Legal information

Privacy Policy

How Million Miles USA collects and processes personal data.

Version: 2026-05-26Last updated: May 26, 2026

Controller and contact

Million Miles USA is the operator responsible for this website in the context of United States and Florida-oriented operations. Contact: millionmiles.pr@gmail.com; +1 (786) 607-0777; 2750 NE 183rd St, 804, Aventura, FL 33160.

This notice describes our privacy practices in line with FTC privacy and data-security expectations, and CCPA/CPRA notices where they apply.

Data we collect

Account data: email, username, country, phone, optional social handles, gender and birth date where provided.

Service data: favorite cars, catalog interactions, requests, support conversations, IP address, user-agent, locale, mirror domain and technical logs.

Cookie data: necessary session data, preference cookies, analytics events and support/chat identifiers.

Legal bases and consent

We process account and request data because it is needed to provide the service you ask us to provide, including registration, email verification, saved cars, support and vehicle requests.

We process technical logs, abuse signals and security events to protect users, prevent fraud, maintain service availability and investigate incidents.

When a consent checkbox or cookie banner is shown, we store the fact of acceptance with the document version, site key, locale, timestamp and technical request data so we can prove which terms were accepted.

Purposes and processors

We use data to create accounts, verify email, secure access, save cars, respond to requests, maintain the catalog, prevent abuse and improve the service.

Processors may include hosting and infrastructure providers, SMTP/email delivery, Keycloak authentication, analytics, Chatwoot support, S3-compatible storage, database and logging services.

Sharing and transfers

We do not sell account registration data. We may share data with processors, infrastructure providers, support tools, professional advisors and authorities when this is necessary for service delivery, security, compliance or dispute handling.

Because the website, email delivery, support tools and storage can rely on providers located in different countries, personal data may be transferred or accessed outside your country of residence. We use reasonable contractual, technical and organizational safeguards for those transfers.

Security

We use access controls, encrypted transport where available, isolated service credentials, backups and operational monitoring to reduce the risk of unauthorized access or loss.

No internet service can guarantee absolute security. If we detect a security incident that affects your data, we will take appropriate steps based on the nature of the incident and applicable requirements.

Retention and rights

We keep account data while the account is active and retain operational logs only as long as needed for security, compliance and dispute handling.

US customers can contact us about access, deletion, correction and marketing preferences.

Children and sensitive data

The website is not intended for children or for users who cannot lawfully enter into account terms in their jurisdiction. Do not create an account if you are not allowed to use this type of service.

Please do not send sensitive documents or unnecessary personal data through chat or forms unless our team specifically requests them for a defined service purpose.