Privacy Policy

MQBau and Related Products

Effective date: 1 June 2026
Last updated: 1 June 2026

---

1. Who we are

This app and service (“MQBau Suite”, the “App”, “we”, “us”, “our”) are operated by MQBau Engineering, a sole trader based in Australia.

Website: https://mqb.au
Contact: privacy@mqb.au

We are the data controller responsible for your personal information described in this policy. This policy explains what information we collect when you use the App and our backend services at api.mqb.au and app.mqb.au, how we use it, who we share it with, and the choices and rights you have.

2. Scope

This policy applies to:

• The MQBau Suite iOS application;
• Our web portal at app.mqb.au;
• Our API at api.mqb.au.

It does not apply to third-party services we link to or rely on (for example Stripe’s payment pages), which are governed by their own privacy policies (see Section 7).

3. Information we collect

3.1 Information you provide

• Email address — at sign-up/sign-in; used for authentication, account management, and transactional communication.
• Name (first / last) — at sign-up and profile editing; used to identify your account and personalise the App.
• Username — at sign-up; your public-facing identity for tuner/client features.
• Password — at sign-up/sign-in; stored only as a salted hash, never in plain text.
• Profile photo / avatar — if you choose to upload one; used to display your profile.
• Vehicle information — when you add a vehicle: VIN, year, make, model, modifications, and any service history you record.
• Tuner/client pairings — when you request or accept a pairing; used to link tuners and vehicle owners so tunes can be shared.
• Comments, reactions, and other content — when you post them; used to operate community and tuning features.

3.2 Information collected automatically

• User ID — generated on account creation to link your activity to your account.
• Product interaction / usage analytics — via our in-app analytics SDK (PostHog), to understand feature usage, diagnose issues, and improve the App.
• Session replays — via PostHog, to reproduce user journeys and fix bugs (see Section 3.4).
• Device & app context — collected with analytics events: app version, build number, iOS version, device model, locale, network type, and in-app mode/settings.
• Diagnostic & flashing activity metadata — for example ECU type, whether a flash was full or calibration-only, and timestamps; used for support, analytics, and your activity history.

We do not use the Advertising Identifier (IDFA), and we do not track you across other companies’ apps or websites for advertising. Our App Store privacy declaration and our bundled Apple Privacy Manifest reflect this (tracking: No).

3.3 Vehicle and ECU data

When you connect to a vehicle through a supported Bluetooth (BLE) adapter, the App communicates directly between your iPhone/iPad and the vehicle’s control units over Bluetooth to perform diagnostics, logging, and flashing.

• Tune files (.bin / .frf) are held in memory only and are never written to your device’s persistent storage by the App.
• Data read from the vehicle (such as part numbers, calibration versions, and diagnostic trouble codes) may be sent to our servers to provide features like ECU identification, tune matching, and your activity history.
• Live logging data (CSV) is stored locally on your device in the App’s documents area and is only uploaded if you explicitly choose to share or upload it.

3.4 Session replay

We use session replay (via PostHog) to record interactions within the App (taps, navigation, and screen content) to help us reproduce and fix problems. Session replay is configured to mask sensitive input fields such as passwords. Payment card details are entered on Stripe’s pages outside the App and are not captured by the App.

3.5 Payment information

When you purchase a VIN unlock, tuner onboarding, or subscription, payment is processed by Stripe on Stripe-hosted pages. We do not receive or store your full payment card number. We receive limited transaction metadata (such as payment status, amount, and a transaction identifier) to grant entitlements and show your payment history.

4. How we use your information

We use the information described above to:

• Create and manage your account and authenticate you;
• Provide the App’s core features: vehicle profiles, diagnostics, logging, flashing, tuner/client pairing, and tune access;
• Process payments and grant the entitlements you have purchased;
• Maintain your activity history (flashes, logs, downloads, comments);
• Provide customer support and respond to your requests;
• Monitor, debug, secure, and improve the App and our services through analytics and session replay;
• Detect, prevent, and address fraud, abuse, security, and technical issues;
• Comply with legal obligations and enforce our terms.

