Effective date: 26 May 2026 Β· Last updated: 26 May 2026
This Privacy Policy applies to the website operated by Auto X Supply ("Auto X", "we", "us", "our") and to any associated mobile or desktop applications we publish through the Apple App Store, Google Play, Microsoft Store or any third-party platform (collectively, the "Service"). By using the Service you confirm that you have read and understood this Policy.
1. Who we are
The data controller responsible for your personal information is:
- Auto X Supply
- Auto X Supply — Head Office No. 327, Linghai Road, Lingshanwei Subdistrict, Huangdao District, Qingdao City, Shandong Province
- Guangzhou, Guangdong Province, People's Republic of China
- Email: info@autoxsupply.com
- Phone: +86 19053230545
For any privacy-related question β to exercise your rights, request a copy of your data, or raise a concern β write to us at the email address above with the subject line "Privacy request". We respond within 30 days.
2. Summary
- We collect information you give us through enquiry, sourcing, order, tracking, payment and account forms; information about your visit (such as device, browser, language and approximate location from your IP address); and information from partners who help us run the Service (hosting, email, payment, shipping).
- We use this information to answer your enquiries, fulfil and ship your orders, take payment, keep the Service secure, comply with our legal obligations and improve the Service.
- We do not sell your personal information, and we do not show third-party advertising on this Service.
- You can ask us to access, correct, export or delete your information, withdraw consent, or close your account at any time β see Section 11 below.
3. Information we collect
3.1 Information you give us
- Identity and contact data β name, company, email address, phone number, country and any other details you submit when you contact us, create an account, request a quotation, place an order, track a shipment, or apply for a job.
- Account credentials β your email address and a hashed password (we never see or store your password in plain text). If you sign in through a third-party identity provider, we receive the basic profile information that provider releases to us.
- Order and shipment data β vehicle make / model / year, chassis or VIN number, parts requested, photos you upload, delivery address, incoterms and shipment references.
- Payment data β when payment is taken online, the payment is processed by a third-party payment provider; we receive only the transaction reference, amount, currency and status. We do not see or store full card numbers or bank credentials.
- Correspondence β the content of emails, WhatsApp messages, chat messages and call notes you exchange with our team.
3.2 Information collected automatically
- Device and connection data β IP address, user-agent string, device type, operating system, browser, screen size, referring URL and the language preference your browser sends.
- Usage data β pages viewed, time of visit, links clicked, files downloaded and similar diagnostic information used to keep the Service available and to detect abuse.
- Approximate location β we derive an approximate country, region and city from your IP address using a third-party geolocation lookup. We do not collect precise GPS location from this website.
- Cookies and similar technologies β see Section 5 below for the full list.
3.3 Information from third parties
- Identity providers and single sign-on services, if you choose to sign in with one.
- Payment providers, who confirm the outcome of your payment to us.
- Shipping carriers and freight forwarders, who give us tracking and delivery confirmation events.
- Public business directories and trade references, where you have asked us to verify your company before extending trade terms.
4. How we use your information (purposes and legal bases)
Under the EU and UK General Data Protection Regulation (GDPR), each purpose is supported by one or more legal bases listed below. Where we rely on consent, you can withdraw it at any time.
- Provide the Service β answer enquiries, prepare quotations, source and ship parts, take payment, run customer accounts and customer support. Legal basis: performance of a contract, or steps to enter into a contract at your request.
- Operate and secure the Service β host the website, prevent fraud and abuse, detect and block attacks, keep audit logs, back up data, and diagnose technical problems. Legal basis: legitimate interest in running a reliable, secure service.
- Comply with legal obligations β meet export, customs, tax, accounting, anti-money-laundering, sanctions-screening and similar requirements. Legal basis: legal obligation.
- Communicate with you β send transactional emails (order confirmations, shipping updates, password resets) and respond to your messages. Legal basis: performance of a contract and legitimate interest in responding to enquiries.
- Improve the Service β analyse aggregated traffic and usage data to understand which pages and services are useful. Legal basis: legitimate interest in improving our offering.
- Marketing β we do not send marketing emails by default. Where local law requires consent, we will ask for it before adding you to a marketing list, and every marketing email will carry a one-click unsubscribe link. Legal basis: consent (and / or legitimate interest where permitted by local law for existing customers).
