Vehicle Privacy Notice

Updated: July 26, 2024

This Privacy Notice explains how Subaru of America, Inc. (“SOA” or “we”) processes data collected by vehicles manufactured by Subaru Corporation. 

The processing of data depends on the features and functions that are provided with the vehicle and what services you choose to activate. Please refer to your owner’s manual for an explanation of vehicle features or functions and the STARLINK Terms and Conditions for a complete explanation of our optional STARLINK telematics service.

You may change certain data collection settings in the MySubaru app under “My Profile” or on the MySubaru website. To stop all vehicle data collection by SOA, you will need to cancel your STARLINK subscription.

This privacy notice does not apply to processing of personal information collected by SOA from authorized Subaru dealerships (“retailers”) or other sources outside the vehicle. This notice supplements the general Consumer Privacy Policy.

Solterra Customers: This privacy notice does not apply to the Solterra Connect telematics services provided with the Subaru Solterra. The Solterra Connect terms of use and privacy policy can be found by clicking these links: Solterra Connect's Terms of Use and Privacy Policy.

Here is a basic summary of the data collected by your vehicle:

  • Certain vehicle data such as diagnostic alerts, geolocation, and vehicle commands and settings, are collected and sent to SOA only if the vehicle is enabled with STARLINK and the vehicle is associated with an active STARLINK subscription service. SOA does not sell the vehicle’s geolocation data to third parties.
  • SOA does not and cannot remotely collect information from the vehicle's on-board multimedia system (even if the vehicle is associated with an active STARLINK subscription). We do not know collect information about the radio stations you listen to, the locations you inputted into navigation, whether Apple CarPlay or Android Auto are being used, or any driver profiles set up in the vehicle. This information remains stored on vehicle systems and can be deleted at any time by performing a factory reset.

Below is a more detailed description of how we and your vehicle process personal information, which is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked directly or indirectly to you or your household.

STARLINK Telematics Services

All STARLINK-equipped vehicles are assigned unique Integrated Circuit Card Identification Number (“ICCID”), International Mobile Equipment Identity (“IMEI”), Mobile Station International Subscriber Directory Number (“MSISDN”), and International Mobile Subscriber Identity (“IMSI”) numbers. These numbers allow the vehicles to communicate with the cellular network. SOA and its service providers use these numbers to provide the services to you and for quality assurance purposes. If you are unsure whether your vehicle is equipped with STARLINK telematics, please contact us at 1-800-782-2783 or Subaru.com/contactus for further information.

SOA does not collect any vehicle-generated data unless the vehicle is associated with an active STARLINK subscription service. To sign up for the STARLINK service, you must have a MySubaru account.

After your MySubaru account is activated, we collect automatically through the vehicle the information set forth below which is associated with the vehicle’s vehicle identification number (VIN). That VIN can be associated with the STARLINK subscriber and authorized MySubaru account holders.

You may change the settings of certain data collection in the MySubaru app under “My Profile.” You can also stop Subaru’s collection of this information if you cancel the STARLINK subscription.

We collect the following information automatically through STARLINK:

