Privacy Policy
1. Who we are
This Privacy Policy describes how LOT ("we," "us"), operator of carlistingservice.com, collects and uses information. It applies to all visitors and customers of the service.
2. What we collect
Account information
When you sign up, we collect your email address, a hashed password (we never store plain-text passwords), your dealership name, and the role and relationships of any team members you invite.
Dealership content you upload
Photos, vehicle specifications, VINs, customer lead messages, review text, and any notes you add. This is the working content of the service.
Billing information
We don't see your card number. When you subscribe, Stripe collects and processes your payment details directly. We only receive a customer identifier, subscription status, and billing history. Stripe's privacy policy applies to card data.
Usage information
Which AI tools you use, how many credits you've spent, when you logged in, and basic request metadata (IP address, user agent). This helps us run the service, prevent abuse, and improve things.
Email correspondence
Messages you send to us via the contact form or directly to support@carlistingservice.com, and our replies. Stored in our support inbox provider for support history.
3. How we use your information
- To provide the service — generate AI outputs, store your listings, deliver emails
- To charge you and deliver the plan you've subscribed to
- To send transactional emails (verification, password reset, team invites)
- To respond to support requests
- To prevent fraud and abuse (rate limiting, usage monitoring)
- To improve the service (aggregate usage trends — never identifying individuals)
- To comply with legal obligations
We do not sell your personal data to anyone. We do not use your dealership content for advertising. We do not use your content to train AI models.
4. Who we share it with
We share data only with the service providers we need to operate LOT, under written agreements that limit their use of your data to providing services to LOT on our behalf. We don't sell your data and we don't share it for advertising.
| Category | Purpose | What we share |
|---|---|---|
| Payment processor (Stripe) | Subscription billing and payment processing | Email address and customer identifier. Payment card data is collected by Stripe directly and never touches our servers. |
| AI service provider | Generating listing descriptions, lead replies, social posts, and review responses from your inputs | The specific content of each generation request — vehicle data, photos you upload, the customer message or review you've pasted in, and our prompt instructions. Our AI provider's terms state that customer inputs are not used to train models. |
| Email service providers | Transactional email (verification, password reset, team invites, account notifications) and our support inbox | Your email address, the recipient's email address for invites, and the content of each automated message; for support, the content of messages you send and our replies. |
| Photo storage provider | Storing the vehicle photos you upload | The photo files themselves and metadata such as upload timestamp and the vehicle they belong to. |
| Cloud hosting and infrastructure providers | Running the application, routing traffic, and protecting against abuse | All data passing through the service — necessarily, because these providers run the servers and network the application sits on. US-based infrastructure. |
We may share more specific details about which providers we use with customers who ask. Email support@carlistingservice.com if you'd like that list for your own due diligence or compliance review.
We may also disclose information if required by law, to protect our rights, or in connection with a merger, acquisition, or sale of assets (subject to the new owner's obligations to continue handling data under this policy).
4a. AI-generated content
LOT uses AI to generate the listing description, lead reply, social post, and review reply outputs based on the inputs you provide. These outputs are drafts you review and edit before publishing — LOT does not post anything on your behalf. AI output may occasionally contain errors or inaccuracies; you're responsible for reviewing accuracy before using any generated text in your business.
5. Data retention
We retain your account data as long as your account is active. If you delete your account, we delete your personal account data and dealership content within 30 days, except for records we're required to keep for legal, tax, or accounting purposes (typically billing records for up to 7 years under US tax law).
Inactive trial accounts with no paid activity may be deleted after 12 months of inactivity.
6. Security
We take reasonable technical and organizational measures to protect your data, including:
- All traffic to and from our servers uses HTTPS encryption
- Passwords are hashed with bcrypt (industry standard)
- Session cookies are signed, HTTP-only, and secure
- Rate limiting and request monitoring to detect abuse
- Principle of least privilege for internal systems
No system is perfectly secure. If a breach affects your data, we'll notify you as required by applicable law.
7. Your rights
Depending on where you live, you may have the following rights regarding your personal data:
- Access — request a copy of the personal data we have about you
- Correction — ask us to fix inaccurate data
- Deletion — request deletion of your account and associated data
- Portability — receive your data in a machine-readable format
- Objection — object to certain uses of your data
To exercise any of these rights, email us at support@carlistingservice.com. We'll respond within 30 days.
California residents (CCPA)
California residents have the right to know what categories of personal information we collect, the right to request deletion, the right to correct inaccurate information, and the right not to be discriminated against for exercising their privacy rights. We don't sell personal information or share it for cross-context behavioral advertising. Contact support@carlistingservice.com to exercise CCPA rights.
European residents (GDPR)
If you're in the European Economic Area, the legal basis for processing your data is: (a) contract performance — to provide the service you signed up for; (b) legitimate interest — to protect the service from abuse; (c) legal obligation — to comply with applicable law; (d) consent — where we ask for it explicitly. You have the right to lodge a complaint with your local data protection authority.
8. Cookies and tracking
We use a small number of cookies, all for essential service functionality:
- Session cookie — keeps you logged in after sign-in
We don't use advertising cookies, third-party analytics that track individuals, or cross-site tracking. We do not participate in any behavioral advertising networks.
9. Children's privacy
The service is intended for business use by adults. We don't knowingly collect data from anyone under 18. If you believe a minor has created an account, contact us and we'll delete it.
10. International transfers
Our infrastructure is primarily based in the United States. If you access the service from outside the US, your data will be transferred to and processed in the US, which may have different data protection laws than your country of residence.
11. Changes to this policy
We may update this Privacy Policy. Material changes will be communicated by email to account owners or posted on the site. Continued use of the service after changes means you accept them.
12. Contact us
Questions about this policy, a data request, or a privacy concern: support@carlistingservice.com or via the contact form.