Privacy Policy

Last Updated: January 21, 2026

INTRODUCTION

This Privacy Policy describes how GuanDriving ("we", "us", or "our") collects, uses, and shares information about you when you use https://guandriving.com/ (the "Website").

By using our Website, you agree to the collection and use of information in accordance with this policy. We respect your privacy and are committed to protecting your personal data.

INFORMATION WE COLLECT

We collect the following types of information:

Usage Data: IP address, browser type, device information, pages visited, time spent on pages, and other diagnostic data collected automatically.

HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

To provide and maintain our Website
To notify you about changes to our Website or services
To provide customer support
To detect, prevent, and address technical issues
To analyze usage patterns and improve our Website

COOKIES AND TRACKING

We use cookies and similar tracking technologies to track activity on our Website and hold certain information.

Types of Cookies We Use:

Essential Cookies: Required for the Website to function properly. These cannot be disabled.
Preference Cookies: Remember your settings and preferences for a better experience.
Analytics Cookies: Help us understand how visitors interact with our Website. We use Google Analytics for this purpose.

We also use localStorage in your browser to save in-progress tasks and preferences. You can clear this in your browser settings.

Managing Cookies: You can instruct your browser to refuse all cookies or indicate when a cookie is being sent. However, some features of our Website may not function properly without cookies.

We may share your information with third parties in the following circumstances:

Service Providers: We share information with vendors who help us operate our Website and provide services.
Legal Requirements: We may disclose information if required by law or in response to valid legal requests.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred.
With Your Consent: We may share information for other purposes with your explicit consent.

We do not sell your personal information.

We do not sell or share personal information for cross-context behavioral advertising.

DATA SECURITY

We implement appropriate technical and organizational security measures to protect your personal information, including:

Encryption of data in transit using SSL/TLS
Secure storage of personal data
Regular security assessments
Access controls and authentication measures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

DATA RETENTION POLICY

We retain different categories of personal information for varying periods based on the purpose of collection, legal requirements, and legitimate business needs:

Retention Schedule:

Data Category	Retention Period	Justification
Account Information	Duration of account + 2 years	Service provision and legal claims
Transaction Records	7 years (legal requirement)	Tax and accounting requirements
Analytics Data	26 months	Service improvement
Marketing Data	Until consent withdrawn	Consent-based processing
Support Records	3 years after resolution	Quality assurance and dispute resolution

General Retention Policy: As long as necessary

Data Deletion: When personal information is no longer required for the purposes for which it was collected, we will:

Securely delete the information from our active systems
Remove it from backups within 90 days
Or anonymize the data so it can no longer identify you

Exceptions: We may retain certain information longer if required to:

Comply with legal obligations
Resolve disputes
Enforce our agreements
Protect against fraud or abuse

DATA BREACH NOTIFICATION

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

Notify affected individuals within 72 hours of becoming aware of the breach
Notify relevant supervisory authorities as required by applicable law (within 72 hours for GDPR)
Provide details about the nature of the breach, categories of data affected, and approximate number of individuals affected
Describe the likely consequences of the breach
Explain the measures taken or proposed to address the breach and mitigate potential adverse effects

We maintain incident response procedures to ensure timely detection, investigation, and response to potential data breaches.

DO NOT TRACK DISCLOSURE

Do Not Track ("DNT") is a privacy preference you can set in your browser. When you turn on DNT, your browser sends a signal to websites requesting that they do not track your browsing activity.

Currently, we do not respond to DNT signals. This is because there is no industry-standard interpretation of how to respond to DNT signals. We will update this policy if a standard is established.

Regardless of DNT settings, you can opt out of analytics tracking using the methods described in the Cookies section above.

If you are a resident of the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR):

Right to Access: Request copies of your personal data
Right to Rectification: Request correction of inaccurate or incomplete data
Right to Erasure: Request deletion of your personal data ("right to be forgotten")
Right to Restrict Processing: Request limitation of processing of your data
Right to Data Portability: Request transfer of your data to another organization
Right to Object: Object to processing of your personal data
Right to Withdraw Consent: Withdraw consent at any time where we rely on consent

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

Legal Basis for Processing: We process your data based on the following legal grounds:

Processing Purpose	Legal Basis
Account Creation & Management	Necessary for contract performance (GDPR Art. 6(1)(b))
Analytics & Service Improvement	Our legitimate business interests (GDPR Art. 6(1)(f))
Marketing Communications	Your explicit consent (GDPR Art. 6(1)(a))
Payment Processing	Necessary for contract performance (GDPR Art. 6(1)(b))
Security & Fraud Prevention	Our legitimate business interests (GDPR Art. 6(1)(f))
Customer Support	Necessary for contract performance (GDPR Art. 6(1)(b))
Personalization	Your explicit consent (GDPR Art. 6(1)(a))

Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates applicable law. You can find your local data protection authority at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

DATA SUBJECT REQUEST PROCEDURE

We have established the following procedure for exercising your data protection rights:

How to Submit a Request:

Send an email to [email protected] with the subject line "Data Subject Request"
Specify which right you wish to exercise (access, rectification, erasure, portability, etc.)
Provide sufficient information to verify your identity and locate your data

Required Information:

Your full name and contact details
The specific data or processing activity your request relates to
Any relevant account identifiers or reference numbers

Identity Verification: To protect your privacy, we may need to verify your identity before processing your request. This may include requesting government-issued identification or other verification methods.

Response Timeline:

We will acknowledge your request within 72 hours
We will respond substantively within 30 days of receipt
Complex requests may require an extension of up to 60 additional days, in which case we will notify you

Fees: We do not charge a fee for processing legitimate data subject requests. However, we reserve the right to charge a reasonable fee for manifestly unfounded or excessive requests.

Appeals: If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know: Request categories and specific pieces of personal information we collected
Right to Delete: Request deletion of your personal information (with legal exceptions)
Right to Correct: Request correction of inaccurate personal information
Right to Opt-Out of Sale/Sharing: Opt out of sale or sharing for cross-context behavioral advertising
Right to Non-Discrimination: We will not discriminate for exercising your rights

We do not sell or share personal information for cross-context behavioral advertising.

We do not collect sensitive personal information as defined by CPRA.

How to Exercise Your Rights: Submit a request to [email protected]. We will verify your identity and respond within 45 days.

Authorized Agents: You may designate an authorized agent to make a request on your behalf. We will require proof of authorization.

Categories of Personal Information Collected:

Internet activity

Purposes of Use:

Provide and maintain the Service
Analytics and service improvement
Security and fraud prevention
Customer support

ADDITIONAL STATE PRIVACY RIGHTS

STATE-SPECIFIC PRIVACY RIGHTS

We comply with the following state privacy laws:

Virginia - Virginia Consumer Data Protection Act (VCDPA) Effective: January 1, 2023

If you are a resident of Virginia, you have the following rights:

Right to Access
Right to Correct
Right to Delete
Right to Portability
Right to Opt-Out of Targeted Ads
Right to Opt-Out of Sale