  • User Initiated Commands
    • MySubaru Remote Commands. We collect the date and time when a MySubaru user initiates any vehicle command, such as remote start, climate control presets, lock doors, unlock doors, locate vehicle, and horns and lights. We collect precise geolocation data only when the locate vehicle command is initiated to deliver that service to you.
      • This information is used to support the STARLINK services, to create the usage report available for you to access in MySubaru, improve our products, and for research, development, and analysis.
      • It is shared with service providers and SOA affiliates so they can assist with troubleshooting and make determinations regarding improvements in the design or product.
      • Precise geolocation that is collected in association with locate vehicle requests is retained for one year.
    • Driver alert settings. Data collected to support boundary alerts (i.e., precise geolocation data), speed alerts (i.e., speed), and curfew alerts (i.e., time) is collected only when activated by a MySubaru user. Geolocation data is collected to support boundary alerts.
      • This information is used to support the STARLINK services, to create the usage report available for your access in MySubaru, and to make improvements in the overall design or function of our products.
      • It is only shared with service providers.
      • This information is retained for one year.
    • SOS Emergency Assistance and Enhanced Roadside Assistance. When the driver or a passenger of a vehicle presses the in-vehicle SOS button or the blue i-button, we will collect the name of the person speaking with the dispatcher, a recording of the conversation, and the vehicle’s precise geolocation. Depending on the nature of the conversation with the dispatcher, the recorded conversation may include your or other passenger’s identity and/or health information (e.g., medical conditions).
      • This information is used to support the STARLINK services, dispatch emergency or roadside service to the vehicle and its occupants; to create the usage report available for your access in MySubaru; and make improvements in the overall design or function of our products.
      • It is only shared with service providers and first responders or roadside assistance organizations if necessary to provide assistance.
      • Call recordings are retained for one year. All other information is retained for two years.
    • Stolen Vehicle Recovery. We will collect the vehicle’s precise geolocation if you report your vehicle stolen to the police and then initiate the Stolen Vehicle Recovery service. For more details on how to initiate Stolen Vehicle Recovery please visit our STARLINK Terms and Conditions.
      • This information is used to retrieve your vehicle.
      • It is shared with service providers and law enforcement.
      • This information is retained for two years.
    • Drive Data Recorder (“DDR”). The DDR may be used to monitor vehicle operational statuses under certain conditions. It may also collect geolocation data. This data may be retained by SOA, our affiliates, parent company, and service providers for quality assurance purposes, defect analysis, service and mechanical analysis, future general product improvements, and research and development.
  • Vehicle-triggered events.
    • Diagnostic and maintenance alerts. When a diagnostic code is triggered (i.e., check engine light), we collect the date, time, and precise geolocation of the event and the diagnostic code. Some alerts may trigger the collection of additional information from electronic control units.
      • This information is used to support the STARLINK services, to create your vehicle’s Monthly Health Report, which is sent to you each month and provides an update on your vehicle condition (tire pressures, odometer, fuel consumption) and the number of diagnostic alerts (if any) that were triggered over the preceding month, and to improve our products.
      • It is shared with service providers and is shared with our affiliates and parent corporation for quality assurance purposes, to improve overall occupant and vehicle safety, and for product analysis and research purposes.
      • The diagnostic code is shared with your preferred retailer so they can follow up with you on the relevant service issue. To opt out of sharing this vehicle data with retailers, please click here.
      • This information is retained for two years.
    • Automatic Collision Notification and Assistance and Minimum Risk Maneuver. When we receive an emergency signal from your vehicle, an alert that the driver may no longer be responsive, or when airbags are deployed, we collect the date, time, and precise geolocation of the event. In addition, when we attempt to verify the emergency, we record the phone conversation with the occupants of the vehicle.
      • This information is used to support STARLINK services, to dispatch emergency or roadside service to the vehicle and its occupants, and for future general improvements of our products.
      • It is shared with service providers to assist with the emergency response and first responders. In addition, this information is shared with our affiliates and parent corporation for quality assurance services, to improve occupant and vehicle safety, and for product analysis and research purposes.
      • Call recordings are retained for one year. All other information is retained for two years.
  • Ignition Off/On Data. We collect vehicle data at ignition off and ignition on events. This data includes precise geolocation, vehicle diagnostics (e.g., odometer, tire pressure, fuel, battery data), and vehicle status (e.g., seatbelt, door, windows). You can stop the collection of geolocation data at ignition off/on events by going to the MySubaru App and clicking on STARLINK Connected Services or by submitting a Right to be Forgotten Request by clicking here.
    • This information is used to provide the requested STARLINK services and create the vehicle monthly health report that is delivered to you via email. Further, after the data is aggregated and/or anonymized, it is used to improve our products and to support internal research, development, and data analytics, including inventory management and market analysis.
    • This information is shared with service providers, our affiliates, and our parent company for quality assurance services, to improve overall occupant and vehicle safety, and for product analysis and research purposes.
    • We share daily odometer data with LexisNexis. LexisNexis will not share your odometer information unless and until you have opted into such sharing with your insurance provider. Subject to such authorization, LexisNexis will share the odometer data with your insurance provider who may analyze the data to make inferences regarding the driving acuity of the vehicle’s drivers and use it for assessing whether you are eligible for insurance coverage and/or to determine your premium. The insurance company will then use your information pursuant to its privacy notice, including using your contact information to market its services to you. The odometer data is tied to the VIN and not to a specific driver. To opt out of sharing odometer data with LexisNexis please click here.
    • We retain this information for one year. After one year, the VIN is pseudonymized at which point it is retained for seven years. We use the pseudonymized data to provide aggregate reporting for product planning and research and development.

On-board Vehicle Data

Subaru vehicles collect certain data locally, which remains within the vehicle unless you provide a separate signed authorization for SOA or its retailers to access it. SOA will not remotely collect this information even if you subscribe to STARLINK. We encourage you to perform a factory reset to delete this information before selling or otherwise disposing of your vehicle. For complete information on Factory Data Reset please review the Owner’s Manual.