Legal bases (where GDPR / UK GDPR applies)

• Performance of a contract — to provide the App and services you sign up for;
• Legitimate interests — to secure, analyse, and improve our services (balanced against your rights);
• Consent — where required, for example for certain analytics; you may withdraw consent at any time (see Section 9);
• Legal obligation — where we must retain or disclose information by law.

5. Analytics and your choices

We use PostHog (hosted in the United States) for product analytics and session replay.

You can opt out of analytics and session replay at any time in the App by turning off Settings → “Share usage data”. When this is turned off, the App stops sending analytics and session-replay data.

6. How we share your information

We do not sell your personal information. We share it only as follows:

• Service providers / processors — to run the service on our behalf (e.g. cloud hosting, analytics, payments — see Section 7).
• Other users — limited profile information (such as username, display name, avatar) is visible to users you interact with, for example tuners and clients you are paired with.
• Tuners you pair with — vehicle and tune-related information necessary to provide tuning services to your vehicle.
• Legal / safety — where required by law, regulation, legal process, or to protect rights, safety, and property.
• Business transfers — in connection with a merger, acquisition, or sale of assets, subject to this policy.

7. Third-party services (sub-processors)

We rely on the following third parties. Each has its own privacy policy:

• Stripe — payment processing — https://stripe.com/privacy
• PostHog — product analytics & session replay (United States) — https://posthog.com/privacy
• Cloudflare — backend & file hosting for api.mqb.au — https://www.cloudflare.com/privacypolicy/
• Apple — app distribution & device platform — https://www.apple.com/legal/privacy/

8. International data transfers

We are based in Australia, and some of our service providers process information in other countries, including the United States (PostHog) and other locations where Cloudflare and our providers operate. Where personal information is transferred internationally, we rely on our providers’ safeguards, such as Standard Contractual Clauses or equivalent mechanisms, to protect it consistently with this policy and applicable law.

9. Your rights and choices

Depending on where you live, you may have the right to:

• Access the personal information we hold about you;
• Correct inaccurate or incomplete information;
• Delete your account and associated personal information;
• Object to or restrict certain processing;
• Port your data to another service;
• Withdraw consent where processing is based on consent;
• Opt out of analytics and session replay (Section 5).

Account deletion: You can delete your account directly in the App under Account → “Delete Account”. This permanently deletes your account, vehicles, entitlements, and tune history from our active systems, subject to the retention exceptions in Section 10.

To exercise any of these rights, contact us at privacy@mqb.au. We will respond within the timeframe required by applicable law. You also have the right to lodge a complaint with your local data protection authority (in Australia, the Office of the Australian Information Commissioner).

10. Data retention

We retain your personal information for as long as your account is active or as needed to provide the App and services. After you delete your account, we delete or anonymise your personal information, except where we must retain certain records to:

• Comply with legal, tax, or accounting obligations (for example, payment records);
• Resolve disputes and enforce our agreements;
• Maintain security and prevent fraud.

Where we retain limited records for these purposes, we keep them only for as long as reasonably necessary and then delete or anonymise them.

11. Security

We use technical and organisational measures designed to protect your information, including encryption in transit (HTTPS/TLS), hashed password storage, and access controls. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

12. Children’s privacy

The App is intended for users aged 18 and over, and we do not knowingly collect personal information from anyone under 18. If you believe someone under 18 has provided us with personal information, contact us at privacy@mqb.au and we will delete it.

13. Region-specific disclosures

13.1 Australia (Privacy Act 1988 / Australian Privacy Principles)

We handle personal information in accordance with the Australian Privacy Principles. You may contact us to access or correct your information, or to make a complaint. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).

13.2 European Economic Area / United Kingdom (GDPR / UK GDPR)

The legal bases in Section 4 apply. For data protection matters, contact us at privacy@mqb.au.

13.3 California (CCPA / CPRA)

We do not sell or share personal information as defined under the CPRA. California residents may exercise the rights described in Section 9.

14. Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you in the App or by email. Your continued use of the App after changes take effect constitutes acceptance of the updated policy.

15. Contact us

If you have questions, requests, or complaints about this policy or your personal information, contact:

MQBau Engineering
Email: privacy@mqb.au
Website: https://mqb.au