Privacy Policy

Valofair ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share information when you use our insurance dispute platform and related services (the "Services").

We process personal data in accordance with the EU General Data Protection Regulation (GDPR), the French Data Protection Act, the German Federal Data Protection Act (BDSG), and other applicable laws.

For the purposes of GDPR, Valofair is the data controller of personal data processed through our Services. You can contact our data protection team at any time:

We collect personal data that you provide directly, that we generate when you use the Services, and that we receive from third parties (such as insurers and document providers).

• Account data: name, email, password (hashed), phone number, country.
• Claim data: vehicle make/model/year/mileage, accident details, insurer name and offer amount, photos and supporting documents.
• Identity & verification data: copies of vehicle registration, ID where required for legal escalation.
• Payment data: limited billing details processed by our payment partner Stripe; we do not store full card numbers.
• Technical data: IP address, browser, device information, log files, cookies and similar identifiers.

We process your personal data for the following purposes and on the following legal bases:

• To provide the Services and manage your claim (performance of contract – Art. 6(1)(b) GDPR).
• To analyse documents, generate valuations and prepare dispute correspondence (performance of contract).
• To communicate with you about your case, account and updates (performance of contract / legitimate interest).
• To comply with legal obligations, including accounting, tax and consumer protection rules (legal obligation – Art. 6(1)(c) GDPR).
• To improve and secure the platform, prevent fraud and abuse (legitimate interest – Art. 6(1)(f) GDPR).
• To send marketing communications, only where you have opted in (consent – Art. 6(1)(a) GDPR).

We share personal data only where necessary and with appropriate safeguards, including with:

• Insurers, experts and lawyers involved in handling your dispute, with your authorisation.
• Service providers acting as processors on our behalf (cloud hosting, OCR, email delivery, payment processing).
• Public authorities and regulators where we are legally required to do so.

We do not sell your personal data. International transfers outside the EU/EEA are protected by Standard Contractual Clauses or other safeguards approved by the European Commission.

We retain personal data only as long as necessary for the purposes described above and to comply with our legal obligations:

• Active claim data: for the duration of the dispute and 6 years thereafter for legal and accounting purposes.
• Account data: until you delete your account, then up to 30 days for backup deletion.
• Marketing data: until you withdraw consent.
• Server logs: typically 90 days.

Under GDPR you have the following rights regarding your personal data:

• Right of access – obtain a copy of the data we hold about you.
• Right to rectification – correct inaccurate or incomplete data.
• Right to erasure – request deletion ("right to be forgotten").
• Right to restriction – limit how we process your data.
• Right to data portability – receive your data in a machine-readable format.
• Right to object – object to processing based on legitimate interest or for direct marketing.
• Right to withdraw consent at any time, without affecting prior lawful processing.
• Right to lodge a complaint with a supervisory authority (e.g. CNIL in France, BfDI in Germany).

To exercise any of these rights, contact privacy@valofair.com. We will respond within one month.

We implement appropriate technical and organisational measures to protect personal data, including TLS encryption in transit, AES-256 encryption at rest, role-based access controls, audit logging, and regular security reviews. Despite our efforts, no method of transmission is 100% secure; you use the Services at your own risk.

We use strictly necessary cookies to operate the Services (authentication, security) and, with your consent, analytics cookies to understand how the platform is used. You can manage your cookie preferences at any time through your browser settings or our cookie banner.

We may update this Privacy Policy from time to time. Material changes will be notified by email or through a prominent notice on the platform at least 30 days before they take effect.