Unless otherwise noted, the information collected by the features below can be accessed only by Subaru or its retailers using Subaru’s propriety technology that plugs directly into the vehicle and only after receiving a separate signed consent from you. Independent repair and collision shops may also be able to access some of this information. SOA has no control over these independent shops. If going to an independent repair shop, please make sure to request a disclosure and consent form.

Please note that the availability of these features may vary depending on model and trim.

  • DriverFocus Driver Monitoring System (DMS). The DMS system will collect information in two instances: (1) creating a user profile or (2) identifying a potential distracted driver situation. Both scenarios are user activated and optional and opting into one does not require you to opt into the other.
    • User Profile. The DMS can collect personal identifiers (name information) if a driver chooses to create a user profile and enter a name. This is used to identify the driver’s preferred seat and mirror preferences. A driver can delete a profile at any time. If the driver chooses to create a profile, a driver-facing camera scans your face to create a computer-generated code linked to certain facial features. This data is not readable by humans and is used only to verify your identity to load the saved profile. User profile information is stored within the vehicle until it is deleted and SOA does not have access to it.
    • Distracted Driver Warnings. DMS collects data to warn drivers if they appear distracted or drowsy. This data does not leave the vehicle and is deleted when the vehicle is turned off. Drivers can disable the DMS distracted driver warnings at any time unless they have certain advanced driving assistance features activated, such as Lane Centering Assist.
  • EyeSight. Subaru’s EyeSight system will record images outside the vehicle upon the triggering of automatic emergency braking or sudden braking, which, depending on the situation, may contain a still image of persons outside the vehicle. This data remains in the vehicle and is collected only by Subaru after obtaining the vehicle owner’s separate signed written consent when a vehicle inspection will be performed.
  • Event Data Recorder (“EDR”). EDR collects certain vehicle data, such as speed, steering input, and brake and accelerator application, for a five-second period preceding certain collision or near-collision events. The collection of this information is required by federal law. EDR data is stored locally on the vehicle and it can be accessed locally by Subaru only upon a separate written consent signed by the vehicle owner. EDR data can also be accessed locally by parties not affiliated with Subaru by using third-party technology.
  • In-vehicle navigation. Subaru’s optional in-vehicle navigation system is powered by TomTom. It stores location and trip data, and that data also remains solely within the vehicle. Drivers can disable in-vehicle navigation and delete historical trips at any time through the vehicle’s head unit. TomTom does not receive VIN-specific information. If you have enrolled in Subaru Live Traffic, our service provider collects precise geolocation that is tied to an anonymized VIN so it can provide Subaru Live Traffic services to you. SOA does not collect any of this data.
  • Bluetooth calling, Apple CarPlay and Android Auto. Data used to support Bluetooth calling, Apple CarPlay or Android Auto stay solely within the vehicle. This data is accessible only to the driver and occupants and only if the vehicle is paired with a phone. Drivers can delete phone profiles at any time, which will delete any data stored in the vehicle associated with that phone. Please review the terms and conditions and privacy policies for Apple CarPlay and Android Auto for information on how those third parties collect and process your data.

Vehicle Data Transmitted to Third-Party Infotainment Application Providers

Subaru also partners with third parties to provide infotainment applications to the vehicle owner. These relationships do not involve the sharing of STARLINK telematics data.

  •  SiriusXM. When you purchase a new vehicle, Subaru provides SiriusXM with your name, VIN, address, and email address so it can provide you with a free trial of satellite radio. Subaru also provides this same information to SiriusXM if you purchase a used vehicle and request a free SiriusXM trial from us. Depending on your version of SiriusXM, SiriusXM will collect certain trip information, including location data, and will use it for its own purposes as set forth in SiriusXM’s privacy notice and terms of use, which can be found here. You can change certain settings by going to your SiriusXM settings in the vehicle. Subaru does not have access to any vehicle data collected by SiriusXM. To exercise your privacy rights with SiriusXM please click here.
  • AT&T Wi-Fi Hotspot. If your vehicle includes a Wi-Fi hotspot, the activation of the hotspot requires separate enrollment with AT&T. Subaru does not collect any data transmitted through the activated AT&T Wi-Fi hotspot. The data collected by these services are subject to AT&T’s terms of service and privacy policies.

Data Retention

In addition to the retention periods disclosed in the sections above, we use the following criteria to determine whether it remains reasonably necessary to retain your personal information for one or more disclosed operational purposes, or a service provider or contractor’s operational purpose(s): (i) whether there is a retention period required by law; (ii) the existence of actual or threatened litigation for which we are required to preserve the information; (iii) the statutes of limitations for potential legal claims; and (iv) generally accepted best practices in our industry, including those related to safety and security of our properties and assets. When we determine that it is no longer reasonably necessary to retain your personal information for one or more disclosed operational purposes based on the above criteria, we will delete it.


