Legal
Privacy Policy
What we collect, why, who we share it with, how long we keep it, and how to ask us to delete it. Written to be understood, not buried.
Last updated June 8, 2026
Draft — pending legal review. This page accurately describes what the service collects today, but specific terms (operating entity, contact inbox, governing law, and state data authorization) are still under review.
Who we are
VIN Lookup (“the Service,” “we,” “us”) lets you look up a vehicle by its Vehicle Identification Number (VIN) and view a plain-language summary, including whether a state safety/emissions inspection record is on file.
We are not a government agency. The Service is not affiliated with, endorsed by, or operated on behalf of any state motor-vehicle, environmental, or inspection authority, nor with any vehicle-inspection program operator. Information shown is informational only and is not an official inspection record or certificate. For registration, sale, legal, or compliance purposes, obtain an official record from the relevant state authority.
Information we collect
We collect only what the Service needs to function.
Your email address
When you ask to view inspection details or to have a report delivered, you provide an email address. We use it to send a one-time verification (“magic”) link confirming the address is yours, and to deliver the report you request. We store the address as typed and a normalized form (used to enforce the per-address monthly report limit).
Your IP address
We record the IP address of requests to enforce rate limits — the per-address and per-IP caps that protect the Service from abuse and runaway cost. IP addresses are stored only in short-lived rate-limiting records.
The VIN you look up
We process the VIN you enter to perform the lookup, fetch a vehicle-type decode, and (if you request one) build a report. A VIN identifies a vehicle, not a person, and we do not associate a VIN with an individual.
What we do not collect
We do not run advertising or third-party analytics trackers, we do not sell or rent personal information, and we do not build advertising profiles. Any diagnostic-scan PDF you upload to generate a full report is processed in memory and is not stored.
The inspection data we display
The Service displays state safety/emissions inspection results — such as test date, pass/fail outcome, and diagnostic trouble codes — for vehicles across Connecticut, Virginia, Wisconsin, Rhode Island, Utah, and New York. This is public-record-adjacent vehicle data keyed by VIN; it describes a vehicle, not its owner. Records are refreshed periodically from state program sources. This data is informational only and is not an official record.
Who we share it with
To run the Service we share the minimum necessary data with the following service providers. They act on our behalf and may not use your data for their own purposes:
| Provider | What it receives | Why |
|---|---|---|
| Report generator | The VIN and DTC codes | To produce the full vehicle report |
| Postmark | Your recipient email and the report PDF | To deliver the verification link and report by email |
| NHTSA vPIC | The VIN | To decode vehicle type / specifications |
| Vercel | Requests to the Service | To host and serve the application |
| AWS | Stored records described here | To store the database that backs the Service |
We do notsell or “share” personal information for cross-context behavioral advertising as defined under the CCPA/CPRA. We may disclose information if required by law.
How long we keep it
We keep personal information only as long as it serves its purpose, then delete it on a recurring schedule enforced by an automated daily job:
| Record | What it holds | Retention |
|---|---|---|
| Magic-link records | Email address | Deleted 7 days after the link expires (links expire in 1 hour) |
| Rate-limit records | IP address | Deleted after 30 days |
| Report-request records | Email, VIN, status | Deleted after 24 months |
| Uploaded scan PDFs | — | Never stored (in-memory only) |
Your rights and choices
Depending on where you live (including under the California Consumer Privacy Act as amended by the CPRA), you may have the right to know/access, delete, and correct your personal information, to opt out of sale or sharing (we do neither, so there is nothing to opt out of), and not to be discriminated against for exercising these rights.
How to make a request
Email privacy@quik-scan.com with your request. To protect your information we may ask you to confirm the email address associated with your activity. We respond within the timeframe required by applicable law.
Security
We protect data in transit and at rest with industry-standard measures: TLS for all connections, verified TLS to our database, single-use time-limited verification links, and least-privilege database access. No system is perfectly secure, but the Service is designed to collect as little personal information as possible.
Children
The Service is not directed to children and we do not knowingly collect personal information from children under 13 (or the applicable age in your jurisdiction).
Changes & contact
We may update this policy; material changes update the date above. Questions about this policy or your privacy: privacy@quik-scan.com. See also our Terms of Service.