Legal
Privacy Policy
Last updated: April 16, 2026 · Effective: April 16, 2026
Short version: We collect the minimum data needed to run AutoSavvy. We don't sell your data. We use Stripe for payments, which means we never see your card number. We use Meta Pixel and basic analytics to improve the product.
1. Who We Are
AutoSavvy ("we," "us," or "our") is an AI-powered used car pricing and deal scoring service. We operate at autosavvy.app. Questions about this policy: support@autosavvy.app.
2. What Data We Collect
Vehicle & Search Data
When you analyze a vehicle listing, we collect:
- Vehicle details you provide (year, make, model, mileage, asking price, trim, location)
- VIN numbers entered for decoding (stored to improve our models)
- Listing URLs or screenshots you upload for analysis
- Photos you upload for damage detection (processed and stored for up to 90 days)
Account Data
If you create an account:
- Email address and hashed password (we never store plaintext passwords)
- Saved deal history associated with your account
- Subscription status (Pro or free tier)
- Trial usage tracking (to enforce the one-day free trial limit)
Payment Data
Payments are processed by Stripe. We never see or store your credit card number, CVV, or full card details. Stripe provides us with: transaction ID, amount paid, and your email address for receipts. See Stripe's Privacy Policy for how they handle your payment data.
Usage & Analytics Data
We automatically collect:
- Pages visited and time spent (via our own analytics system)
- IP address and approximate location (city/region level)
- Browser type, device type, operating system
- Referral source (how you found AutoSavvy)
3. How We Use Your Data
- To provide the service: Vehicle analysis, deal scoring, PDF report generation, and saved deal history all require storing your input data.
- To process payments: We pass the minimum necessary data to Stripe to complete transactions.
- To improve the product: Aggregate, anonymized usage data helps us improve accuracy and add features.
- To send transactional emails: Receipt confirmations and account-related notices (not marketing emails unless you opt in).
- To prevent abuse: Rate limiting, fraud detection, and enforcement of free tier limits.
4. Cookies & Tracking
Cookies We Use
- Session cookies: Keep you logged in across pages.
- Analytics cookies: Our own page view tracking (no third-party analytics provider).
Meta Pixel
We use Meta Pixel (Facebook Pixel) to measure the effectiveness of our advertising and to track conversions (PageView, Lead, Purchase events). Meta may use this data to show you relevant ads on Facebook and Instagram. You can opt out via Facebook Ad Settings or use a browser ad blocker. See Meta's Data Policy.
5. Third-Party Services
- Stripe — Payment processing. Privacy Policy
- NHTSA vPIC API — VIN decoding (U.S. government service, no personal data sent)
- NHTSA Complaints & Recalls API — Vehicle safety data (U.S. government, no personal data sent)
- OpenAI — AI analysis of vehicle listings and photo inspection. Data sent to OpenAI is subject to OpenAI's Privacy Policy. We do not send personally identifiable information to OpenAI.
- Meta Pixel — Advertising measurement (see section 4)
6. Data Retention
- Vehicle analysis records: Retained indefinitely to support saved deals and our improvement of scoring accuracy. Anonymized after 12 months if not associated with an account.
- Uploaded photos: Retained for 90 days, then deleted automatically.
- Account data: Retained for the life of your account. Deleted within 30 days of account deletion request.
- Payment records: Retained for 7 years per tax and accounting requirements (Stripe holds the actual payment data).
7. Your Rights
Depending on your location, you may have the right to:
- Request access to your personal data
- Request correction of inaccurate data
- Request deletion of your account and associated data
- Opt out of marketing communications
- Object to certain processing activities
To exercise any of these rights, email support@autosavvy.app. We respond within 30 days.
8. Data Security
We use industry-standard security practices including HTTPS encryption for all data in transit, bcrypt password hashing, and access controls on our database. We do not store payment card data — Stripe handles all payment security under their PCI DSS compliance.
9. Children's Privacy
AutoSavvy is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us at support@autosavvy.app.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We'll post the updated version with a new "Last updated" date. For significant changes, we'll notify registered users via email.
11. Contact
Privacy questions: support@autosavvy.app