privacy policy

Last modified: May 20, 2019

The Carma Project (“Carma Project,” “Us,” or “We”), is a commercial venture owned and controlled by Carma Project, LLC.  We believe that transparency is important and understand you care about your privacy interests.  This Privacy Notice describes our policies and practices regarding the collection and use of your personal data, and sets forth your privacy rights.  Because information privacy is an ongoing responsibility, we will update this Privacy Notice from time-to-time as we implement or adopt new privacy policies or modify existing ones. By visiting  our Website at https://www.carmaproject.com/ (“Website”), or using our services, you are accepting the practices described in this Privacy Notice.

1. Who We Are

The Carma Project has its principal place of business at 2900 Bristol Street, Suite D-201, Costa Mesa, CA 92626.  If there are any questions about your data privacy or this privacy policy, please contact us at legal@carmaproject.com, or mail us at our business address, care of CARMA PROJECT.

2. What Information Do We Gather?

The Carma Project collects personal information about its ambassadors, users, and visitors to our Website. The information we collect falls in three categories: 1) Personal Information you Give to Us; 2) Information We Collect Automatically; and 3) Information We Obtain From Third-Parties. Some of the personal data we request from you is required for you to use our Website, including facilitating the recall process on your behalf.  If you do not wish to provide such personal data to us, you are not obligated to, but you may not be able to use particular features of our Website.

3. The Personal Information You Give to Us

We ask for, and collect, certain information when you use our services.  This information is necessary for the performance of our services and to allow us to comply with legal obligations. When we collect data that does not identify you as a natural person, we are permitted to use and disclose this information for any purpose, notwithstanding anything contrary in this Privacy Policy, except where prohibited by law.

When you utilize certain services or features of our Website, you will need to provide us with certain information:

Vehicle Information: Product recalls affect products, such as cars, rather than people. When we check to see if your vehicle is subject to a recall, we will ask you for and collect information about your vehicle, including, but not limited to, your license plate number, vehicle identification number (VIN), and the state in which the car is registered (“Vehicle Information”).  Depending on the information you submit, we may provide it to one of our service providers to identify additional information about the vehicle. In doing this, we combine the information you submitted with additional information about your vehicle which may include, but is not limited to, the VIN, the year, make and model of your car, its license plate number (if not already provided), Auto Care Association ACES details, the last known recall information update, the number of recalls, and the types of recalls, for your vehicle.

The Vehicle Information may then be combined with other personal information that you provide, including your name, phone number, and email address. The Vehicle Information and personal information you provide may then be sent to a call-center that is responsible for facilitating the recall repair process. This information may also be sent to a third-party associated with the manufacturer for facilitating the recall repair. Please note that the recall verification process is not always 100% accurate, and may not include very recent activity. Further investigation may be necessary to determine if your vehicle is subject to recall. For the manufacturer’s current information on recall activity for any Toyota, Lexus, or Scion vehicle, please visit : http://toyota.com/recall, http://lexus.com/recall. For recall info for all other manufacturers, visit: https://www.nhtsa.gov/recalls.

Uploaded Photos: When you upload a photo, we will collect the photo itself along with any information, including metadata, contained therein.  Metadata may include, but is not limited to, the date, time, and geolocation data associated with the photo, the make and model of the device used to take the photo, and any other data contained in the photo. This information is used for the purposes of facilitating the recall repair process.

Contact Information: You may provide personal information to us when you fill out the “Contact Us” section of our Website or by filling out a form to have a representative contact you about your recall. This may include information such as your first and last name, email address, phone number, physical address, and any other information you choose to include in the forms (“Contact Information”). If you provide this information you agree that we, our service providers, our customers, or third-party affiliates may contact you using this information, including, by phone, post, email, and/or text message (SMS or otherwise).

Account Information: When you create an account with us, we collect information about you including, but not limited to, your name, telephone number, and email address. For security purposes, we also require that you create a secure password. We process this information to give you secure access to your account. If you participate in our Ambassador Program, we may associate your Account Information with other information including a Referral Link identifier, CarmaCoin amounts, and other information necessary to facilitate the Ambassador Program.

