Privacy Policy

Last Updated: August 28, 2025

Welcome to Tags Clinic! We are committed to protecting your privacy and safeguarding your personal information. This Privacy Policy explains how Tags Clinic ("we," "us," or "our") collects, uses, stores, shares, and protects your data when you use our services, including our website, in-person services, "Book Now" appointment system, "Get in Line" service, and check-in feature (collectively, "the Services"). We operate as an authorized partner with the California Department of Motor Vehicles (DMV) and comply with applicable privacy laws, including the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and the General Data Protection Regulation (GDPR) where applicable.

This Privacy Policy provides a comprehensive description of our online and offline practices regarding the collection, use, sharing, and sale of consumers' personal information. We do not sell your personal information as defined under the CCPA.

1. Information We Collect

We collect information to provide, manage, and improve the Services, fulfill legal obligations, and ensure compliance with DMV regulations. At or before the point of collection, we provide notice of the categories of personal information we collect and the purposes for which it is used. The types of information we collect include:

1.1 Personal Information

Personal information refers to data that identifies, relates to, or could reasonably be linked with you or your household. We collect the following categories:

• Identifiers: Such as name (including first and last names of owners, co-owners, third owners, previous owners, and commanding officers), email address, phone number, driver's license number, government-issued ID details, unique identifiers (e.g., customer ID, unique keys), and account numbers (e.g., Certifix account number, token number).
• Personal Records: Such as address details (including street, city, state, zip, county for owners, co-owners, mailing, lienholders, previous owners, and garaged locations), company name and phone number, military details (e.g., branch, duty station, unit, LSR state, other country), family relationships, and purchase details (e.g., source, price, dates, gift market value).
• Protected Classification Characteristics: Such as military status or family relationships (e.g., parent, child, spouse).
• Commercial Information: Records of services requested, vehicles owned or serviced (e.g., VIN, plate number, year, make, model, body type, mileage, fuel type, registration expiration, plate state, number of doors, smog vehicle type, emissions codes, test group), purchase history, and financial transaction details.
• Biometric Information: Fingerprints collected in-person at our location for Live Scan services, processed by our third-party provider, Certifix, on our behalf using the Certifix machine. This is not related to our online presence and is not stored in our Supabase database. For details on Certifix's privacy practices and your rights, please refer to their privacy policy at certifixlivescan.com/privacy-policy.html. We do not collect or store fingerprints directly through our website or systems.
• Internet or Network Activity: Device information, browser type, pages visited, and time spent on our website (if applicable).
• Geolocation Data: Inferred from addresses provided, but not precise geolocation.
• Sensory Data: Optional uploaded images (e.g., pictures of registration cards, the front and back of a title, and emission labels that are often on the driver's side of the car). We do not ask for passport photos or anything else online.
• Professional or Employment Information: Company details, commanding officer information.
• Sensitive Personal Information: Driver's license number, financial information (e.g., payment details), and biometric data (fingerprints processed by Certifix for Live Scan services).
• Inferences: Derived from the above, such as service preferences or vehicle ownership patterns.

Specific collection points include:

• Get in Line, Book Now, and Leads Services: When using online forms, appointment scheduling, or lead generation, we collect identifiers (name, email, phone, VIN, plate), referral source, message, and service requested.
• Check-In Feature: During check-in for services, we collect detailed personal and vehicle information, including owner/co-owner/third owner details (names, phones, driver's licenses, addresses, ownership types), company info, vehicle specifics (VIN, plate, year, make, model, body type, mileage, fuel type, registration expiration, plate state, number of doors), lienholder info, mailing/garaged addresses, military details (branch, duty station, unit, LSR state, other country, commanding officer name/phone), purchase info (source, relationship, value, dates, state registered, title number), uploads (registration card, title front/back, emissions label), smog vehicle type, emissions codes, queue status, assigned representative, and location.
• In-Person Services: For services like Live Scan fingerprinting (via Certifix), notary public, or passport photos, we or our third-party providers collect government-issued ID details, fingerprints (by Certifix), photographs, and other legally required identifiers.
• Payment and Invoices: We generate estimates and invoices in-house using our software, and we take payment inside our locations using point-of-sales (Clover). We create and update invoice details (number, subtotal, discount, fees, total, payment method, job blocks, split payments), and whether fees are paid.
• Customer and Vehicle Management: Ongoing data such as customer notes, vehicle ownership records (acquired/sold dates), vehicle documents (type, file URL), ban status, and last check-in time.

1.2 Service-Related Information

• Details about requested services, such as registration renewals, title transfers, vehicle inspections (VIN verification, Uber/Lyft), permits (trip, moving), citation payments, and additional notes or reasons (e.g., add RDF reason).

1.3 Usage Data

• Website Interactions: Device information, browser type, pages visited, and time spent (if applicable). We do not collect IP addresses or use analytics tools to track user behavior. We use this data to make our services faster for customers (inputting data into our AVRS system to complete DMV services such as renewals, transfers, etc.). We use existing customer data to autofill checkins information when our employees do checkins, making the checkin process faster for us. We use invoice data to visualize revenue generation and breakdown from revenue sources (how much was earned from cash, check, zelle, etc.) for data visualization. If we decide to use analytics or any other usages, we will update this policy.

