DuckDecode

Privacy Policy

Last updated: March 4, 2026

1. Information We Collect

VIN queries: When you decode a VIN, we process the VIN through the NHTSA API. We may log VIN queries for service improvement and rate limiting purposes. VINs are not personally identifiable information on their own.

Account information: If you create an account, we collect your email address and payment information (processed securely by Stripe).

Usage data: We collect anonymous usage analytics through Google Analytics, including pages visited, time on site, and general geographic region. This data is used to improve the Service.

Email subscriptions: If you subscribe to our email list, we store your email address with our email service provider to send product updates.

2. How We Use Your Information

  • To provide and maintain the VIN decoding Service
  • To process payments for paid subscriptions
  • To enforce rate limits on the free tier
  • To send product updates (only if you opted in)
  • To improve the Service through anonymous analytics

3. Third-Party Services

We use the following third-party services:

  • NHTSA vPIC API — Vehicle data provider (U.S. government)
  • Google Analytics — Anonymous usage analytics
  • Stripe — Payment processing (for paid plans)
  • Vercel — Hosting and infrastructure

We may display links to third-party services such as vehicle history report providers. These links may contain affiliate tracking parameters. Clicking these links is optional and subject to the third party's own privacy policy.

4. Cookies

We use essential cookies for authentication (if you have an account) and analytics cookies through Google Analytics. You can disable cookies in your browser settings, though this may affect Service functionality.

5. Data Retention

VIN query logs are retained for up to 90 days. Account information is retained as long as your account is active. You may request deletion of your account and associated data at any time by contacting support@duckdecode.com.

6. Data Security

We use industry-standard security measures including HTTPS encryption, secure payment processing through Stripe, and access controls on our infrastructure. No method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

7. Your Rights

You have the right to access, correct, or delete your personal data. To exercise these rights, contact support@duckdecode.com. If you are in the EU, you have additional rights under GDPR including the right to data portability and the right to lodge a complaint with a supervisory authority.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email.

9. Contact

For privacy-related inquiries, contact us at support@duckdecode.com.