Security

In providing Subaru STARLINK services to you, your voice and data are transmitted between our response centers and your vehicle over a cellular telephone network. This network is complex and not necessarily secure. The privacy and security of conversations or data transmitted to and from the vehicle cannot be guaranteed. All data is encrypted in transit.

We further implement and maintain reasonable security measures to protect the personal information we collect and maintain from unauthorized access, destruction, use, modification, or disclosure. These security measures include secure server software and firewalls designed to protect your personal information from unauthorized access, disclosure, alteration, or destruction. However, no security measure or modality of data transmission over the Internet is 100% secure and we are unable to guarantee the absolute security of the personal information we have collected from you.

Law Enforcement Requests and Domestic Violence Situations

We may disclose the information identified above to law enforcement if we are legally required to do so in response to valid legal process or under applicable law, including for national security purposes, or in scenarios that involve imminent risk to human life. If we are not legally bound to keep the request confidential, we will share the request with you.

Other than scenarios that involve an imminent risk to human life, Subaru requires a search warrant or court order before disclosing any geolocation data to law enforcement agencies.

Should you find yourself a victim of domestic violence or harassment from someone who has access to the STARLINK vehicle data, please call the STARLINK customer care center at 1-855-753-2495 and we can disconnect the perpetrator’s remote access to the vehicle.

How We Share Your Personal Information

A. General Sharing. Please refer to Section 3 of the Consumer Privacy Policy for more information on how SOA shares your personal information.

B. Sharing in the Last Twelve (12) Months

For a business purpose. In the preceding twelve (12) months, Subaru has disclosed the following categories of personal information for a business purpose to the following categories of third parties:

  • We have disclosed your identifiers with service providers that assist us in providing the STARLINK services. These service providers assist us with the following: cloud data storage and infrastructure, customer services, auditing, data validation, marketing, website hosting, email communication, customer relationship management, and payment processing and providers of the vehicle services listed above.
  • We have disclosed your identifiers and precise geolocation information to roadside assistance providers; service providers for services like collision alerts, stolen vehicle alerts, diagnostic and maintenance alerts; emergency service dispatchers, law enforcement (as outlined in the previous sections), your designated emergency contacts, or our affiliates in connection with vehicle-related accidents or other emergencies, or if you report your vehicle stolen.
  • In response to law enforcement requests (as outlined in the previous section), we have disclosed identifiers and STARLINK telematics information to state and federal law enforcement agencies.

C. Sale/Sharing of Personal Information

In the preceding twelve (12) months, Subaru has disclosed your personal information in the following ways that may be considered a “sale” under state comprehensive privacy laws and/or “sharing” under the California Privacy Rights Act:

  • We disclosed your personal identifiers (name) and diagnostics codes with retailers so they may follow up with you regarding service-related topics.
  • In certain states, we disclosed your odometer information and vehicle identification number to LexisNexis for potential sharing with insurance companies subject to your authorization and for use in the improvement of their product. Subject to your authorization provided directly to your insurance company, LexisNexis will share odometer information with your insurance company. The insurance company then may analyze the data to make inferences regarding the driving acuity of the vehicle’s drivers and use it for assessing whether you are eligible for insurance coverage and/or whether your premium may be affected. The insurance company will then use your information pursuant to its privacy notice, including using your contact information to market its services to you.
  • Only after obtaining a separate consent from vehicle owners, we have disclosed vehicle emissions data to state and federal environmental agencies.

Rights of Consumer

Please refer to Section 5 of the Consumer Privacy Policy for more information about your rights under applicable state comprehensive privacy law.

Age Restriction

The services are not intended for individuals under the age of sixteen (16) years old and we do not knowingly collect personal information of persons under the age of sixteen (16) years old. If we learn that we have collected or received personal information from a child under the age of sixteen (16) years old, we will delete that information. If you believe we might have information from or about a child under the age of sixteen (16) years old, please contact us at https://www.subaru.com/contactus.

Changes to this Vehicle Privacy Notice

We may amend this privacy notice in our sole discretion at any time. If we do, we will post the changes to this page, and will indicate the date the changes go into effect. We encourage you to review our privacy notice to stay informed. If we make changes that materially affect your privacy rights, we will notify you by prominent posting on the website and/or via email, and request your consent, if required.

Contact Us

If you have any questions regarding this privacy notice, please contact us at 1-800-782-2783 or Subaru.com/contactus and we will be happy to help in any way we can.