Join the beta

Opaius Legal

Privacy Policy.

This policy explains how Opaius handles information across Opaius, Louro, Opie, the web app, the mobile app, beta programs, and related services.

Last updated: July 16, 2026

1. Overview

This Privacy Policy explains how Opaius collects, uses, discloses, and protects information when you use Opaius, Louro, Opie, our websites, web applications, mobile applications, beta programs, communications, APIs, and related services. We refer to these collectively as the Services.

Louro is designed to help people and organizations understand, maintain, and preserve information about vehicles, equipment, repairs, records, diagnostics, ownership, and operations. Because that information can be personal, operational, or commercially sensitive, this policy is written to explain the actual categories of information our products may process.

If you use the Services through an organization, shop, fleet, workspace, freight account, employer, or other entity, that organization may control certain information and settings. Its own privacy practices may also apply.

2. Information You Provide

We collect information you provide directly, including your name, email address, phone number, profile details, username or handle, profile photo or avatar, job title, organization information, support messages, beta requests, career applications, and other information you submit through forms or account flows.

You may provide vehicle and equipment information such as VIN, year, make, model, trim, mileage, unit numbers, registration details, insurance details, service records, maintenance reminders, repairs, modifications, inspections, road trips, notes, documents, photos, videos, audio clips, scan results, recalls, complaints, fault codes, and operational history.

You may provide social and public profile information, including profile photos, profile card backgrounds, bios, follows, follower relationships, badges, achievements, leaderboards, garage activity, comments, messages, shared records, and public or semi-public profile settings. A profile photo may contain a clear picture of your face. We resize and crop profile photos to create display variants, but Louro does not use them for facial recognition, identity matching, face geometry, or biometric templates.

You may provide organization and workspace information, including organization names, members, roles, locations, customers, vendors, suppliers, jobs, appointments, invoices, freight assets, drivers, loads, documents, time records, geofence information, work records, and operational notes.

3. Information Collected Automatically

When you use the Services, we may collect technical and usage information such as IP address, device type, operating system, browser type, app version, pages or screens viewed, referring URLs, timestamps, session information, feature usage, crash reports, performance logs, error logs, diagnostics, and security events.

We use cookies, local storage, and similar technologies for authentication, session management, theme preferences, locale preferences, security, product functionality, consent choices, and analytics where enabled. We do not use advertising cookies on the Opaius marketing site.

The Louro web app may use Vercel Analytics and similar operational tooling to understand aggregate product usage and performance. Error reports may be sent to logging systems or Sentry so we can diagnose failures and improve reliability.

4. Mobile App Permissions and Device Data

Camera and Photos: the Louro iOS app may request camera access to scan VINs or QR codes, capture vehicle and visible-damage photos, or let you choose an image for a profile, vehicle, record, or Opie feature. Louro accesses only the image you capture or select for the action you initiate.

Microphone and speech: the app may request microphone access when you dictate a message, record a vehicle sound, or use another voice feature. Current sound-diagnosis classification is designed to run on the device. If you choose server transcription, the audio clip is sent through Opaius to Google Gemini for transcription after the applicable AI-sharing consent.

Bluetooth: the app may request Bluetooth access to discover and connect to a supported OBD-II adapter, remember the adapter you selected, read diagnostic trouble codes or live vehicle telemetry, and, when you separately enable automatic drive tracking, recognize the adapter in the background.

Location: the app may request an approximate one-time location when you ask Opie for nearby shops or services and a more precise one-time location for an organization geofence or time-clock action. If you separately enable automatic drive tracking, Louro may request Always location access and collect a route, distance, timestamps, and related trip measurements while a drive is active, including in the background. Automatic drive tracking is off by default and can be turned off in Louro settings or iOS Settings.

Notifications: the app may request notification permission for service reminders, recall or maintenance alerts, Opie replies, account or security notices, and other alerts you choose to receive. Promotional notifications, if offered, require the applicable opt-in. You can change notification settings in Louro and iOS Settings.

