Privacy Policy

Last Updated: February 17, 2026

Welcome to Tags Clinic! We are committed to protecting your privacy and safeguarding your personal information. This Privacy Policy explains how Tags Clinic ("we," "us," or "our") collects, uses, stores, shares, and protects your data when you use our services, including our website, in-person services, "Book Now" appointment scheduling (where offered by a location), and check-in feature (collectively, "the Services"). We operate as an authorized partner with the California Department of Motor Vehicles (DMV) and comply with applicable privacy laws, including the Driver's Privacy Protection Act (DPPA), the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and the General Data Protection Regulation (GDPR) where applicable.

This Privacy Policy provides a comprehensive description of our online and offline practices regarding the collection, use, sharing, and sale of consumers' personal information. We do not sell your personal information as defined under the CCPA.

Driver's Privacy Protection Act (DPPA)

Your personal information and motor vehicle records are protected under the Driver's Privacy Protection Act (18 U.S.C. § 2721–2725). We collect and use driver's license and motor vehicle information solely for the purpose of providing DMV registration and related services. We do not disclose this information to third parties except as required by law or as necessary to complete the services you request (e.g., transmission to the California DMV or our authorized service providers who assist in providing those services).

1. Information We Collect

We collect information to provide, manage, and improve the Services, fulfill legal obligations, and ensure compliance with DMV regulations. At or before the point of collection, we provide notice of the categories of personal information we collect and the purposes for which it is used. The types of information we collect include:

1.1 Personal Information

Personal information refers to data that identifies, relates to, or could reasonably be linked with you or your household. We collect the following categories:

• Identifiers: Such as name (including first and last names of owners, co-owners, third owners, previous owners, and commanding officers), email address, phone number, driver's license number, government-issued ID details, unique identifiers (e.g., customer ID, unique keys), and account numbers (e.g., Certifix account number, token number).
• Personal Records: Such as address details (including street, city, state, zip, county for owners, co-owners, mailing, lienholders, previous owners, and garaged locations), business name and phone, military details (e.g., branch, duty station, unit, LSR state, other country), family relationships, and purchase details (e.g., source, price, dates, gift market value).
• Protected Classification Characteristics: Such as military status or family relationships (e.g., parent, child, spouse).
• Commercial Information: Records of services requested, vehicles owned or serviced (e.g., VIN, plate number, year, make, model, body type, mileage, fuel type, registration expiration, plate state, number of doors, smog vehicle type, emissions codes, test group), purchase history, and financial transaction details.
• Biometric Information: Fingerprints collected in-person at our location for Live Scan services, processed by our third-party provider, Certifix, on our behalf using the Certifix machine. This is not related to our online presence and is not stored in our Supabase database. For details on Certifix's privacy practices and your rights, please refer to their privacy policy at certifixlivescan.com/privacy-policy.html. We do not collect or store fingerprints directly through our website or systems.
• Internet or Network Activity: Device information, browser type, pages visited, and time spent on our website (if applicable).
• Geolocation Data: Inferred from addresses provided, but not precise geolocation.
• Sensory Data: Optional uploaded images (e.g., pictures of registration cards, the front and back of a title, and emission labels that are often on the driver's side of the car). We do not ask for passport photos or anything else online.
• Professional or Employment Information: Company details, commanding officer information.
• Sensitive Personal Information: Driver's license number, financial information (e.g., payment details), and biometric data (fingerprints processed by Certifix for Live Scan services).
• Inferences: Derived from the above, such as service preferences or vehicle ownership patterns.

Specific collection points include:

