Carmundo is the world's largest car community app. It connects car enthusiasts globally — letting you discover car meets and supercar events near you, create or join car clubs, and showcase your vehicles in a virtual garage. Available free on iOS and Android.

How do I find car meets near me?

Open Carmundo and navigate to the Events tab. The app uses your location to show nearby car meets, track days, Cars & Coffee events, supercar rallies, and cruise meetups. You can also search by city, club, or event type.

Can I create my own car club on Carmundo?

Yes! Carmundo lets you create car clubs with three privacy levels: Public (open to all), Referral (members invite members), and Invite Only (admin-controlled). Perfect for Ferrari owners clubs, JDM crews, BMW M groups, or local drift teams.

Is Carmundo free to download?

Yes, Carmundo is completely free to download on both iOS (App Store) and Android (Google Play). Join the global car community today.

What types of cars and events does Carmundo support?

Carmundo supports every type of car culture — from supercars and hypercars (Ferrari, Lamborghini, McLaren, Porsche) to JDM (Nissan GT-R, Toyota Supra), muscle cars (Mustang, Camaro, Hellcat), classics, electric vehicles, and custom builds. Events include car meets, track days, drift events, Cars & Coffee, supercar rallies, and cruise nights.

← Back to home

Privacy Policy

Carmundo — Global Car Community

Last updated: May 3, 2026

1. Introduction

Carmundo (“we,” “us,” “our”) operates the Carmundo mobile application (“the App”). This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our App.

We are committed to protecting your privacy and handling your data responsibly. By using the App, you consent to the data practices described in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

Category	Data	Purpose
Account Information	Email address, password (hashed), display name, username	Account creation and authentication
Profile Information	Bio, location (text), avatar photo, visibility settings	Personalizing your profile
Garage Data	Car make, model, year, color, photos, dream car designation	Showcasing your vehicles
Club Data	Club name, description, avatar, access level	Creating and managing communities
Event Data	Title, description, date/time, location, GPS coordinates, cover image	Organizing and discovering meetups
Posts & Media	Text content, images, videos	Sharing with the community
Comments & Reactions	Comment text, reaction type	Engaging with posts
Messages	Message content, conversation participants	Direct messaging
Notification Preferences	15 granular notification toggles	Customizing notifications
Language Preference	Preferred language code	Displaying the App in your language
Subscription Data	Subscription tier, purchase date, renewal date, entitlement status	Granting access to Carmundo Pro features
Paid Event Data	Event ticket purchase records, payment status, transaction reference	Processing and confirming ticket purchases

2.2 Information Collected Automatically

Category	Data	Purpose
Device Information	Device platform (iOS/Android), FCM push notification token	Delivering push notifications
Authentication Tokens	Session tokens, OAuth tokens	Maintaining your login session
Usage Data	Timestamps of account creation, post creation, profile updates	App functionality

2.3 Information from Third Parties

Source	Data	Purpose
Google Sign-In	Google account email, name, profile photo URL, Google ID	Account authentication
Apple Sign-In	Apple ID email (may be relay address), name, Apple user ID	Account authentication

2.4 Payment & Billing Data

When you purchase a Carmundo Pro subscription or a ticket to a paid event:

Subscriptions (Carmundo Pro): Purchases are processed through the Apple App Store or Google Play Store. We do not handle your payment card details directly. We receive confirmation of your subscription status and entitlements from RevenueCat, our subscription management provider. RevenueCat processes purchase receipts and stores your subscription history.
Paid Event Tickets: Ticket payments are processed by Stripe. Stripe collects and securely stores your payment card details. We receive only a transaction confirmation and payment status — we never store your full card number, CVC, or banking details on our servers.
What we store: Transaction IDs, purchase timestamps, subscription tier, payment status, and associated event or subscription reference. This is the minimum necessary to provide and verify access to paid features.

2.5 Location Data

Event locations: GPS coordinates (latitude/longitude) are collected when creating events to enable map-based discovery. This data is provided voluntarily by event creators.
Profile location: A text-based location field, entered manually by you. We do not automatically detect or collect your physical location for profile purposes.
Device location: The App may request access to your device's GPS to help you discover nearby events. Location access is optional and can be revoked at any time through your device settings.

3. How We Use Your Information

Purpose	Legal Basis (GDPR)
Providing and operating the App	Performance of contract
Creating and managing your account	Performance of contract
Enabling social features (following, messaging, clubs, events)	Performance of contract
Processing subscription purchases (Carmundo Pro)	Performance of contract
Processing paid event ticket purchases	Performance of contract
Verifying subscription entitlements and payment status	Performance of contract
Sending push notifications	Consent / Legitimate interest
Delivering messages from other users	Performance of contract
Displaying your public profile	Legitimate interest
Discovering events near your location	Consent
Improving the App and fixing issues	Legitimate interest
Enforcing our Terms and Conditions	Legitimate interest
Complying with legal obligations	Legal obligation

We do not use your information for:

Selling data to third parties
Behavioral advertising or ad profiling
Automated decision-making or profiling with legal effects

4. How We Share Your Information

4.1 Publicly Visible Information

Depending on your privacy settings, the following may be visible to other users:

Display name and username
Profile avatar and bio
Posts, comments, and reactions
Club memberships
Garage (if set to “public”)
Event participation

You control your profile visibility (public/private) and garage visibility (public/followers only) through the App's settings.

