Privacy Policy
Last updated: September 8, 2025This Privacy Policy explains how CarProxy Alabama LLC (d/b/a “CarProxy”) (“CarProxy,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information when you use our services (the “Services”), including when you:
- Visit carproxy.com or any site that links to this Privacy Notice
- Use our mobile app(s) that link to this Privacy Notice
- Interact with us in sales, support, marketing, or events
Quick summary
- What we collect: Information you give us (e.g., contact details, account data, payment information handled by Stripe) and information collected automatically (e.g., device, log/usage, and approximate location data).
- Sensitive data: We collect government-issued ID to verify identity and comply with legal obligations (e.g., KYC/AML, sanctions screening, fraud prevention).
- From third parties: We do not collect personal information from third parties.
- Why we process data: To provide and improve the Services, support you, secure our systems, prevent fraud, and comply with law.
- Sharing: Only in defined situations (e.g., business transfers, affiliates, business partners).
- Security: We use reasonable organizational and technical safeguards to protect your data.
- Your rights: Depending on your location, you may have rights to access, correct, delete, or limit use of your data, and to opt out of certain processing.
- Exercising rights: Email us at [email protected]. We will respond as required by applicable law.
Table of contents
- Information we collect
- How we use (process) information
- Legal bases (EU/UK & Canada)
- When and with whom we share information
- Cookies & other tracking technologies
- How long we keep information
- How we protect information
- Children’s privacy
- Your privacy rights
- Do-Not-Track controls
- US state privacy disclosures & rights
- Changes to this notice
- How to contact us
- Review, update, or delete your data
1) Information we collect
a) Information you provide
We collect personal information you choose to provide—for example when you create an account, request support, or place an order. This may include:- Identifiers & contact details: name, email address, phone number, mailing address
- Account & preferences: password, communication preferences, authentication data
- Payments: If you make a purchase, we collect the minimum information necessary to initiate payment (e.g., payment method token). All payment data is processed and stored by Stripe. See Stripe’s privacy notice for details: https://stripe.com/privacy.
- Government-issued ID: driver's license or passport, including the number and, when necessary, an image/copy, to verify identity and comply with legal obligations (e.g., KYC/AML, sanctions screening, fraud prevention).
b) Information collected automatically
When you use the Services, we automatically collect certain data needed for security, operation, and analytics, such as:- Log & usage data: IP address, device/browser information, settings, pages viewed, searches, timestamps, feature use, system events, and error diagnostics
- Device data: Device data: device IDs, OS and app versions, ISP/carrier, configuration details
- Location data: approximate location (e.g., derived from IP). You can disable device-level location sharing, though some features may not function.
c) Google API data
Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including Limited Use requirements.2) How we use (process) information
We process personal information to:- Create and maintain accounts, authenticate users, and operate the Services
- Deliver Services and features you request
- Provide support and respond to inquiries
- Fulfill and manage orders, payments, returns, and exchanges
- Protect safety and prevent fraud or misuse
- Comply with law and enforce our terms
- Use with consent for any additional purpose you authorize
3) Legal bases (EU/UK & Canada)
EU/UK (GDPR/UK GDPR)
We process personal information where one or more of the following applies:- Consent (you can withdraw at any time)
- Contract (to perform or enter into a contract with you)
- Legal obligation
- Vital interests
- Legitimate interests (balanced against your rights)
Canada
We rely on express or implied consent as applicable. In limited circumstances, we may process without consent as permitted by law (e.g., fraud prevention, subpoenas, emergencies, research with safeguards).6) How long we keep information
We retain personal information only as long as needed for the purposes described here, to comply with legal requirements (e.g., tax/accounting), or for as long as your account is active. When no longer needed, we will delete or anonymize the data. Where deletion is not feasible (e.g., backups), we will securely store and isolate it until deletion is possible.7) How we protect information
We use administrative, technical, and organizational safeguards consistent with industry practices. While no system is 100% secure, our controls are designed to reduce risk across prevention, detection, and response:- Encryption. Data is encrypted in transit (e.g., TLS) and at rest (e.g., strong AES). Encryption keys are managed and rotated using a dedicated key-management process.