Communications: If you correspond with us by email, the postal service, or other form of communication, we may retain such correspondence and the information contained in it and use it to respond to your inquiry; to notify you of events, publications, or other services; or to keep a record of your complaint, accommodation request, and the like. Note: if you ask not to contact you by email at a certain email address, we will retain a copy of that email address on our “master do not send” list in order to comply with your no-contact request.  We may still send you non-marketing emails related to your relationship with us. For example, we may need to email you if you want to reset your password. If you provide us with a phone number, you agree we may contact you via telephone, text, or messaging service. Standard messaging and data rates apply.

Survey Information: If you participate in any survey, you may provide certain personal data as part of your response.

Filling Out a Form Online: When you fill out a form or submit information to us via our Website, we collect any personal information you provide and we may use that information for business purposes or to provide you with services.

4. Information We Collect Automatically

Like most websites, our Website collects certain information automatically and stores that information in log files. This includes information such as your IP address, referring website, operating system, web browser, our Website pages you visited and how much time was spent on each page, the data and time of access, and the general region or location of the IP address associated with your device. We use this information to help us design our Website to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer our Website, analyze trends and gather demographic information, and track visitor movements to assist us in identifying visitor preferences.  We do not respond to Do Not Track (DNT) signals.

Usage Information: We collect the IP addresses of all visitors to our Website and clickstream and other related information, such as information about your computer or device, web browser and operating system and their settings, the referring page that linked you to our Website, the pages, content or ads you see or click on during your visit and when and for how long you do so, items you download, the next website you visit when you leave our Website, any search terms you have entered on our Website, and whether you interact with email messages, for example, if you opened, clicked on, or forwarded the email message.

Log Data: We automatically collect your information when you use our Website, even if you have not registered for an account or logged in. That information includes, among other things: details about how you use our services (including links to third party sites or services), Internet Protocol (IP) address, access times, your browser type and operating system, device information, device event information (e.g., crashes, browser type), and the page you’ve viewed or engaged with before or after using our Website.

Cookies: To enhance your experience on our Website, we place "cookies" on your computer or device. Cookies are small text files that we place in your computer or device to store your preferences. Other information you provide may be linked to the data stored in the cookie. A cookie assigns a unique alphanumeric identifier to your Web browser or device, and may enable us to recognize you as the same user who has used our Website, and relate your use of our Website to other information about you. We use this information to provide enhanced functionality of our Website and aggregate traffic data. The cookies may be placed by us as a first-party or by third-parties on our behalf.  Most browsers automatically accept cookies. You can set your browser option so you will not receive cookies and you can also delete existing cookies from your browser. However, you may find that some parts of our Website will not function properly if you have refused cookies or similar tracking technologies. You should be aware that disabling cookies or similar tracking technologies might prevent you from accessing some of our content and your viewing of editorial content may be hampered.

Local Shared Objects: Local shared objects, such as Flash cookies, also may be stored on your computer or device. Local shared objects operate a lot like cookies, but cannot be managed in the same way. Depending on how local shared objects are enabled on your computer or device, you may be able to manage them using software settings. For information on managing Flash cookies, for example, see http://helpx.adobe.com/flash-player/kb/disable-local-shared-objects-flash.html.

HTML 5: HTML 5 is the language some websites are coded in, may be used to store information on your computer or device about your internet usage activities. This information may be retrieved by us to help us manage our Website, such as by giving us information about how our Website is being used by our visitors, how our Website can be improved, and to customize our Website for our users.

Cache Cookies: Cache cookies, such as eTags, may be used to identify your computer or device as the same computer or device that visited our Website or other websites in the past.

Web Beacons: Our Website may also use small pieces of code called "web beacons" or "clear gifs" to collect advertising metrics, such as counting page views, promotion views, or advertising responses. A web beacon is an electronic image called a single-pixel or clear GIF. Web beacons can recognize certain types of information, such as a user's cookie number, time and date of a page view, and description of the page where the web beacon is placed. These web beacons may be used to deliver cookies that conform to our cookie policy above.

