← Back to MTQ Now
🛡️ Security & Privacy
How we protect your data, your customers' data, and your business.
🔒 HTTPS Encrypted
🗑️ Zero PII Retention
🔐 SOC 2 Roadmap
📋 CCPA Compliant
🛡️ Patent Pending
Our Promise: Your Content Can't Be Traced Back to You.
MTQ Now uses a privacy architecture similar to how payment processors protect credit card numbers. Your write-ups are stored anonymously — separated from your identity — so even if our database were accessed, no one could connect a specific write-up to a specific user, shop, or vehicle. Your customers' names, addresses, VINs, and personal information never live on our servers.
How Your Data Flows
Here's exactly what happens when you use MTQ Now:
| Step | What Happens | Data Retained? |
|---|
| 1. You input notes | Typed, spoken, or scanned — your input is captured on YOUR device | On your device only |
| 2. You hit Generate | Your notes are sent encrypted (HTTPS) to our AI processing engine | In transit only — not stored |
| 3. AI generates write-up | Our AI transforms your input into a professional document. The AI provider does not retain your data. | Processing only — then purged |
| 4. You get the result | The finished write-up is saved to your account history under an anonymous ID | Anonymous — not linked to your identity in storage |
| 5. After generation | Your raw input notes are discarded. Only the finished output is kept for your history. | Raw input: ❌ deleted | Output: anonymous storage |
Identity-Content Separation
How We Protect Write-Up Content — The Credit Card Model
Just as payment processors separate your card number from your name, MTQ Now separates your write-up content from your identity. Write-ups are stored under random anonymous IDs with no email, name, shop, or user reference in the record. A separate, encrypted index lets YOU access your own history — but the write-up records themselves contain zero identifying information. This means:
- 🔒Database access ≠ user identification. Even with full database access, write-up content cannot be connected to a specific user, shop, or vehicle.
- ⚖️Subpoena-resistant by design. A legal request for "all write-ups by Shop X" cannot be fulfilled from the write-up store alone — the content records don't contain that information.
- 🗑️Raw input is never stored. Your rough voice notes and typed input are used to generate the write-up, then permanently deleted. Only the finished professional output is retained.
- 🤖AI provider retains nothing. We explicitly instruct our AI processing engine (OpenAI) not to store or retain any request data. Your content is processed and immediately discarded by the AI.
What We Keep
- 📊Anonymous usage counts — how many write-ups generated (no content, no PII)
- 📋Your write-up history — stored under anonymous IDs so you can access past outputs. No raw input, no PII, no user identity in the record.
- 💬Suggestions you submit — only what you voluntarily tell us in the suggestion box
- 🐛Error logs — if something breaks, we log the error (never your content)
- 🔥Heatmap data — anonymous click/scroll patterns via Microsoft Clarity (no PII)
What We NEVER Do
- 🚫Sell your data. Not to advertisers. Not to data brokers. Not to anyone. Ever.
- 🚫Store customer PII. Customer names, phone numbers, addresses, VINs, and emails are never stored in write-up records.
- 🚫Store your raw input. Voice notes, typed notes, and scanned documents are processed and immediately deleted. Only the finished output is kept.
- 🚫Link write-ups to identities in storage. Write-up records contain zero user-identifying information. The connection between you and your write-ups exists only in an encrypted index.
- 🚫Let AI providers retain your data. We use OpenAI's zero-retention API mode. Your content is processed and immediately purged from their systems.
- 🚫Train AI on your identifiable data. We may use anonymized patterns to improve output quality, but never with customer names, VINs, or other identifiers.
- 🚫Share data with OEMs, dealer groups, or third parties without valid legal process (i.e., a court order). And even then, our architecture means write-up content cannot be traced to specific users.
For Shop Owners & Service Managers
Your Shop's Data Stays Your Shop's Data.
MTQ Now is designed so your technicians can create better documentation without your shop's sensitive information ever being stored on external servers. Here's what that means for you:
- ✅Customer records stay in your DMS — MTQ Now never stores them
- ✅No customer PII is retained after write-up generation
- ✅Voice recording and OCR processing happen on-device, not in the cloud
- ✅HTTPS encryption on all data in transit
- ✅No integration with your DMS means no access to your DMS data
- ✅Techs copy output to clipboard — nothing is pushed into your systems without your control
For OEMs & Dealer Groups
We Don't Touch Your Dealer Data.
MTQ Now operates independently from dealer management systems. We have zero access to:
- 🔒VIN databases or customer ownership records
- 🔒Warranty claim systems or manufacturer portals
- 🔒DMS inventory, billing, or financial data
- 🔒Employee records or performance metrics
MTQ Now simply helps technicians write better. The output is text that the technician copies into their existing workflow. No API connections. No data extraction. No backdoors.
Litigation & Data Discovery
What Happens If Someone Subpoenas Us?
Short answer: There's nothing to find.
Because we don't retain input data, voice recordings, scanned documents, or generated write-ups on our servers, a subpoena directed at MTQ Now would produce only:
- 📄Account information (email, subscription status) — if the user created an account
- 📊Anonymous usage logs (timestamps, document type counts — no content)
- ❌No customer names, no VINs, no repair details, no write-up content
This protects you, your customers, and your business. We designed it this way on purpose.
Technical Security Measures
| Measure | Status |
|---|
| HTTPS/TLS encryption (all traffic) | ✅ Active |
| Identity-content separation (anonymous write-up storage) | ✅ Active |
| Zero PII in write-up records | ✅ Active |
| Raw input deletion after generation | ✅ Active |
| AI provider zero-retention mode (store: false) | ✅ Active |
| Client-side voice processing (Web Speech API) | ✅ Active |
| Client-side OCR (Tesseract.js — runs in your browser) | ✅ Active |
| CORS origin locking (mtqnow.com only) | ✅ Active |
| Login brute-force protection | ✅ Active |
| HttpOnly/Secure/SameSite cookies | ✅ Active |
| API rate limiting | ✅ Active |
| SOC 2 Type I compliance | 📋 Roadmap |
| Penetration testing | 📋 Roadmap |
| Data Processing Agreement (enterprise) | 📋 Roadmap |
Need to show this to your IT team?
Download our security one-pager or request a technical review. We're happy to answer any questions from your IT, compliance, or legal team.
Contact Security Team
Questions?
For security or privacy questions: security@mtqnow.com
For general privacy requests: contact.us@mtqnow.com
Read our full Privacy Policy and Terms of Service.
© 2026 L Emquitee LLC d/b/a MTQ Now™. All rights reserved. Patent pending.