DealrDash

Privacy Policy

Last updated: January 15, 2026

1. Introduction

DealrDash ("we", "us", "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services. By accessing or using DealrDash, you consent to the practices described in this policy.

2. Information We Collect

We collect the following categories of information:

2.1 Personal Information

When you create an account or use the Service, we may collect your name, email address, phone number, and other contact details you provide.

2.2 Organization Information

We collect information about your dealership, including business name, address, locations, logo, and other details you provide during onboarding or through your account settings.

2.3 Vehicle Data

Information about vehicles listed on the platform, including Vehicle Identification Numbers (VINs), specifications, pricing, descriptions, and photographs or videos you upload.

2.4 Financial Data

Subscription and billing information, including plan selection and payment history. Vehicle pricing, cost data, and accounting records you enter into the platform. Note: full credit card details are processed and stored by Stripe, not by DealrDash directly.

2.5 Usage Data

We automatically collect information about how you interact with the Service, including pages viewed, features used, session duration, browser type, device information, IP address, and referring URLs.

3. How We Use Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, maintain, and improve the DealrDash platform, including inventory management, CRM, dealer websites, and all related features.
  • Billing: To process subscription payments, manage billing cycles, and handle invoicing through our payment processor.
  • Support: To respond to your inquiries, provide technical assistance, and resolve issues with your account or the Service.
  • Analytics: To understand how the Service is used, identify trends, and make data-driven improvements to our product.
  • Communications: To send you important updates about the Service, including billing notifications, security alerts, and changes to our terms or policies.
  • Compliance: To comply with legal obligations, enforce our Terms of Service, and protect the rights and safety of our users and the public.

4. Information Sharing

We do not sell your personal information. We share data only with trusted third-party service providers who are essential to operating the Service:

  • Stripe — Payment processing. Stripe receives your billing information to process subscription payments securely.
  • Supabase — Database hosting and authentication. Your account data and application data are stored on Supabase-managed infrastructure.
  • Vercel— Application hosting. Our platform is hosted on Vercel's infrastructure, which processes requests and serves content.
  • PostHog — Product analytics. We use PostHog to understand how users interact with the Service and to improve the user experience.
  • Sentry — Error monitoring. Sentry helps us detect and resolve technical issues. It may receive limited technical data related to errors, such as stack traces and request metadata.

We may also disclose information if required by law, subpoena, or legal process, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. If you close your account, we will retain your data for a reasonable period (typically 30 days) to allow for data export, after which it will be permanently deleted from our systems. Certain data may be retained longer if required by law or for legitimate business purposes such as fraud prevention, dispute resolution, or legal compliance.

6. Data Security

We take the security of your data seriously and implement appropriate technical and organizational measures, including:

  • Encryption of data in transit (TLS/SSL) and at rest.
  • Role-based access controls and row-level security policies to ensure users can only access data belonging to their organization.
  • Secure authentication with support for strong passwords and session management.
  • Regular security monitoring and vulnerability assessments.
  • Infrastructure hosted on industry-leading providers with SOC 2 compliance.

While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: You may request a copy of the personal information we hold about you.
  • Correction: You may request that we correct any inaccurate or incomplete personal information.
  • Deletion: You may request that we delete your personal information, subject to legal retention requirements.
  • Data Export: You may request a portable copy of your data in a commonly used format.
  • Consent Withdrawal: Where processing is based on consent, you may withdraw your consent at any time. This will not affect the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at privacy@dealrdash.com.

8. Cookies and Tracking

We use cookies and similar technologies to operate the Service and improve your experience:

  • Essential Cookies: Required for authentication, session management, and core functionality. These cannot be disabled.
  • Analytics Cookies: Used by PostHog to collect usage data and understand how users interact with the Service. These help us improve the product.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service. PostHog analytics can be opted out of by enabling "Do Not Track" in your browser, which we respect.

9. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@dealrdash.com.

10. International Data

DealrDash is based in Canada. Your data may be stored and processed in Canada, the United States, or other countries where our service providers operate. By using the Service, you consent to the transfer of your information to these countries, which may have different data protection laws than your country of residence. We take steps to ensure your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.

11. PIPEDA Compliance

As a Canadian company, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. This means we collect personal information only for identified purposes, obtain consent where required, limit collection to what is necessary, and protect information with appropriate safeguards. You have the right to access your personal information held by us, challenge its accuracy, and file a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide at least 30 days' notice via email or through the Service before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was most recently revised. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

13. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us at privacy@dealrdash.com.