You can deny or later revoke camera, photo, microphone, speech recognition, Bluetooth, location, or notification access through iOS Settings. The related feature may stop working, but unrelated parts of Louro remain available.

5. Guest Mode

Guest Mode allows some users to talk to Opie or use limited tools before creating an account. Guest Mode is designed to be limited. Some guest conversations may exist only in the app session unless you create an account and successfully import them.

Guest Mode may store limited counters or preferences on your device, such as message counts, daily diagnostic tool counts, attachment counts, appearance settings, or similar limits. This helps enforce guest limits and maintain the experience without requiring an account.

If you create an account from Guest Mode, the app may import your guest conversation into your account so you can continue from the same context.

6. Vehicle, Diagnostic, Recall, and Safety Data

The Services may process vehicle identifiers, VINs, mileage, service history, OBD-II codes, live OBD-II readings, odometer readings, adapter connection logs, sound recordings, diagnostic results, camera captures, damage assessment outputs, recall lookups, NHTSA results, reminders, and related notes.

OBD-II adapters and vehicle systems may expose diagnostic trouble codes, live readings, protocol information, adapter details, and other technical data. The specific data available depends on your vehicle, adapter, device, permissions, and feature use.

Recall, complaint, safety, vehicle catalog, VIN decode, and similar information may be queried through public or third-party sources such as NHTSA. Some queries may include vehicle attributes such as year, make, model, and sometimes VIN, depending on the feature.

Diagnostic and safety-related features are informational. We use this data to provide product functionality, but you remain responsible for verifying information with authoritative sources, qualified mechanics, manufacturers, dealers, insurers, and regulators.

7. Opie, AI, Audio, and Automated Features

Before a Louro iOS feature sends your personal data or User Content to a third-party AI provider, Louro presents a consent notice that identifies the kinds of data involved, the purpose, and the provider or providers that may receive it. You may decline and continue using non-AI features. You may later withdraw consent in Louro's AI Data Sharing settings; withdrawal stops new AI transmissions but does not recall information already processed for a request.

For an Opie chat request, the information sent may include the prompt you submit, recent conversation text needed for continuity, your selected model, and server-generated context relevant to the request, such as vehicle year, make, model, mileage, maintenance, diagnostic, recall, garage, account, or organization details. When you explicitly ask for a nearby place, approximate latitude and longitude may also be used for that request. Louro does not send your full account database to an AI provider.

Google Gemini is the primary provider for Louro iOS Opie chat and server voice transcription. Model-enabled Opie and workspace features may also route a request to OpenAI, Anthropic, Groq, or Fireworks when that provider is selected or configured. Replicate receives vehicle details and any vehicle reference images you intentionally select when you request an AI-generated vehicle hero image. The consent notice shown for a feature must match the provider that feature can use; we do not silently substitute an undisclosed provider.

The current on-device sound-diagnosis and visible-damage classification flows are designed to analyze the raw recording or damage photo on the iPhone. If you choose to discuss the result with Opie, Louro may send the resulting text label, confidence, or summary to the disclosed AI provider. A future feature that uploads raw audio or photo pixels for AI analysis will require an updated disclosure and consent before transmission.

Images selected as profile photos or vehicle records are not sent to an AI provider merely because they were stored in Louro. When an image-enabled AI feature is available, its screen will identify whether the actual image is transmitted. Vehicle hero generation is one such image-enabled feature and uses Replicate as described above.

We may use AI interaction data to operate, secure, debug, evaluate, and improve the Services. We do not want you to submit passwords, payment card numbers, government identifiers, protected health information, trade secrets, or other highly sensitive information to AI features unless a feature clearly requires it and you understand the risk.

AI outputs can be inaccurate. Human review, verification, and professional judgment remain important, especially for safety, mechanical, insurance, legal, employment, operational, or compliance decisions.

8. Payments, Billing, and Subscriptions

If you purchase a subscription, buy AI credits, enable overage billing, or use paid features, we and the applicable payment provider may process plan information, purchase and renewal status, transaction identifiers, invoices, usage limits, overage settings, tax information, storefront, and payment metadata.