- Access control. Least-privilege, role-based access; multifactor authentication; single sign-on where available; periodic access reviews; auditable admin actions.
- Network security. Environment isolation, firewalls/WAF, rate limiting, and controls to mitigate abuse and common web threats.
- Secure development & patching. Code review, dependency and application security scanning, timely patching of critical vulnerabilities, and change management.
- Monitoring & logging. Centralized logs, alerting on suspicious activity, and safeguards to detect and investigate security events.
- Backups & continuity. Encrypted backups with periodic restore tests and documented disaster-recovery procedures.
- Third-party risk. Due diligence, contracts (including data protection terms), and ongoing oversight for vendors that process personal information on our behalf.
- Employee safeguards. Security and privacy training and confidentiality obligations for personnel with access to personal information.
- Data minimization & retention. We collect the minimum data necessary and retain it only as long as needed for the purposes described or to meet legal requirements.
- Government-ID handling (driver’s licence/passport). Copies are encrypted, access is strictly limited to personnel who need it for verification and compliance (e.g., KYC/AML recordkeeping).
8) Children’s privacy
The Services are not directed to children under 18 (or the age of majority in your jurisdiction). We do not knowingly collect, solicit, or sell personal information from children. If we learn we have collected such information, we will deactivate the account and delete the data. To report a concern, contact [email protected].9) Your privacy rights
Depending on where you live, you may have rights to:- Access and obtain a copy of your personal information
- Correct inaccurate data
- Delete your data
- Restrict or object to certain processing
- Portability (receive data in a portable format)
- Human review of certain automated decisions
10) Do-Not-Track (DNT)
Industry standards for recognizing DNT signals are not yet finalized, so we do not respond to DNT signals today. If standards emerge that we must follow, we will update this notice.11) US state privacy disclosures & rights
Residents of CA, CO, CT, DE, FL, IN, IA, KY, MD, MN, MT, NE, NH, NJ, OR, RI, TN, TX, UT, VA may have additional rights, including to know, access, correct, delete, obtain a copy of data, and opt out of certain processing (e.g., targeted advertising/profiling where applicable). These rights may be limited by law.Categories of personal information collected in the last 12 months
| Category | Examples | Collected |
|---|---|---|
| Identifiers | Name, alias, postal address, phone, IP address, email, account name | Yes |
| CA Customer Records data | Contact details, financial info | Yes |
| Protected classification characteristics | e.g., gender, race/ethnicity, DOB | No |
| Commercial information | Transactions, purchase history, payment details | Yes |
| Biometric information | Fingerprints, voiceprints | No |
| Internet/network activity | Browsing/usage data, interactions with our sites/apps | Yes |
| Geolocation data | Device/location (approximate) | Yes |
| Audio/electronic/visual | Images, audio, or call recordings | No |
| Professional/employment | Job history/qualifications (applicants) | No |
| Education information | Student records, directory info | No |
| Inferences | Profiles or preferences derived from other data | No |
| Sensitive personal information | As defined by applicable law | No |
Sources: You; your devices (automatic collection).How we use and share: See Sections 2 and 4 of this notice.Sales/sharing: We have not sold or “shared” personal information for cross-context behavioral advertising in the past 12 months and do not do so.
Exercising US state rights
- Submit a request: Email [email protected] (or use any form we provide).
- Authorized agents: You may designate an agent; we may require proof of authorization and identity verification.
- Verification: We may request information necessary to verify your identity and secure your data.
- Appeals: If we decline your request, you may appeal by emailing [email protected]. If your appeal is denied, you may contact your state attorney general.
California “Shine the Light”
California residents may request, once per year and free of charge, information about categories of personal information (if any) disclosed to third parties for their direct marketing in the prior calendar year. Submit requests using the contact details below.12) Changes to this notice
We may update this Privacy Notice from time to time. The “Last updated” date reflects the most recent changes. If changes are material, we may provide additional notice (e.g., by posting on the site or contacting you directly).13) How to contact us
Data Protection Officer: [email protected]Mailing address:CarProxy Alabama LLC — Data Protection Officer11523 Memorial Pkwy SWHuntsville, AL 35803, United States