• Book Now and Leads: When using appointment scheduling (e.g., via Calendly or other booking tools used by your location) or lead-generation forms, we collect identifiers (name, email, phone, VIN, plate), referral source, message, and service requested.
• Check-In Feature: Our check-in flow includes: (1) Capture Driver License / ID — we capture ID information via barcode scanner (PDF417 on the back of the ID) or magnetic stripe reader (MSR). We do not use AI or OCR on ID images; we do not store photographs of your ID. You may choose "Proceed Manually" if you do not have your ID present. (2) Capture Registration or Title — depending on the service (e.g., renewals require registration card; transfers require title document), we collect uploads of your registration card and/or title (front and back), or you may indicate you will provide them at the counter. (3) Review & Confirm — you review the information collected. (4) Legal Acknowledgment & Consent — you acknowledge our DPPA notice, consent to the collection and use of your information for DMV services, agree to this Privacy Policy and our Terms, and provide your electronic signature (recorded with timestamp and context). We also collect detailed personal and vehicle information as needed: owner/co-owner/third owner details (names, phones, driver's licenses, addresses, ownership types), company info, vehicle specifics (VIN, plate, year, make, model, body type, mileage, fuel type, registration expiration, plate state, number of doors), lienholder info, mailing/garaged addresses, military details, purchase info, uploads (registration card, title front/back, emissions label), smog vehicle type, emissions codes, queue status, assigned representative, and location.
• In-Person Services: For services like Live Scan fingerprinting (via Certifix), notary public, or passport photos, we or our third-party providers collect government-issued ID details, fingerprints (by Certifix), photographs, and other legally required identifiers.
• Payment and Invoices: We generate estimates and invoices in-house. Payment may be taken in person via a point-of-sale system (e.g., Clover or another POS used by the location) or online via Stripe or other payment processors, depending on the location. At some locations, payment is collected by that location using its own POS or payment processor; we are not responsible for those locations' payment practices or for any payment-related disputes. We create and update invoice details (number, subtotal, discount, fees, total, payment method, job blocks, split payments), and whether fees are paid.
• Customer and Vehicle Management: Ongoing data such as customer notes, vehicle ownership records (acquired/sold dates), vehicle documents (type, file URL), ban status, and last check-in time.

1.2 Service-Related Information

• Details about requested services, such as registration renewals, title transfers, vehicle inspections (VIN verification, Uber/Lyft), permits (trip, moving), citation payments, and additional notes or reasons (e.g., add RDF reason).

1.3 Usage Data

• Website Interactions: Device information, browser type, pages visited, and time spent (if applicable). We do not collect IP addresses or use analytics tools to track user behavior. We may record an IP address in connection with your legal consent at check-in for compliance and audit purposes. We use this data to make our services faster for customers (inputting data into our AVRS system to complete DMV services such as renewals, transfers, etc.). We use existing customer data to autofill checkins information when our employees do checkins, making the checkin process faster for us. We use invoice data to visualize revenue generation and breakdown from revenue sources (how much was earned from cash, check, zelle, etc.) for data visualization. If we decide to use analytics or any other usages, we will update this policy.

ID Capture (No OCR)

We capture driver's license / ID information during check-in using barcode scanning (PDF417 barcode on the back of your ID) or magnetic stripe reader (MSR) only. We do not use AI, OCR, or any image-based recognition on your ID for legal and compliance reasons. Only the text data extracted from the barcode or magnetic stripe (e.g., name, address, license number) is used to pre-fill the check-in form. We do not store photographs or images of your ID. If you do not have your ID present, you may choose to proceed manually and enter your information by hand. We do not use ID data for marketing.

1.4 Cookies and Tracking Technologies

• We use cookies to manage your consent preferences:
  • localConsent: This cookie stores your consent choice for our Privacy Policy. It is set when you click "Accept" or "Close" on the consent banner to prevent it from reappearing on subsequent visits. The cookie expires after 30 days.
  • policyVersion: This cookie tracks the version of the Privacy Policy you have consented to (e.g., version "2026-02-17"). It ensures the consent banner reappears if the policy is updated, requiring you to review and consent to the new version. The cookie expires after 30 days.
• We also use necessary cookies for the operation of the service, including for authentication, location preference, and user interface preferences where applicable.
• We currently do not use cookies or similar tracking technologies for analytics or personalization. If we implement such technologies in the future, we will update this policy and provide notice as required.

We collect only the information necessary for the Services and limit collection to what is required.

2. How We Use Your Information

We use your information for the following purposes:

• To provide and manage the Services (e.g., process registrations, schedule appointments, handle check-ins, generate invoices, manage queues).
• To communicate with you about requests, appointments, payments, or updates.
• To verify identity and comply with California DMV regulations and other legal requirements.
• To record your legal acknowledgment and consent (including electronic signature, timestamp, and context) for compliance with the California Uniform Electronic Transactions Act (UETA) and the federal ESIGN Act.
• To improve Services through feedback and internal notes.
• To process payments and financial transactions.
• To send promotional offers or updates (with your consent, where required).
• To detect, prevent, and address fraud, security issues, or technical problems.
• To comply with legal obligations, including DMV reporting and audits.
• To create de-identified or aggregated data for internal analysis.

We process sensitive personal information, including biometric data collected by Certifix, only for purposes permitted under applicable laws, such as providing requested services or complying with regulations.