Garage+ purchased in the Louro iOS app is processed by Apple through the App Store. Apple handles the payment credentials and sends us subscription and entitlement information needed to unlock and support Garage+. Web and organization purchases may be processed by Stripe. We do not store full payment card numbers on our servers.

Organization owners and admins may be able to view billing status, subscription plan, usage, invoices, limits, overage settings, and related account information for their organization.

9. How We Use Information

We use information to provide, operate, secure, maintain, personalize, and improve the Services; create and manage accounts; authenticate users; process payments; provide customer support; send transactional messages; deliver product updates; enforce limits; process diagnostics; provide AI features; enable social and organization features; and troubleshoot bugs or outages.

We may use information to protect users, vehicles, organizations, and the Services from fraud, abuse, security threats, policy violations, unauthorized access, spam, and misuse.

We may use aggregated or de-identified information to understand trends, improve features, research product performance, train internal evaluation workflows, and develop new products. We do not use de-identified data to identify you.

10. How We Share Information

We do not sell your personal information. We may share information with service providers that help us operate the Services, including hosting, database, storage, authentication, payments, email, analytics, error monitoring, AI processing, transcription, push notifications, maps, public data lookups, support, and security providers.

Current service providers and infrastructure relevant to Louro may include Supabase for database and file storage, WorkOS for authentication, Apple for App Store purchases and platform services, Stripe for web payments, Vercel for hosting, Sentry for error monitoring, Resend for email, Google Gemini, OpenAI, Anthropic, Groq, Fireworks, and Replicate for the AI purposes described above, NHTSA public APIs for vehicle and recall data, map or place providers for location searches, and eBay for live upgrade listings. We will update this policy and the applicable consent flow before a materially different AI-sharing practice takes effect.

We may share information with organization owners, admins, members, invited collaborators, customers, suppliers, contractors, or other users when you use organization, workspace, public profile, shared record, messaging, social, job, proof, QR, or collaboration features.

We may disclose information if required by law, subpoena, court order, regulator, legal process, safety concern, security investigation, rights enforcement, fraud prevention, or to protect Opaius, users, the public, or third parties.

If Opaius is involved in a merger, acquisition, financing, reorganization, bankruptcy, asset sale, or similar transaction, information may be transferred as part of that transaction, subject to appropriate protections.

11. Public and Shared Information

Some features are public or semi-public by design. This may include handles, display names, avatars, bios, profile cards, public garage information, public ledger views, achievements, badges, follows, follower counts, leaderboards, organization profiles, shared vehicle records, QR-accessible records, comments, messages, and other content you choose to share.

Visibility settings may not remove information already copied, cached, indexed, screenshotted, exported, or shared by others. Be careful before making vehicle, identity, location, repair, or operational information public.

When you participate in an organization or workspace, authorized users in that organization may see content and activity associated with that workspace, even if your personal profile is private.

12. Cookies and Similar Technologies

We use essential cookies and similar technologies for login, authentication, fraud prevention, security, routing, preferences, localization, and product functionality.

We may use analytics technologies to understand how the Services are used and performing. Where a consent banner or setting is available, you can choose your cookie preferences. Browser settings may also let you block or delete cookies, but some Services may not work correctly without essential cookies.

We do not use cookies to sell your personal information or to serve third-party behavioral advertising on the Opaius marketing site.

A cookie or analytics choice is separate from consent to share personal data with a third-party AI provider. Accepting cookies does not grant AI-sharing consent, and withdrawing AI-sharing consent does not automatically clear essential cookies or device storage.

13. Upgrades and eBay Marketplace

When you search the Upgrades catalog, Opaius sends eBay a parts query and relevant vehicle fitment attributes, which may include year, make, model, trim, engine, body style, category, and the search terms or filters you select. We use the response to display live listings, seller information, price, shipping estimate, availability, and compatibility information.

If you open a listing, you leave Louro for eBay. eBay and the seller process the visit, account, payment, shipping, returns, warranty, and transaction under their own terms and privacy practices. Opaius does not receive your eBay password or full payment-card details.

