LotLiftrSign in
Template — have a lawyer review. This document is boilerplate tailored to LotLiftr and is not legal advice. Bracketed values must be completed before launch.

Privacy Policy

Last updated: [BRACKETED — human fill: e.g. June 23, 2026]

This Privacy Policy explains how [BRACKETED — human fill: legal entity name, e.g. LotLiftr, Inc.](“LotLiftr,” “we,” “us”) collects, uses, discloses, and protects information when you use the LotLiftr web application and Chrome browser extension (together, the “Service”). By using the Service you agree to this Policy.

1. Who this applies to

LotLiftr is a business-to-business tool used by automotive dealerships and their staff. Most data we handle is dealership business data, not consumer personal data. Where we do process personal information (such as a staff member’s login email), we do so as described below.

2. Information we collect

  • Account & authentication data: the email address and (hashed) password used to sign in, your display name, your role (manager or rep), and the dealership you belong to.
  • Dealership information: dealership name, inventory source URL, plan/subscription tier, and configuration you provide.
  • Scraped inventory data: vehicle and product listings we retrieve from your designated inventory page — including titles, prices, mileage, specifications, descriptions, and image URLs.
  • AI-generated content: listing titles and descriptions generated from your inventory data.
  • Facebook Marketplace listing URLs & posting activity: the URL of a listing a rep posts and which rep posted it, used for per-rep tracking and the manager leaderboard. We do not collect your Facebook password or access your Facebook account.
  • Usage & operational data: scrape run logs, refresh counts, budget usage, error reports, and similar telemetry.
  • Cookies & session data:a session cookie that keeps you signed in. See “Cookies” below.
  • Support communications: messages you send us through the contact form, including your name and email.

3. How we use information

  • To provide, operate, and maintain the Service.
  • To scrape and enrich your inventory and prepare listings.
  • To attribute postings to reps and power the leaderboard.
  • To enforce plan limits, budgets, and refresh cadence.
  • To send transactional email (sign-in, billing, alerts, support).
  • To secure the Service, prevent abuse, and debug errors.
  • To comply with legal obligations.

4. Service providers (sub-processors)

We share data with the following processors strictly to operate the Service. Each is bound by its own terms and privacy commitments:

  • Supabase — database, authentication, and storage.
  • Vercel — application hosting and edge delivery.
  • Firecrawl — inventory web scraping.
  • Google (Gemini API) — AI enrichment of listings.
  • Stripe — subscription billing and payment processing.
  • Resend — transactional email delivery.
  • Sentry — error monitoring and diagnostics.
  • Upstash — rate limiting and caching.

We do not sell your personal information. Payment card details are handled directly by Stripe; we never store full card numbers.

5. Cookies and sessions

We use strictly necessary cookies to keep you authenticated. We do not use third-party advertising or cross-site tracking cookies. Disabling session cookies will prevent you from signing in.

6. Data retention

We retain account and dealership data for as long as your account is active and as needed to provide the Service. Scraped inventory is kept current and replaced on each refresh. We retain certain records as required for legal, tax, and audit purposes.

7. Your rights and data deletion

Depending on your jurisdiction, you may have rights to access, correct, export, or delete your personal information. To exercise any of these rights, or to request deletion of your account and associated data, contact us at our contact page. We will respond within the timeframe required by applicable law.

8. Security

We use industry-standard safeguards including encrypted transport, row-level tenant isolation, and least-privilege access. No system is perfectly secure; you are responsible for keeping your credentials confidential.

9. International transfers

Our providers may process data in the United States and other countries. By using the Service you consent to such transfers where permitted by law.

10. Children

The Service is a business tool not directed to children and is not intended for anyone under 18.

11. Changes to this Policy

We may update this Policy. Material changes will be posted here with a new “Last updated” date.

12. Contact

Questions? Reach us via the contact page or write to [BRACKETED — human fill: company mailing address].