🔒 Privacy Policy
Contents
1. Who We Are
MyCarFault (mycarfault.com) is an online platform that provides community-sourced vehicle fault information, diagnostic guidance, and repair case data. The site is operated independently and is not affiliated with any vehicle manufacturer, dealership, or repair organisation.
For privacy matters, contact us at: mycarfault.com/contact
2. Data We Collect
2.1 Data you provide directly
- Contact form submissions — name, email address, subject, message text
- Fault reports — vehicle details, fault descriptions, repair notes you choose to submit
2.2 Data collected automatically
| Data Type | Purpose | Retention |
|---|---|---|
| IP address | Spam prevention, rate limiting, security logging | 90 days |
| Browser user-agent string | Spam detection, compatibility logging | 90 days |
| Session identifier (cookie) | Disclaimer acknowledgement state, language preference | Session / 30 days |
| Page views & fault page visits | Popularity scoring, trending content | Aggregated, indefinite |
| Search queries | Search result improvement | Not individually stored |
2.3 What we do NOT collect
- Payment or financial information
- Government ID or passport data
- Precise GPS location
- Biometric data
- Data from minors (we do not knowingly collect data from persons under 16)
3. How We Use Your Data
- Contact form data — to respond to your enquiry; stored in our database and accessible only to site administrators
- IP address & user-agent — to detect and block spam submissions; to enforce rate limits (maximum 3 contact messages per hour per IP)
- Session data — to remember your disclaimer acknowledgement and language preference; never shared with third parties
- Fault reports — published on the site after admin review; your name is not attached unless you choose to provide it publicly
- Disclaimer logs — to record that users have acknowledged the safety disclaimer before viewing repair information; logs are purged after 90 days
- Page view counts — aggregated only; used to rank popular content and generate the sitemap
✅ We do not sell your personal data. We do not use your data for advertising profiling. We do not share individual data with third parties except where required by law.
4. Data Retention
| Data | Retention Period | Reason |
|---|---|---|
| Contact messages | Until deleted by admin, max 2 years | Support history |
| IP / user-agent logs | 90 days, then auto-purged | Security |
| Disclaimer acknowledgement logs | 90 days, then auto-purged | Safety compliance |
| Rate limit records | 24 hours | Spam prevention |
| Fault case data (your submission) | Indefinite (public content) | Site function |
| Session cookies | 30 days or until browser close | User experience |
You may request deletion of your personal data at any time via our contact form.
5. Cookies & Local Storage
We use a minimal set of cookies:
| Cookie | Purpose | Type |
|---|---|---|
| PHP session cookie (PHPSESSID) | Disclaimer state, language preference | Strictly necessary |
| mcf_lang | Language preference (EN/TR) | Functional |
| mcf_disclaimer | Disclaimer acknowledgement | Strictly necessary |
We do not use advertising cookies, tracking pixels, or third-party analytics cookies. We do not use Google Analytics or Facebook Pixel.
6. Third Parties
We use the following third-party services in the operation of this site:
- Hosting provider (Güzel Hosting) — our server infrastructure; data is stored on servers within their network. Their privacy policy applies to infrastructure-level data.
- Cloudflare (if active) — CDN and DDoS protection; may log IP addresses per their privacy policy.
- No social media tracking pixels — we do not embed Facebook, Twitter, or Google tracking on this site.
We do not use Google AdSense, affiliate tracking networks, or any programmatic advertising technology.
7. Your Rights (GDPR / KVKK)
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Right of access — request a copy of data we hold about you
- Right to rectification — request correction of inaccurate data
- Right to erasure — request deletion of your personal data ("right to be forgotten")
- Right to restriction — request we limit processing of your data
- Right to object — object to processing based on legitimate interests
- Right to data portability — receive your data in a machine-readable format
- KVKK (Turkey) — rights under Law No. 6698 on Protection of Personal Data apply to Turkish residents
To exercise any of these rights, contact us via our contact form. We will respond within 30 days.
8. Security
We implement the following technical and organisational measures to protect your data:
- HTTPS encryption on all pages
- Parameterised database queries (SQL injection protection)
- Input sanitisation and output encoding (XSS protection)
- CSRF tokens on all forms
- Rate limiting on form submissions
- Admin access protected by session authentication
- Sensitive log directories blocked from public access
No system is completely secure. In the event of a data breach affecting your personal data, we will notify affected users as required by applicable law.
9. Contact & Data Requests
For all privacy-related requests, including data access, correction, or deletion requests:
📬 Privacy Contact
Submit your request via our contact form and select "General" as the subject. Include your request type (access / deletion / correction) in the message.
Contact Us