328car
Privacy Policy

328car Privacy Policy (for 328car.com and 328car App)

This policy explains how 328car.com (“we”) collects, uses, discloses, stores, and protects personal data when you use 328car.com and the 328car App (the “Services”), and how you can exercise your rights.

If you do not agree with any part of this policy, please stop using the Services.

Last updated: 2026-01-12

1) Who we are (data user/controller)

  • Data controller: 328car.com
  • Privacy contact email: privacy@328car.com

2) Types of data we collect

We collect data on a “need-to-use” basis depending on the features you use:

(A) Account and contact data (sign-in/account management)
  • Email, phone (if you provide it), display name/nickname
  • Third-party sign-in identifiers (Apple / Google account IDs; we do not obtain your third-party passwords)
  • Account status, preferences, language/region settings
(B) Content and interaction data (listings/messages/usage)
  • Listing content: vehicle details, descriptions, photos/videos (if any), contact methods (if you choose to share)
  • In-app/site messages (including messages and attachments you exchange with other users/merchants)
  • Interaction data: search terms, filters, saves, clicks, view history (used to improve ranking, recommendations, and product experience)
(C) Device and technical data (web and App)
  • IP address, device model, operating system, browser type, App version, language settings
  • Event logs, error/crash data (for stability and debugging)
  • Cookies / local storage / similar technologies (see Section 6)
(D) AI-related data (AI Search / AI photo recognition)
  • Text you enter into AI features (for example budget, year, brand/model preferences, use case)
  • Photos you submit for AI recognition (or necessary technical features of the photo) and the recognition output
  • We recommend avoiding unnecessary sensitive personal data in AI prompts or uploaded photos.
(E) Payment and transaction data (if you purchase paid features/subscriptions)
  • Transaction info returned by platforms or payment processors (for example transaction ID, purchase time, subscription status, expiry/cancel status)
  • We generally do not collect or store your full card number; payments are processed by the App Store / Google Play (and/or third-party processors on the website, if applicable).
(F) Support, compliance, and security data
  • Customer support exchanges, complaints/reports
  • Records for anti-fraud and security (for example suspicious logins, abuse, spam content, prohibited listings)

3) How we collect data

  • You provide it directly: registration, login, listing, uploading photos/content, in-app/site messages, support requests
  • Automatically: device/browser data, logs, interaction and usage data, cookies
  • From third parties: sign-in providers (identifiers), payment platforms (transaction status), analytics/crash tools (events and diagnostics)

4) How we use data

  • Provide and operate the services: create accounts, login verification, listing management, messaging, search, saves
  • Improve product and experience: analyze usage, optimize ranking/recommendations, improve speed and stability
  • Support AI features: process AI Search and AI photo recognition requests, return results, improve these features
  • Security, risk control, and abuse prevention: detect suspicious behavior, stop spam/fraud, protect users and the platform
  • Support and communications: respond to inquiries, handle complaints, send necessary service notices (for example security alerts, important updates)
  • Marketing (where allowed): send product updates, feature tests, promotions; you can opt out at any time
  • Legal and compliance: follow applicable laws, handle disputes, enforce terms and policies

5) Who we share data with

We only share data when reasonably needed, typically in these cases:

(A) Service providers (contract-bound)
  • To operate the service we may use third-party providers for cloud hosting, CDN, analytics, crash reporting, authentication, push notifications, support tooling, and security monitoring. Providers may process data only under our instructions and to deliver the service.
(B) Sign-in providers
  • If you sign in with Apple / Google, your sign-in is handled by the provider and necessary identifiers are returned.
(C) Analytics and stability tools
  • We may use one or more analytics/crash tools (for example Google Analytics, Firebase, PostHog, Cloudflare Web Analytics or similar) to understand usage and improve stability. You can manage cookies/consent per Section 6 or in-app settings where offered.
(D) Push notification providers
  • If you enable notifications, we use APNs and/or FCM to deliver them, which need device IDs/push tokens.
(E) Payment and subscription platforms/processors
  • In-app purchases are handled by App Store / Google Play (and/or third-party processors on web if applicable); we do not ask you to store full card numbers.
(F) Legal requirements and business changes
  • When required by law, court order, or authorities; or during mergers, acquisitions, or reorganizations with appropriate safeguards.

We do not sell your personal data to third parties for their independent marketing purposes.

6) Cookies, tracking technologies, and choices (web)

  • We may use cookies/local storage/similar technologies for:
  • Essential functions: login state, preferences, security
  • Analytics and performance: usage insights, measurement, stability and experience improvements
  • You can manage/delete cookies in your browser; disabling essentials may break some functions.

If you have a consent banner/preferences center, mention that users can change consent there.

7) Data retention

We keep data only as long as necessary for the purposes or to meet legal requirements, then delete or anonymize. Typical practices:

  • Account data: while the account exists; deleted/anonymized within a reasonable time after closure (unless needed for legal/dispute handling)
  • Listing and message data: retained as reasonably needed to provide the service, handle disputes, prevent abuse, and comply
  • Security/audit logs: retained for a limited period to detect abuse and troubleshoot (for example 90–180 days internally)

8) Data security

  • We use reasonable technical/organizational measures (for example encrypted transit, access controls, least privilege, monitoring, redundancy).

9) Cross-border transfers

  • Because we may use cloud/services outside Hong Kong, your data may be processed or stored outside Hong Kong. We apply contractual/technical safeguards to require reasonable protection.

10) Your rights and how to exercise them

Contact us at privacy@328car.com to exercise or inquire about:

  • Access and correction
  • Delete/close account (where legally allowed and without affecting compliance)
  • Withdraw consent or opt out of marketing (if applicable)

11) Minors

  • The services are mainly for adults. Under-18 users should have guardian consent/supervision and avoid unnecessary personal data.

12) Third-party links and content

  • Services may contain third-party links or vehicle info/photos/descriptions from third parties. Their handling is outside our control; please review their privacy policies.

13) Policy updates

  • We may update this policy for legal, technical, or service changes. Material changes will be notified via site/app/ email (where applicable). Updates take effect when announced; continued use means acceptance.

14) Contact us

If you have questions about this policy or data handling, please contact us.

If you have questions about this policy or data handling, please contact privacy@328car.com

View Traditional Chinese version