1.4 Cookies and Tracking Technologies

• We currently do not use cookies or similar tracking technologies for analytics or personalization. If we implement such technologies in the future, we will update this policy and provide notice as required.

We collect only the information necessary for the Services and limit collection to what is required.

2. How We Use Your Information

We use your information for the following purposes:

• To provide and manage the Services (e.g., process registrations, schedule appointments, handle check-ins, generate invoices, manage queues).
• To communicate with you about requests, appointments, payments, or updates.
• To verify identity and comply with California DMV regulations and other legal requirements.
• To improve Services through feedback and internal notes.
• To process payments and financial transactions.
• To send promotional offers or updates (with your consent, where required).
• To detect, prevent, and address fraud, security issues, or technical problems.
• To comply with legal obligations, including DMV reporting and audits.
• To create de-identified or aggregated data for internal analysis.

We process sensitive personal information, including biometric data collected by Certifix, only for purposes permitted under applicable laws, such as providing requested services or complying with regulations.

3. How We Share Your Information

We do not sell your personal information or share it for cross-context behavioral advertising. We may disclose your information to:

• Service Providers: Third parties that process data on our behalf, such as Calendly (appointments), Clover (payments), Certifix (Live Scan fingerprinting), and Supabase (database hosting). These providers are contractually obligated to use data only for the Services and maintain confidentiality.
• California DMV and Government Entities: To fulfill vehicle-related services as an authorized partner, including sharing vehicle and owner details for registrations, titles, and inspections.
• Legal Authorities: When required by law, subpoena, or to protect our rights, safety, or property.
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, where your information may be transferred.
• Other Parties with Consent: As directed by you.

We share the following categories of personal information with service providers and government entities: identifiers, personal records, commercial information, biometric information (fingerprints processed by Certifix for Live Scan), and sensitive personal information (as necessary for services).

4. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your data, including encryption, secure servers, access controls, and regular security assessments. For example, payment information is handled via PCI DSS-compliant processors, and fingerprint data for Live Scan is managed securely by Certifix. We follow FTC guidelines, such as collecting only necessary data, securely disposing of information when no longer needed, and maintaining an information security program. However, no system is entirely secure, and we cannot guarantee absolute protection against unauthorized access.

In the event of a data breach involving personal information, we will notify affected individuals and authorities as required by law.

5. Your Rights

You have rights regarding your personal information under applicable laws.

5.1 California Residents (CCPA Rights)

If you are a California resident, you have the following rights regarding your personal information collected in the past 12 months:

• Right to Know: Request categories and specific pieces of personal information collected, sources, purposes, and categories shared with third parties.
• Right to Delete: Request deletion of your personal information, subject to exceptions (e.g., legal obligations).
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: Opt-out of the sale or sharing of your personal information (we do not sell or share for behavioral advertising).
• Right to Limit Use of Sensitive Personal Information: Limit use to necessary purposes, such as providing Services.
• Right to Non-Discrimination: We will not discriminate against you for exercising these rights.

To exercise these rights, submit a verifiable request via:

• Email: admin@tagsclinic.com
• Address: Tags Clinic, 3845 University Ave, San Diego, CA 92105

We will respond within 45 days (extendable to 90 days) and may require verification of your identity. You may authorize an agent to act on your behalf with proper authorization.

5.2 EU Residents (GDPR Rights)

If GDPR applies (e.g., you are in the EU/EEA and we process your data), you have rights to access, rectify, erase, restrict processing, object to processing, data portability, and withdraw consent. Our legal basis for processing includes contract performance (for Services), legal obligations (DMV compliance), and legitimate interests (improving Services). Contact us at admin@tagsclinic.com to exercise rights. You may also complain to a supervisory authority.

5.3 General Rights

All users may opt-out of promotional communications by following unsubscribe instructions or contacting us.

6. Data Retention

We retain your data only as long as necessary for the purposes described or to comply with legal obligations (e.g., DMV record-keeping requirements for VINs and service records, which may be several years). Fingerprint data collected by Certifix for Live Scan services is managed according to their retention policies and applicable regulations. When no longer needed, we securely delete or anonymize data in accordance with the FTC Disposal Rule.

7. Third-Party Links

Our website may link to third-party sites (e.g., California DMV, Certifix). We are not responsible for their privacy practices. Review their policies separately.

8. Children’s Privacy

Our Services are not intended for individuals under 16. We do not knowingly collect data from children. If we learn of such collection, we will delete it.

9. International Users

If accessing Services from outside the U.S., your data may be transferred to and processed in the U.S., where laws differ. By using the Services, you consent to this transfer. For EU users, we ensure adequate safeguards (e.g., Standard Contractual Clauses) if GDPR applies.

10. Changes to This Policy

We may update this Policy periodically. Changes will be posted here with an updated "Last Updated" date. Continued use constitutes acceptance.

11. Contact Us

For questions, concerns, or rights requests:

• Email: admin@tagsclinic.com
• Address: Tags Clinic, 3845 University Ave, San Diego, CA 92105
• Phone: (619) 255-5555

For CCPA-specific inquiries, use the methods in Section 5.1.