Mobile Device IDs and Location-Based Information: Certain mobile devices, including smart phones and tablet devices, contain unique device IDs that can be used to identify their physical location. Some mobile device IDs are persistent, while others may be reset by accessing the device’s privacy settings. Mobile devices also typically transmit caller ID data (which may include a phone number) when used to transmit a telephone call or text message. When you use mobile devices to access our Website, we may collect and transmit unique device IDs and collect caller ID data, as well as other information about your device, including without limitation, your wireless carrier, the make, model, operating system, capacity and settings of your device, the names, package IDs and versions of other software you have downloaded to your device and information about how you interact with and navigate within our Website. With your consent, we or our authorized service providers and partners also may use precise geolocation technology such as GPS or Wi-Fi triangulation, or mobile Bluetooth beacon technology, to collect information about the exact location of your mobile device.

Software Development Kits: An SDK is computer code that app developers can include in their apps to enable ads to be shown, data to be collected and related services and functionality to be implemented. We may allow third-parties, including our business partners and service providers, to use mobile SDKs to collect data, including information related to how mobile devices interact with our Website.

5. Information We Collect from Third-Parties

On occasion, we receive personal information about individuals from third-parties. This includes the following:

Using Third-Party Sign-up: If you sign up for the Carma Project through a third-party application such as Google or Facebook, you authorize us to collect your authentication information, such as your username and encrypted access credentials, and other information available through the third-party application account.

Google: If you sign-in using your Google account, we request the name, email address, and profile picture associated with your Google account, as well as a phone number, if available.  You may choose to allow Google to share this information with Us, which we will use to create your account with the Carma Project. You can read more about this feature from Google, here. You can regulate the information  we receive from Google using your Google activity controls. If you signed up using Google by mistake, you can contact us to request that your account be deleted.

Facebook: If you sign up using Facebook, Facebook will ask your permission to share certain information from your Facebook account with us. This may include your first name, last name, email address, a profile picture, and telephone number in order for us to verify your identity, and may include other information based on the permissions you grant.  This information is collected by Facebook and is provided pursuant to the terms of Facebook’s privacy policy.  You can control the information we receive from Facebook by changing the privacy settings in your Facebook account.

Promotions or Surveys: When you enter a contest or sweepstakes ("promotion") or participate in a survey or poll ("survey") we may ask you to provide your name, address, phone number and email address.  Sometimes we use third-party service providers to administer and conduct our promotions and surveys, in which case the third-party service provider’s policies, including privacy policies, will apply to you in addition to our policies.  We use the information included in the promotion entry forms to administer your participation in the promotions and for other purposes stated on the entry form.

Service Providers, Customers, and Business Partners: We may receive information about you from our service providers, customers, and business partners, including companies that assist with processing vehicle information, rewards processing, analytics, data processing and management (e.g. to measure ad quality and responses to ads, and to display ads that are more likely to be relevant to you) account management, hosting, customer and technical support, and other services which we use to personalize your experience.

6. How Do We Use Your Personal Data?

Deliver our Services

Provide, Maintain, Protect, and Improve our Website and Applications

Personalize Content, Advertising, Promotions

There may be other reasons we use your data and will disclose those purposes to you on this Privacy Policy.

7. Do We Share Your Personal Data?

To facilitate our services, we may share your personal information with third-parties from time-to-time. We may also share your personal information with others when you have agreed for us to do so.

Third-Party Service Providers: We may share your information with third-party service providers who perform various functions to enable us to provide our services and help us operate our business. This includes functions that support website design, sending email communications, fraud detection and prevention, customer care, or performing analytics.

Our Partners and Affiliates: We may share the information we collect from and about you with our affiliates and other third-parties in an effort to bring you improved service and facilitate the recall process.

Vehicle and Recall Verification Processors: When asked by you to do so, we submit your Vehicle Information to third-parties in order to determine or verify your Vehicle Information. If authorized, we submit your Vehicle Information along with other personal information you provide us to the third-parties responsible for processing safety recalls. Generally, these are the manufacturers and/or their representatives, of the vehicles subject to recalls. Those entities may use this information to further contact you regarding a recall.

Protection of Carma Project and Others: We may share personal data when we believe it is appropriate to enforce or apply our Terms of Service and other agreements; or protect the rights, property, or safety of Carma Project, our products and services, our users, or others.  This includes exchanging information with other companies and organizations for fraud protection and risk reduction.