3. How We Share Your Information

We do not sell your personal information or share it for cross-context behavioral advertising. We may disclose your information to:

• Service Providers: Third parties that process data on our behalf, such as Calendly or other booking tools (appointments, where used by a location), Clover or other in-person POS providers, Stripe (online payments, where offered), Certifix (Live Scan fingerprinting), Supabase (database hosting), and Google (document and file storage, e.g., for registration cards, titles, IDs, and audit scans). These providers are contractually obligated to use data only for the Services and maintain confidentiality.
• California DMV and Government Entities: To fulfill vehicle-related services as an authorized partner, including sharing vehicle and owner details for registrations, titles, and inspections.
• Legal Authorities: When required by law, subpoena, or to protect our rights, safety, or property.
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, where your information may be transferred.
• Other Parties with Consent: As directed by you.

We share the following categories of personal information with service providers and government entities: identifiers, personal records, commercial information, biometric information (fingerprints processed by Certifix for Live Scan), and sensitive personal information (as necessary for services).

4. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your data, including encryption, secure servers, access controls, and regular security assessments. For example, payment information is handled via PCI DSS-compliant processors, and fingerprint data for Live Scan is managed securely by Certifix. We follow FTC guidelines, such as collecting only necessary data, securely disposing of information when no longer needed, and maintaining an information security program. However, no system is entirely secure, and we cannot guarantee absolute protection against unauthorized access.

In the event of a data breach involving personal information, we will notify affected individuals and authorities as required by law.

5. Your Rights

You have rights regarding your personal information under applicable laws.

5.1 California Residents (CCPA Rights)

If you are a California resident, you have the following rights regarding your personal information collected in the past 12 months:

• Right to Know: Request categories and specific pieces of personal information collected, sources, purposes, and categories shared with third parties.
• Right to Delete: Request deletion of your personal information, subject to exceptions (e.g., legal obligations).
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: Opt-out of the sale or sharing of your personal information (we do not sell or share for behavioral advertising).
• Right to Limit Use of Sensitive Personal Information: Limit use to necessary purposes, such as providing Services.
• Right to Non-Discrimination: We will not discriminate against you for exercising these rights.

To exercise these rights, submit a verifiable request via:

• Email: admin@tagsclinic.com
• Address: Tags Clinic, 3845 University Ave, San Diego, CA 92105

We will respond within 45 days (extendable to 90 days) and may require verification of your identity. You may authorize an agent to act on your behalf with proper authorization.

5.2 EU Residents (GDPR Rights)

If GDPR applies (e.g., you are in the EU/EEA and we process your data), you have rights to access, rectify, erase, restrict processing, object to processing, data portability, and withdraw consent. Our legal basis for processing includes contract performance (for Services), legal obligations (DMV compliance), and legitimate interests (improving Services). Contact us at admin@tagsclinic.com to exercise rights. You may also complain to a supervisory authority.

5.3 General Rights

All users may opt-out of promotional communications by following unsubscribe instructions or contacting us.

6. Data Retention

We retain your data only as long as necessary for the purposes described or to comply with legal obligations (e.g., DMV record-keeping requirements for VINs and service records, which may be several years). Fingerprint data collected by Certifix for Live Scan services is managed according to their retention policies and applicable regulations. When no longer needed, we securely delete or anonymize data in accordance with the FTC Disposal Rule.

7. Third-Party Links

Our website may link to third-party sites (e.g., California DMV, Certifix). We are not responsible for their privacy practices. Review their policies separately.

8. Children's Privacy

Our Services are not intended for individuals under 16. We do not knowingly collect data from children. If we learn of such collection, we will delete it.

9. International Users

If accessing Services from outside the U.S., your data may be transferred to and processed in the U.S., where laws differ. By using the Services, you consent to this transfer. For EU users, we ensure adequate safeguards (e.g., Standard Contractual Clauses) if GDPR applies.

10. Changes to This Policy

We may update this Policy periodically. Changes will be posted here with an updated "Last Updated" date. Continued use constitutes acceptance.

11. Contact Us

For questions, concerns, or rights requests:

• Email: admin@tagsclinic.com
• Address: Tags Clinic, 3845 University Ave, San Diego, CA 92105
• Phone: (619) 255-5555
• Legal Center: For privacy policy, terms, and other legal documents in one place, visit our Legal Center.

For CCPA-specific inquiries, use the methods in Section 5.1.