5. Cookies and similar technologies
A cookie is a small text file stored on your device by your browser. We use a small number of strictly necessary cookies plus one preference cookie. We do not use third-party advertising, retargeting, or cross-site tracking cookies.
| Cookie | Purpose | Type | Lifetime |
|---|---|---|---|
.AspNetCore.Identity.Application |
Keeps you signed in to your account. | Strictly necessary | Session / up to 14 days |
.AspNetCore.Antiforgery.* |
Protects forms against cross-site request forgery (CSRF). | Strictly necessary | Session |
.AspNetCore.Culture |
Remembers the language you selected (English / Arabic). | Preference | 1 year |
autox_vid |
A random per-visitor identifier used so the admin team can see how many people are currently on the site and detect abnormal traffic. It is not linked to your account or to any personal identifier. | Analytics (first-party) | 1 year |
You can block or delete cookies through your browser settings. Disabling strictly-necessary cookies will prevent core features (sign-in, form submission) from working.
6. Third parties who process data on our behalf
We rely on a small number of trusted providers ("sub-processors") to deliver the Service. Each of them processes personal information only on our instructions, under a contract that requires appropriate security and confidentiality.
| Provider | Role | Data processed | Location |
|---|---|---|---|
| Microsoft Azure | Cloud hosting, database, file storage | All data you submit to the Service | European Union or region selected at deployment |
| Azure Communication Services | Sending transactional email | Recipient email address, message subject and body | Microsoft |
| ip-api.com | Approximate IP-to-location lookup | Your IP address (sent for the lookup; not stored by us beyond cache) | ip-api.com |
| Google Fonts | Web fonts served from Google's CDN | Your IP address and browser headers (for the font request) | Google LLC |
| Payment provider | Card and bank payment processing | Payment details you provide on the provider's secure page | Depending on provider β disclosed before payment |
| Freight and courier carriers | Shipping and customs clearance | Your name, address, phone, order details | Country of dispatch and destination |
When we publish an app on the Apple App Store, Google Play, Microsoft Store or other platforms, those platform operators may also collect installation, crash and diagnostic data in line with their own privacy policies, which we cannot override.
7. International data transfers
Auto X Supply operates internationally. Personal information you submit may be stored or processed in countries other than your own β including the People's Republic of China, the European Union and the United States β depending on where our staff, sub-processors and customers are located. Where personal data leaves the European Economic Area, the United Kingdom or Switzerland, we rely on the European Commission's Standard Contractual Clauses, adequacy decisions or other lawful transfer mechanisms permitted under applicable law.
8. How we share information
We share personal information only as described in this Policy:
- With the sub-processors listed in Section 6, under contract, to deliver the Service.
- With our suppliers, manufacturers and partner workshops to the extent strictly required to source and inspect the parts you have ordered.
- With shipping, customs, insurance and inspection authorities to the extent strictly required to export the goods to your destination.
- With professional advisers (lawyers, auditors, accountants) under a duty of confidence.
- With a buyer or successor entity if Auto X Supply is involved in a merger, acquisition, financing or sale of assets β your data is transferred subject to the same protections set out in this Policy.
- With courts, regulators, tax authorities, law-enforcement agencies and other government bodies where required by law, or to establish, exercise or defend legal claims.
We do not sell or rent personal information, and we do not share it with third parties for their own marketing.
9. How long we keep your information
We retain personal information for as long as we need it for the purposes set out in this Policy, and afterwards only for the period required by law (for example, accounting and customs records are typically retained for up to ten years). Indicative retention periods are:
- Account data: while your account is open, then up to 24 months after closure for fraud-prevention and legal-claim purposes.
- Order, shipping, invoicing and tax records: up to 10 years to meet accounting, customs and tax obligations.
- Enquiry and quotation correspondence with no resulting order: up to 24 months.
- Web server access logs: up to 90 days for security and abuse-prevention.
- The in-memory visitor activity log used for the admin dashboard: rolling 24-hour window, never written to disk.
10. Security
We protect personal information with industry-standard organisational and technical measures: HTTPS / TLS in transit, encryption at rest for cloud storage, hashed and salted passwords, role-based access control, audit logging, regular backups, anti-forgery protection for forms, and ongoing patching of the operating system, runtime and dependencies. No method of transmission or storage is 100% secure; we encourage you to use a strong, unique password for your account and to notify us immediately at info@autoxsupply.com if you suspect any unauthorised use of your account.
11. Your rights
Depending on where you are based, you may have some or all of the following rights:
- Access β request a copy of the personal information we hold about you.
- Rectification β ask us to correct information that is inaccurate or incomplete.
- Erasure ("right to be forgotten") β ask us to delete your personal information, subject to legal retention obligations.
- Restriction β ask us to pause processing of your information while a request is investigated.
- Portability β receive a machine-readable copy of the data you provided to us, where processing is based on consent or contract.