Response to Subpoenas and Other Legal Requests: We may share your information with courts, law enforcement agencies, or other government bodies when we have a good faith belief we're required or permitted to do so by law, including to meet national security or law enforcement requirements, to protect our company, or to respond to a court order, subpoena, search warrant, or other law enforcement request.

Sale of Our Business: If we sell, merge, or transfer any part of our business, we may be required to share your information. If so, you will be asked if you'd like to stop receiving promotional information following any change of control.

With your Consent: Other than as set out above, we will provide you with notice and the opportunity to choose when your personal data may be shared with other third-parties.

Third Party Links: Our Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third-parties to collect or share data about you. When you visit a page that includes one of these sharing tools, the third-party company that operates the tool may be collecting information about your browser, device, and online activity through its own tracking technologies and subject to its own separate privacy policy. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy notice of every website you visit.

Advertising: We share the data collected about you, generally, in hashed, aggregated, or de-identified forms with advertisers and advertising service providers and business partners in order to serve ads based on your interests and measure the reach and effectiveness of those ads, including whether a user took an action (e.g. clicked a link). We may also share cookie data and device identifiers with service providers for data-matching purposes, in order to improve ad targeting and retargeting.

Social Media: We may share your email address or phone number with Facebook, or other social media platforms, in order to target you with ads on Facebook and on third-party websites and applications in the Facebook Audience Network. We also allow Facebook and other social media platforms to collect information through cookies and similar technologies like pixels in order to serve ads for us on various third-party websites and apps. These technologies track activity taken across devices after a user sees one of our ads, in order to determine performance metrics such as sign-ups, visits to our Website, and other specific actions taken. Any questions regarding how these social media platform service provider processes your personal data should be directed to such third-party platform.

8. Your Choices Regarding Personal Data

You have choices regarding how we use your personal data. We respect your choices and attempt to honor them whenever possible.  We allow you to opt-out of email marketing at your discretion.  Additionally, you can alter your device and browser setting to refuse the placement of third-party cookies and location-based tracking.

Email: You may opt-out of any commercial emails sent by us by unsubscribing from them in the link provided in the email.

Cookies: You can use your web browser settings to directly block all cookies, or just third-party cookies. Using your browser settings to block all cookies, including strictly necessary ones, may interfere with proper site operation.  Guidance on how to control cookies in popular browsers can be found here:

You can also find additional information on cookie controls and advertisements here:

Analytics: Google allows users to opt-out of tracking by Google Analytics and Google Analytics Demographics and Interest Reporting services.  You can adjust your settings here, or download the Google Analytics Opt-Out Browser Add-on.

9. Data Security

Data security is a priority for us.  To this end, we have appropriate security measures in place to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third-parties who have a business need to know.  We have put in place procedures to address any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

10. Children’s Privacy

We are committed to complying with the Children's Online Privacy Protection Act (COPPA).  Our Website is not directed to children under the age of 13. We do not knowingly collect personal information from children under the age of 13. If we receive personal information that we discover was provided by a child under the age of 13, we will promptly destroy such information. Additional information is available on the Direct Marketing Association's home page at http://www.the-dma.org. If you would like to learn more about COPPA, visit the Federal Trade Commission home page at http://www.ftc.gov.

11. California Privacy Rights

If you are a California resident, you also have the ability to ask us for a notice identifying the categories of personal information, as defined by California Civil Code Section 1798.83, we share with our affiliates and/or third-parties for their direct marketing purposes and the contact information for such affiliates and/or third-parties (under California Civil Code Sections 1798.83-1798.84). If you are a California resident and would like a copy of this notice, please submit a written request to legal@carmaproject.com.

12. Updates to Our Privacy Policy

We may revise this Privacy Policy at any time, so please review it periodically. If you continue to visit our Website and use the services made available to you after such changes have been made, you hereby provide your consent to the changes.

We will post any updates to this Privacy Policy on this webpage, and the revised version will be effective when it is posted. If you are concerned about how your information is used, please bookmark this page and read this Privacy Policy periodically.

13. How to Contact Us

If you have any questions or wish to register a complaint in relation to this Privacy Notice or the manner in which your personal data is used by us, please contact us by any of the following means:

By Email: legal@carmaproject.com

By Mail: Carma Project, 2900 Bristol Street, Suite D-201, Costa Mesa, CA 92626