Privacy Policy

Effective date: 2026-06-05 · Last updated: 2026-06-05

This policy is a beta-period draft and will be reviewed by counsel before general availability.

This Privacy Policy explains how CarDealerTool (“we”, “us”) handles information when dealers and their staff use the Service. It distinguishes data about our direct customers (dealers) from data dealers input about their own customers.

1. Information We Collect

  • Account data: name, email, dealership details, role, and authentication data.
  • Customer Data input by dealers: deal, customer, vehicle, and financing records the dealer enters or uploads.
  • Payment information: processed by Stripe; we do not store full card numbers.
  • Cookies & usage: session/preference cookies, IP address, device/browser, and usage logs.

2. How We Use Information

  • provide, operate, and secure the Service;
  • process billing and subscriptions;
  • provide support and respond to requests;
  • analyze product usage to improve features.

3. Information Sharing

We share information only with subprocessors that help us run the Service — currently Stripe (payments), Resend (email), Twilio (SMS), and our cloud hosting/infrastructure provider. We do not sell personal information.

4. Customer Data vs. Service Data

“Customer Data” (records a dealer enters about its own customers) is owned by the dealer; we act as a processor on the dealer's behalf. “Service Data” (account and usage data about our direct customers) is handled as described here.

5. Data Security

We use encryption in transit and at rest, role-based access controls, audit logging, and regular backups. No method of transmission or storage is 100% secure, but we work to protect your information.

6. Data Retention

We retain account and Customer Data for the duration of the subscription plus a 90-day grace period after cancellation, during which data can be exported, after which it may be deleted.

7. Your Rights

Subject to applicable law, you may request to:

  • access the personal information we hold about you;
  • correct inaccurate information;
  • delete your information;
  • obtain a portable copy of your data.

8. California Privacy Rights (CCPA / CPRA)

California residents have the right to know what personal information we collect, to request deletion, to opt out of the sale or sharing of personal information (note: we do not sell personal information), and to non-discrimination for exercising these rights. To exercise these rights, contact us at the address below.

9. Children's Privacy

The Service is intended for businesses and is not directed at children under 13. We do not knowingly collect personal information from children under 13.

10. Cookies

We use a small number of essential and functional cookies. See our Cookie Policy for details.

11. Third-Party Links

The Service may link to third-party sites we do not control. Their privacy practices are governed by their own policies.

12. International Transfers

The Service is operated in the United States. If you access it from elsewhere, your information may be processed in the U.S.

13. Changes to This Policy

We may update this policy and will provide notice via email and by posting the updated version on this page.

14. Contact

Privacy questions? Email [email protected].