who we share it with, and the choices you have. We try to keep it short and plain. If anything is unclear, email contact@naturalstaterepairs.com.
What we collect
- Account info: first and last name, email, phone number, password (stored hashed by Supabase Auth — we never see your plaintext password).
- Service info: vehicle year/make/model/VIN, mileage, the issue you describe, service address, photos you upload, scheduled appointment times.
- Payment info: we do NOT process credit cards or store any card numbers. Payments are recorded manually by the admin (cash, check, Zelle, Venmo, etc.). If you upload a payment screenshot, that file is stored privately in our storage bucket and is only viewable by the admin.
- Communication: messages you send through the customer portal, your replies to our text notifications.
- Technical: session cookie set by Supabase Auth, your IP address (used by Cloudflare for traffic security and rate limiting), and limited error / performance telemetry from Sentry. We do not run third-party advertising or social-media trackers.
How we use it
- Provide the repair services you request and keep you updated on their status.
- Send notifications you’ve opted into (email and/or SMS — see our SMS terms).
- Generate invoices and record payments.
- Operate the website (authentication, abuse protection, error monitoring).
- Comply with tax, accounting, and legal obligations.
We do not sell your information to anyone. We do not share it with marketing or advertising networks.
Service providers we use
We rely on a small number of vendors to run the site. They each see only the data needed for their function, and each is bound by their own privacy terms:
- Supabase — database, authentication, file storage.
- Cloudflare — site hosting and edge network (DDoS / abuse protection).
- Resend — outbound transactional email.
- Twilio — outbound and inbound SMS for notifications you’ve opted into.
- Sentry — error tracking. We have configured Sentry to NOT capture form input contents or request authorization headers.
- Google Maps Platform — address autocomplete and routing distance estimates.
- Open-Meteo — weather forecast lookups for scheduled appointment days (no personal data shared).
Cookies and storage
We use a session cookie set by Supabase Auth so you stay signed in. We use browser localStorage to remember small UI preferences (theme, dismissed modals) and a signed device-trust token to keep returning customers signed in for 7 days. We do not run third-party analytics or advertising cookies.
How long we keep your data
Account, repair, and payment records are retained while your account is active and for as long as needed to comply with tax / accounting / legal obligations (typically up to seven years for paid invoices). You can request deletion of your account at any time — see “Your rights” below.
Your rights
- Access: email contact@naturalstaterepairs.com from the address on your account and we’ll send you the data we have on file.
- Correction: you can edit your name, email, phone, and address from your account page; for anything else, email us.
- Deletion: email contact@naturalstaterepairs.com from the address on your account and we’ll delete your profile, vehicles, repair requests, photos, and notifications. Some payment and tax records may be retained as required by law.
- SMS opt-out: reply STOP to any text from us, or turn off text notifications under your account preferences.
- Email opt-out: use the unsubscribe link on transactional emails (where applicable) or email us.
Security
All traffic uses HTTPS. Database access is restricted by row-level security so customers can only access their own records. Admin accounts are protected with multi-factor authentication. Photos and payment proofs live in private storage and are only served via short-lived signed URLs after the request is authenticated. No system is perfect — if you believe your account has been compromised, contact us immediately.
Children
Our services are intended for adults. We do not knowingly collect personal information from anyone under 13.
Changes
If we make material changes to this policy we’ll update the “last updated” date above and, if the change is significant, notify customers with active accounts by email.
Contact
Privacy questions: contact@naturalstaterepairs.com. See also our Terms of Service and SMS terms.