Recall Module Privacy Policy

Last updated: 2026-03-19

This policy applies to the recall and service-action verification feature in Volvo VIN Guardian. It explains what data is processed when you use recall lookup by VIN.

1. What data is processed

• VIN entered by the user.
• Technical metadata returned by public sources (for example make, model, year, campaign details).
• Operational metadata on the local proxy (request timestamps, source status, response latency).

2. Purpose of processing

Data is processed exclusively to provide informational recall and safety-action checks and to improve reliability of source integration (cache and rate limiting).

3. Data recipients

VIN is transmitted to public external sources used by the feature, including NHTSA and EU Safety Gate related datasets when available. These services are independent data controllers under their own terms and policies.

4. Storage and retention

• In-memory cache on local proxy: up to 24 hours by default.
• No long-term database persistence is implemented in the default MVP setup.
• Rate-limit counters are transient and kept in memory only.

5. Legal and quality disclaimer

Recall output is informational and can differ from official OEM or dealer systems due to feed lag, source schema changes, and market differences. Final eligibility and service-action status must always be confirmed by an authorized Volvo service center.

6. User rights and contact

If you deploy this project publicly, provide your own controller contact details and legal basis notice in line with local regulations (including GDPR where applicable).