Privacy Policy

Last updated: 15 May 2026

This Privacy Policy describes how PlaidCars (the “Service”) processes personal data of visitors to plaidcars.com. It is aligned with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) and reflects current operational practice. We update it when the Service evolves.

1. Who we are

PlaidCars is an independent vertical meta-search and market-intelligence service for Tesla and EV listings in the United Arab Emirates. We are not affiliated with Tesla, Inc. or with any of the marketplaces referenced by the Service.

For purposes of this policy, the data controller is the operator of plaidcars.com. The contact channel for all privacy-related correspondence is our X (formerly Twitter) account: x.com/plaidcars.

2. What personal data we process

2.1 From you, the visitor

  • Technical data — IP address (and derived approximate location), browser user-agent, request timestamp, pages requested, referrer URL. Processed for Service operation, abuse prevention, and aggregated analytics. We do not link technical data to your identity.
  • Behaviour analytics — we use SiteBehaviour, a third-party behaviour-analytics tool with infrastructure in Frankfurt, Germany, to record aggregated and pseudonymised interaction signals: page views, click positions, scroll depth, and session events. SiteBehaviour writes its own first-party cookies to maintain session continuity. We have configured SiteBehaviour with IP truncation enabled. See §7 for cookie details and your opt-out.
  • Saved-search alerts — if you subscribe to email alerts via a “More like this” form on a vehicle page, we store: the email address you submit, the filter criteria you saved, a confirmation token, and an unsubscribe token. We send transactional email through Postmark (a US-headquartered email-delivery service). The email address and tokens are deleted on unsubscribe.
  • Voluntary correspondence — if you contact us via X (direct message or @-mention), the X platform’s own privacy practices apply to that channel. Any operational notes we make as a result of correspondence are kept under the retention rules in §5.

2.2 Third-party listing data

The Service references publicly available listings from third-party marketplaces. In the course of that referencing we process:

  • Business data — names of dealers and showrooms. This is not personal data under PDPL where the dealer is a registered business entity.
  • Factual vehicle and listing data — see the Data & Attribution Policy, §3. This data is about vehicles, not people.
  • Incidental personal data — where a listing is published by a private individual, the source platform may display that individual’s first name or similar identifier. We redact such identifiers at the public-view layer and display “Private seller” instead. We do not display private sellers’ phone numbers, email addresses, or messaging handles under any circumstances.

2.3 What we explicitly do not process

We do not collect government identifiers (Emirates ID numbers, passport numbers), financial account details, health data, or data related to protected personal characteristics. If such data is incidentally captured within a listing description or image observed from a source platform, it is excluded from our structured storage and never displayed publicly.

3. Legal basis for processing (PDPL Article 5)

  • Service operation and security — legitimate interest of operating a usable, non-abused website.
  • Analytics — legitimate interest; data is aggregated and pseudonymised.
  • Alert subscriptions — explicit consent via the double opt-in flow.
  • Aggregation of publicly available listings — legitimate interest in providing market-information services, balanced by the privacy protections described in §2.2 and §2.3.

4. How we use personal data

For operating and improving the Service, responding to enquiries, complying with UAE law, enforcing the Terms of Use, and — with your consent — sending you saved-search alert digests. We do not sell personal data. We do not share personal data with advertisers beyond aggregated analytics signals.

5. Data retention

  • Technical / analytics data — retained for 12 months, then aggregated or deleted.
  • Saved-search alerts — retained for the life of the subscription. Hard-deleted on unsubscribe.
  • Operational correspondence — retained for 24 months after the last related contact.
  • Third-party listing data — structured fact records are retained indefinitely for market-history purposes; expressive text and raw-observation blobs are retained in internal storage only and expired 90 days after a listing’s last observation.

6. Your rights

Under the PDPL and applicable law, you have the right to access the personal data we hold about you, correct it, have it erased where grounds exist, object to processing, restrict processing, and request data portability where applicable. To exercise these rights, message us via x.com/plaidcars. We respond within 30 days.

If you are a private seller whose listing on a third-party marketplace is referenced by PlaidCars and you wish to have that reference removed, see the Takedown & Removal Request Policy.

7. Cookies and tracking

The Service writes the following first-party cookies:

  • WordPress session — set only if you have a logged-in account on plaidcars.com. Public visitors do not receive WP login cookies.
  • SiteBehaviour — first-party behaviour-analytics cookies (no third-party trackers). Maintain visit continuity so heatmaps reflect coherent sessions. No personally identifying content is stored in these cookies.

To opt out of SiteBehaviour for this device, block first-party cookies for plaidcars.com in your browser settings, or use a “Do Not Track” / privacy-mode setting that signals analytics opt-out. We do not use Google Analytics, Facebook Pixel, or comparable ad-network trackers.

8. International transfers

Where your data is processed outside the UAE we rely on the vendor’s published safeguards and contractual arrangements consistent with the PDPL. Current sub-processors:

  • Cloudflare (United States; edge points worldwide) — content delivery, DDoS protection. Processes request metadata and routes traffic.
  • SiteBehaviour (infrastructure in Frankfurt, Germany) — behaviour analytics.
  • Postmark (United States) — transactional email delivery for saved-search alerts. Used only when you actively subscribe.
  • Web hosting — our hosting provider; we apply contractual safeguards consistent with PDPL.

A current list of material sub-processors is available on request via x.com/plaidcars.

9. Security

We apply technical and organisational security measures appropriate to the scale of the Service, including HTTPS in transit, access controls, regular dependency patching, and minimal data retention. No system is perfectly secure; in the event of a personal-data breach that poses a risk to you, we will notify you and the UAE Data Office as required by law.

10. Changes

We update this policy as the Service evolves. Material changes are flagged on this page (the “Last updated” date above), and where appropriate are notified to subscribers of saved-search alerts.

11. Contact

For privacy questions, requests under §6, or comments on this policy: x.com/plaidcars.

Listing data referenced from third-party UAE marketplaces · Sources & data policy

Scroll to Top