4.2 Third-Party Service Providers

Provider	Data Shared	Purpose
Supabase (backend)	All user data	Database hosting, authentication, file storage
Google Firebase (FCM)	Device token, notification payloads	Push notification delivery
Google (Sign-In)	Authentication tokens	Login via Google account
Apple (Sign-In)	Authentication tokens	Login via Apple account
Google Fonts	IP address (via HTTP request)	Loading typography
RevenueCat	Subscription purchase receipts, subscription status, user ID, platform	Subscription management and entitlement verification for Carmundo Pro
Stripe	Payment card details (collected and tokenized directly by Stripe), transaction IDs, payment status	Secure payment processing for paid event tickets

These providers process data on our behalf under their respective privacy policies and data processing agreements.

4.3 Other Disclosures

We may disclose your information:

When required by law, subpoena, or legal process
To protect the rights, safety, or property of Carmundo or its users
In connection with a merger, acquisition, or sale of assets (with notice to affected users)

We will never sell your personal data to third parties.

5. Data Storage and Security

5.1 Where Your Data Is Stored

Your data is stored in cloud infrastructure provided by Supabase. Data may be processed in data centers located in the European Union (eu-west-1, Ireland).

5.2 How We Protect Your Data

We implement the following security measures:

Encryption in transit: All data is transmitted over HTTPS/TLS
Row Level Security (RLS): Database-level access controls ensure users can only access data they are authorized to view
Password hashing: Passwords are hashed using industry-standard algorithms (managed by Supabase Auth)
Authentication tokens: Secure, time-limited JWT tokens for session management
Access controls: Private profiles, private clubs, and follower-only garages restrict data visibility

5.3 Data Breach Notification

In the event of a data breach that may compromise your personal information, we will:

Notify affected users within 72 hours (as required by GDPR)
Notify relevant supervisory authorities as required by law
Take immediate steps to contain and remediate the breach

6. Data Retention

Data Type	Retention Period
Account data	Until you delete your account
Posts, comments, reactions	Until you delete them or your account
Messages	Until you delete them (copies may remain in the other participant's history)
Event data	Until the event is deleted by the organizer
Club data	Until the club is deleted by the owner
Device tokens (FCM)	Updated on each app launch; deleted on account deletion
Notification preferences	Until you change them or delete your account
Subscription records	Retained for 7 years from the last transaction date for financial and legal compliance
Payment transaction records (Stripe)	Retained for 7 years from transaction date for legal, tax, and dispute resolution purposes

After account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

7. Your Rights

7.1 Rights Under GDPR (for EU/EEA Users)

Right	Description
Access	Request a copy of all personal data we hold about you
Rectification	Request correction of inaccurate personal data
Erasure	Request deletion of your personal data
Restriction	Request restriction of processing of your personal data
Portability	Request your data in a structured, machine-readable format
Objection	Object to processing based on legitimate interest
Withdraw Consent	Withdraw consent for processing based on consent at any time

7.2 Rights Under CCPA (for California Users)

California residents have the right to:

Know what personal information we collect, use, and disclose
Request deletion of personal information
Opt out of the sale of personal information (we do not sell personal data)
Non-discrimination for exercising privacy rights

7.3 How to Exercise Your Rights

To exercise any of these rights, you may:

Use the account deletion feature in the App (Settings → Delete Account)
Contact us at support@carmundo.app

We will respond to verified requests within 30 days.

8. Children's Privacy

The App is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16.

If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@carmundo.app.

9. Cookies and Local Storage

The App does not use browser cookies. However, we use:

Technology	Purpose
Shared Preferences	Storing your app settings locally (theme, language, onboarding)
Cached Network Images	Caching images for faster loading
Secure Storage	Storing authentication tokens securely

This data remains on your device and is not transmitted to our servers.

10. Push Notifications

We use Firebase Cloud Messaging (FCM) to send push notifications. When you grant notification permissions:

A device token is generated and stored on our servers
We use this token to send you relevant notifications about activity (likes, comments, follows, messages, events, clubs)
You can customize which notifications you receive through the App's notification settings
You can disable push notifications at any time through your device's system settings

Your device token is updated each time you open the App and is deleted when you delete your account.

11. International Data Transfers

If you are located outside the region where our servers are hosted, your personal data may be transferred to and processed in a different country. We ensure that any such transfers comply with applicable data protection laws, including:

Standard Contractual Clauses (SCCs) where required
Adequacy decisions by relevant authorities
Other appropriate safeguards

12. Third-Party Links

The App may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services before providing them with your personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes:

We will update the “Last updated” date at the top of this document
We may notify you through the App or via email
Continued use of the App after changes constitutes acceptance

We encourage you to review this Privacy Policy periodically.

14. Data Protection Officer

If you have questions or concerns about our data practices, you may contact our Data Protection Officer at support@carmundo.app.

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: support@carmundo.app

16. Supervisory Authority

If you are located in the EU/EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.