Privacy Policy

Last Updated: February 2026

The Short Version

We don't have your data. Period. VINorNOT uses a Bring Your Own Key (BYOK) architecture. Your phone talks directly to the AI provider (Groq) and the NHTSA federal database. There is no VINorNOT server — just static code hosted on Cloudflare's CDN. We have no database, no user accounts, and no way to see what you scan.

How VINorNOT Works

Understanding our architecture is the best way to understand our privacy. Here's exactly what happens when you use VINorNOT:

Your Phone → Groq AI (api.groq.com) → Your Phone
Your Phone → NHTSA (vpic.nhtsa.dot.gov) → Your Phone
Your Phone → VINorNOT Servers → Groq / NHTSA

You provide your own free Groq API key (from console.groq.com/keys) for AI-powered scanning
Your browser captures an image of the VIN using your phone's camera
Your browser sends the image directly to Groq's API at api.groq.com using your personal API key to decode the VIN
Your browser queries the NHTSA federal database at vpic.nhtsa.dot.gov — this is a free, public government API that requires no key
Your browser displays the combined results: vehicle details, recalls, complaints, and AI analysis

There is no VINorNOT server. The website is a static page hosted on Cloudflare's CDN — it delivers the code that runs in your browser, and that's it. No backend, no API, no database.

What We Collect

Data Type	Collected?	Details
VIN images	No	Sent directly from your browser to Groq. We never receive them.
VIN numbers	No	Sent directly from your browser to NHTSA and Groq. We never see them.
Scan results	No	Returned from Groq and NHTSA directly to your browser. We never see them.
API keys	No	Stored in your browser's local storage only. Sent only to Groq.
Vehicle history	No	All vehicle data stays between your browser, Groq, and NHTSA.
User accounts	No	There are no accounts. No login, no registration, no email.
Usage analytics	No	No tracking pixels, no analytics scripts, no cookies.

Your API Key

Your Groq API key is stored exclusively in your browser's local storage — the same mechanism websites use to remember your preferences. It is:

Never transmitted to VINorNOT — it goes only to api.groq.com
Never visible to us — we have no mechanism to read your browser's local storage
Deletable at any time — use the "Remove Key" button in settings, or clear your browser data
Your property — it's your Groq account, your key, your usage

Third-Party Services

Groq (AI Provider)

When you scan a VIN or run an AI-powered vehicle analysis, your browser sends data directly to Groq's API. This is governed by your own relationship with Groq — you signed up for your own API key and agreed to their terms. Groq's privacy policy applies to how they handle your API requests.

VINorNOT has no partnership, data-sharing agreement, or business relationship with Groq. You use their API independently.

NHTSA (National Highway Traffic Safety Administration)

Your browser queries the NHTSA Vehicle API at vpic.nhtsa.dot.gov to decode VIN data, check recalls, and look up safety complaints. This is a free, public federal API — no API key is needed. NHTSA does not require registration or authentication to use their vehicle data services. Their data is public information maintained by the U.S. Department of Transportation.

NHTSA Privacy Policy

Cloudflare (Hosting)

VINorNOT is hosted on Cloudflare Pages. When you load the site, Cloudflare's CDN serves the static files. Like any CDN, Cloudflare may log basic access data (IP address, page requested, timestamp) as part of normal operations. This is standard web infrastructure — Cloudflare does not receive any VIN data, API keys, or scan results. Those go directly from your browser to Groq and NHTSA.

Google Fonts

We use Google Fonts for typography. Google may collect basic connection data (IP address) when fonts are loaded. No personal information is shared.

Verify It Yourself

We encourage you to verify our privacy claims independently. Here's how:

Open VINorNOT in your browser
Open Developer Tools (F12 or right-click → Inspect)
Go to the Network tab
Perform a scan
Look at every network request — you'll see requests only to api.groq.com, vpic.nhtsa.dot.gov, and fonts.googleapis.com

If you see any request going to a VINorNOT server with scan data, please report it — because that would be a bug, not a feature.

Data Breaches

In the event of a data breach, your scan data would not be affected because we don't have it. There is no database to breach, no VIN history to leak, and no user records to expose. The only thing hosted is the static website code itself — on Cloudflare's CDN, not a private server.

Children's Privacy

VINorNOT does not knowingly collect any data from anyone, including children. Since no personal data is collected or stored anywhere, COPPA compliance is inherent to our architecture.

Changes to This Policy

If we change our architecture in a way that affects data flow (for example, if we ever add a backend server or route data through any server we control), we will update this policy prominently and clearly explain what changed and why.

Contact Us

Questions about privacy? Reach out:

Discord: Join our Discord

The Bottom Line

We can't sell what we don't have. We can't leak what we don't store. We can't share what we never see. That's not a promise — it's our architecture.