- Objection β object to processing carried out on the basis of legitimate interest, including profiling.
- Withdraw consent β where we rely on consent, withdraw it at any time, without affecting earlier processing.
- Complaint β lodge a complaint with your local data-protection authority.
To exercise any of these rights, write to info@autoxsupply.com with the subject line "Privacy request". We may need to verify your identity before acting on a request.
11.1 California residents (CCPA / CPRA)
If you live in California, you have the right to know what categories of personal information we collect, the sources we collect it from, the purposes for which we use it and the categories of third parties we share it with β all described above. You also have the right to request deletion of your personal information, to correct inaccurate information, and to opt out of any "sale" or "sharing" of personal information for cross-context behavioural advertising. We do not sell or share personal information in this sense. We will not discriminate against you for exercising any of these rights.
11.2 Brazil (LGPD), United Kingdom, Switzerland, and other jurisdictions
Residents of Brazil, the United Kingdom, Switzerland and other jurisdictions with comparable data-protection laws have equivalent rights and may exercise them by writing to the contact address above.
12. Children's privacy
The Service is intended for businesses and adult consumers. It is not directed to children under 16 and we do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us and we will delete it. Where any of our apps are listed on Google Play, Apple App Store, Microsoft Store or similar platforms, the age rating is set so that the listing is not directed to children.
13. Do Not Track and Global Privacy Control
Our website does not use cross-site advertising or third-party analytics that would respond to "Do Not Track" or Global Privacy Control signals. The strictly-necessary and preference cookies described in Section 5 remain in use regardless, because the Service cannot function without them.
14. App-store and mobile-platform disclosures
Where Auto X publishes an application on a mobile or desktop platform, the following platform-specific points apply in addition to the rest of this Policy:
- Apple App Store / App Tracking Transparency β we do not track you across other companies' apps or websites for advertising or measurement purposes within the meaning of Apple's App Tracking Transparency framework, and we therefore do not request the App Tracking Transparency permission.
- Google Play / Data Safety β the data categories listed in Section 3, the purposes in Section 4 and the sharing described in Sections 6 and 8 form the basis of the disclosures we submit to Google Play's Data Safety form. Data is transmitted in transit using HTTPS / TLS.
- Meta (Facebook / Instagram) SDKs and pixels β the public website does not load the Meta Pixel, Conversions API, or any Meta SDK. If we later add any such feature to a campaign or an app, this Policy will be updated and an in-product notice shown before activation.
- Microsoft Store / Windows β any Auto X app distributed through the Microsoft Store collects only the information described in Sections 3 and 5 of this Policy; Microsoft separately collects standard installation, telemetry and diagnostic data in line with its own privacy statement.
- In-app permissions β any sensitive runtime permission an app requests (camera, photo library, location, contacts, notifications, etc.) is requested only at the moment the corresponding feature is used, with a plain-language explanation, and can be revoked at any time in the device settings.
15. Deleting your account and data
You can request deletion of your account and the personal information associated with it at any time by:
- Sending an email to info@autoxsupply.com with the subject line "Delete my account"; or
- Writing to the head-office address in Section 1.
We will confirm receipt within 7 days and complete the deletion within 30 days, except for information we must keep to meet a legal obligation (for example, invoicing, customs and tax records β see Section 9). Where data is retained for legal reasons, it is access-restricted and used only for that purpose.
16. Automated decision-making
We do not use solely-automated decision-making, including profiling, that produces legal effects concerning you or significantly affects you. Pricing, sourcing and credit decisions involve human review by our team.
17. Third-party links
The Service may link to third-party websites β for example a payment provider, a courier's tracking page or a partner manufacturer. Once you follow such a link, that third party becomes responsible for the data you share with them under their own privacy policy. We encourage you to review those policies before submitting personal information.
18. Changes to this Policy
We may update this Policy from time to time to reflect changes in the law, the Service or our practices. When we do, we will update the "Last updated" date at the top of this page and, where the change is material, we will give a more prominent notice (for example, a banner on the homepage or an email to registered users). Continued use of the Service after a change becomes effective constitutes acceptance of the updated Policy.
19. Contact us
Questions, comments, requests and complaints about this Policy or our handling of your personal information can be sent to:
- Email: info@autoxsupply.com
- Post: Auto X Supply — Head Office No. 327, Linghai Road, Lingshanwei Subdistrict, Huangdao District, Qingdao City, Shandong Province, Guangzhou, Guangdong Province, People's Republic of China
- Phone: +86 19053230545
If you are in the European Economic Area, the United Kingdom or Switzerland and we cannot resolve your concern, you have the right to complain to your local supervisory authority.