Some eBay links may include an Opaius affiliate campaign or reference identifier. Opaius may receive a commission from a qualifying purchase without changing the price shown to you. We may receive aggregate click or conversion reporting from eBay. Vehicle fitment labels are informational and should be confirmed with the seller or manufacturer before purchase or installation.

14. Data Retention

Account, profile, garage, vehicle, conversation, diagnostic, trip, and uploaded product data are generally kept while your account is active or until you delete the applicable record or account, subject to feature behavior, shared-record integrity, and the exceptions below. Local recordings, photos, permission choices, and guest counters remain on your device until the app or data is removed, unless you choose a feature that uploads or synchronizes them.

AI request content may be kept in your Louro conversation or related record so you can return to it. Third-party AI providers process and retain data under our service configuration and their applicable business-service terms. Withdrawing consent stops future sharing; delete the relevant conversation or account, or contact us, to request deletion from Opaius systems where available.

Profile photos are stored as several resized display copies and may be publicly accessible when your profile is public. Replacing or deleting a profile removes or de-links the active display references; prior copies, caches, and backup copies may persist for a limited operational period while cleanup and backup cycles complete.

Billing and transaction records may be kept as required for tax, accounting, audit, App Store reconciliation, dispute, and legal purposes. Security, diagnostic, support, and error logs are kept only as long as reasonably needed for reliability, fraud prevention, investigation, or compliance.

Guest Mode conversations may be session-based unless imported into an account, but some guest counters or limits may persist locally on your device.

Backups, caches, and disaster-recovery copies may retain information for a limited period after deletion from active systems and are not used to restore a deleted account except where necessary for security or legal recovery.

15. Account Deletion and Deactivation

You may initiate account deletion inside the Louro iOS app or through the direct account-deletion page at opaius.com/account/delete. Deactivation may disable access and hide your profile. Deletion anonymizes or removes personal profile fields, removes organization memberships and access, clears active avatar references, deletes or detaches selected account records, revokes the active session, and signs you out.

Some information may be retained or preserved after deletion where necessary for billing, taxes, legal compliance, security, fraud prevention, dispute resolution, backups, audit logs, organization continuity, public record integrity, vehicle record history, ledger integrity, or other legitimate purposes.

Before requesting deletion, export or save information you need. Deleted or anonymized information may not be recoverable.

16. Security

We use administrative, technical, and organizational safeguards designed to protect information, including access controls, encrypted transmission, authentication controls, storage protections, logging, and least-privilege practices where appropriate.

No system is perfectly secure. You are responsible for keeping your credentials safe, using secure devices, controlling organization access, and promptly telling us if you suspect unauthorized access.

17. Children

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, contact us so we can take appropriate action.

Some AI or community features may require additional age-related controls or restrictions. We may limit access to those features based on age, account settings, law, or safety requirements.

18. Your Privacy Choices and Rights

Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal information. You may also have rights to appeal certain decisions or lodge a complaint with a regulator.

California residents may have rights under the California Consumer Privacy Act, including rights to know, delete, correct, opt out of sale or sharing, limit certain sensitive personal information use, and be free from discrimination for exercising privacy rights, subject to legal exceptions. We do not sell personal information.

You can manage some information directly in the Services, including profile visibility, AI Data Sharing consent, organization settings, notification settings, mobile permissions, and billing settings. Visit opaius.com/privacy/choices for direct instructions and request paths for access, correction, export, deletion, AI consent withdrawal, and permission controls.

19. International Users

Opaius is based in the United States. If you use the Services from outside the United States, your information may be processed in the United States and other countries where we or our providers operate.

Data protection laws in those countries may differ from the laws where you live. Where required, we use appropriate safeguards for cross-border transfers.

20. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the Last updated date. If changes are material, we may notify you by email, in-app notice, website notice, or another appropriate method.

Your continued use of the Services after the updated policy takes effect means you acknowledge the updated policy.

21. Contact Us

For privacy questions or requests, contact us at privacy@opaius.com or support@opaius.com.

For account, billing, deletion, or administrative requests, you may also contact admin@opaius.com.