Your vehicle’s OBD2 data is more personal than most people realize. A VIN decodes to your exact vehicle. GPS data shows where you drive. Diagnostic patterns reveal how you maintain your car. Combined, this data paints an intimate picture — and in the wrong hands, it’s a liability.
Most OBD2 apps treat privacy as a legal page you never read. We built it into the architecture.
The problem with “trust us” privacy
When an app says “we don’t sell your data,” that’s a policy statement. Policies change. Companies get acquired. Databases get breached. A promise is only as strong as the code that enforces it.
We wanted to make a stronger guarantee: your personally identifiable information never reaches our AI engine. Not because of a policy — because the system physically cannot send it.
How de-identification works in FaultFinder
FaultFinder uses a two-layer de-identification architecture. Each layer is independently sufficient. Both run on every diagnostic request.
Layer 1 — On your phone. Before any diagnostic data leaves your device, the FaultFinder app strips:
- Your VIN
- Your GPS location
- Your account identifier
- Any other PII attached to the scan
What remains: vehicle year, make, model, a fuzzed mileage bucket, and anonymous sensor readings (DTCs, freeze frames, PIDs).
Layer 2 — On our servers. Before the data reaches our AI engine for diagnosis, a second de-identification pass runs on our backend. This strips:
- Any account ID that survived Layer 1 (defense in depth)
- Mileage is fuzzed to the nearest 5,000 miles
- IP address metadata is removed from the request context
The AI sees: a 2019 Honda Accord with approximately 65,000 miles, these DTCs, these freeze frame conditions, and these PID readings. It does not know who you are, where you are, or which specific vehicle this is.
Zero Data Retention with our AI provider
We use Anthropic’s Claude for diagnostic reasoning, under a Zero Data Retention (ZDR) agreement. This means:
- Your diagnostic data is processed and immediately discarded
- It is never stored by Anthropic
- It is never used to train their models
- There are no AI-provider logs containing your vehicle data
ZDR is a contractual and technical guarantee, not just a checkbox.
Your VIN stays encrypted
Your VIN is stored in our database — encrypted — for exactly one purpose: checking the NHTSA recall database for active recalls on your specific vehicle. This is a public safety feature.
The VIN is decrypted only for that lookup, which hits the free NHTSA API. It is never sent to any AI provider, never included in diagnostic requests, and never shared with third parties.
No third-party analytics on your vehicle data
The FaultFinder landing page and app do not use third-party analytics services, ad trackers, or tag managers on vehicle diagnostic data. We measure product quality through in-app ratings (“useful / not useful”) and aggregate, anonymized metrics.
We don’t need to know who you are to know if our diagnoses are good. We just need to know if they’re right.
Why this matters
The OBD2 data market is real. Vehicle telematics data is sold to insurers, advertisers, and data brokers. Some apps you’ve probably used have privacy policies that allow exactly this.
We think that’s wrong. Your diagnostic data should help you fix your car — not become someone else’s revenue stream.
Want to see how this works in practice? Join the waitlist and be among the first to try FaultFinder.