Privacy Policy
Vintrak, Inc.
Effective Date: April 6, 2026
Vintrak, Inc. ("Vintrak," "we," "us," or "our") respects your privacy. This Privacy Policy describes how we collect, use, disclose, and otherwise process personal information when you visit our website, create an account, use our platform, purchase products or services, communicate with us, or otherwise interact with us online or offline (collectively, the "Services"). By using the Services, you acknowledge the practices described in this Privacy Policy. If you do not agree, please do not use the Services.
1. Scope of This Privacy Policy
This Privacy Policy applies to personal information we collect through the Services, including our website, platform, reports, communications, and related interactions. This Privacy Policy does not apply to: information processed solely on behalf of third parties where we act as a processor or service provider under a separate agreement; third-party websites, platforms, APIs, products, or services that are not controlled by Vintrak; or information subject to a separate privacy notice that expressly supersedes this one.
2. Personal Information We Collect
We may collect the following categories of personal information, depending on how you interact with the Services. A. Information You Provide Directly: your name, email address, phone number, mailing or billing address, account login credentials, vehicle information including VINs and related records, documents, photos, receipts, service history, maintenance logs, modification details, notes and other materials you upload, payment and transaction-related information, communications you send to us, waitlist, support, survey, or feedback submissions, and any information you include in forms, emails, or other interactions with us. B. Information Collected Automatically: IP address, browser type and version, device type and identifiers, operating system, referral URLs, pages viewed and features used, session activity, approximate geolocation inferred from IP address, dates and times of access, crash, diagnostic, and performance information, and cookie, pixel, local storage, and similar technology data. C. Vehicle and Related Data: VINs, vehicle make, model, trim, year, and specifications, recall information, fuel economy information, valuation-related inputs and outputs, ownership-related documentation, and records concerning maintenance, modifications, condition, mileage, or related vehicle history that you provide or that we infer from submitted content. D. Payment Information: Payment card processing is handled by third-party payment providers. We do not typically store full payment card numbers on our own systems. We may receive limited transaction details such as payment status, billing ZIP/postal code, partial card details, subscription status, invoice or transaction identifiers, and refund and dispute status. E. Information From Third Parties: We may receive information from authentication providers, payment processors, public vehicle-data sources, public fuel economy and recall sources, content and media sources, analytics, fraud prevention, and security vendors, email delivery vendors, customer support tools, and future social or OAuth sign-in providers. F. AI-Related Inputs and Outputs: If you use AI-powered features, we may process prompts, vehicle data, uploaded materials, instructions, metadata, and related content necessary to generate AI-assisted valuations, summaries, and other outputs.
3. Sources of Personal Information
We collect personal information from the following sources: directly from you; automatically from your browser, device, and use of the Services; from our service providers and infrastructure vendors; from public and licensed data sources; from integrations or third-party services you choose to use; and from communications and support interactions.
4. How We Use Personal Information
We may use personal information for the following purposes: to provide, operate, maintain, secure, and improve the Services; to create and manage user accounts; to authenticate users and prevent unauthorized access; to store and organize vehicle-related records and uploads; to process transactions, subscriptions, and purchases; to send transactional emails, confirmations, receipts, notifications, and service messages; to generate reports, summaries, valuations, charts, PDFs, and shareable links; to respond to support requests, inquiries, and feedback; to personalize and improve the user experience; to monitor usage, debug issues, perform analytics, and improve performance; to detect, investigate, and prevent fraud, abuse, security incidents, and other harmful or unlawful activity; to comply with legal obligations and enforce our agreements; to protect our rights, property, safety, users, and others; to develop new products, features, and functionality; to conduct internal research, testing, and quality assurance; and to communicate with you about updates, offerings, and other information, where permitted by law.
5. Cookies and Similar Technologies
We and our service providers may use cookies, pixels, tags, SDKs, local storage, and similar technologies to: keep you signed in; remember preferences and settings; understand how users interact with the Services; measure traffic and usage trends; improve functionality and performance; diagnose issues; support analytics and product development; and help protect against fraud and abuse. Depending on the tools enabled, we may use analytics and monitoring technologies provided by vendors such as PostHog, Google Analytics, and Sentry. You may be able to manage cookies through your browser settings. Blocking some cookies may affect the functionality of the Services.
6. How We Disclose Personal Information
A. Service Providers and Vendors: We may disclose personal information to service providers, contractors, and vendors that perform services on our behalf, such as hosting, database management, authentication, storage, payment processing, email delivery, AI processing, analytics, error monitoring, customer communications, and security. B. Public, Third-Party, and Integrated Data Sources: We may send limited data to third-party APIs or data providers as necessary to provide requested functionality, such as VIN decoding, fuel economy information, recall data, QR code generation, AI-powered outputs, or authentication. C. Business Transactions: We may disclose personal information in connection with an actual or proposed merger, acquisition, financing, reorganization, bankruptcy, receivership, asset sale, or transition of service to another provider. D. Legal and Safety Purposes: We may disclose personal information if we believe doing so is necessary or appropriate to comply with applicable law, regulation, legal process, or governmental request; enforce our Terms or other agreements; detect, prevent, or address fraud, security, or technical issues; or protect the rights, property, and safety of Vintrak, our users, or others. E. With Your Direction or Consent: We may disclose personal information when you direct us to do so or otherwise consent. F. De-Identified or Aggregated Information: We may use, disclose, and commercialize aggregated, anonymized, or de-identified information that does not reasonably identify you, subject to applicable law.
7. Third-Party Services We Use
Our Services may rely on or interact with third-party providers in the following categories: infrastructure, hosting, deployment, storage, and authentication; source code and development tools; payment processing and billing; transactional email delivery; artificial intelligence and machine learning services; public and licensed vehicle, recall, and fuel economy data sources; content, media, and reference data providers; analytics, monitoring, and error reporting tools; domain, DNS, and networking providers; and future social sign-in or OAuth providers. These providers may process personal information on our behalf or, in some cases, as independent controllers under their own privacy policies.
8. Current and Planned Third-Party Tools
As of the date of this Privacy Policy, Vintrak may use, rely on, or integrate with tools and providers such as: Supabase for database, authentication, file storage, and access controls; Vercel for hosting, deployment, and serverless infrastructure; GitHub for source code management and development workflows; Stripe for payment processing, subscriptions, and billing; Resend for transactional email delivery; Anthropic for AI-powered features such as vehicle valuations and related outputs; NHTSA vPIC API for VIN decoding and vehicle data; EPA Fuel Economy API for MPG and related information; Wikipedia and Wikimedia Commons for certain informational and media content; QR Server API for generating QR codes; Cloudflare and DreamHost for domain and DNS-related services; Google Cloud for possible future OAuth sign-in; PostHog, Google Analytics, and Sentry for planned or future analytics, monitoring, diagnostics, and performance tracking. We may update, replace, add, or remove providers from time to time without separately amending this list, so long as our practices remain materially consistent with this Privacy Policy.
9. Legal Bases for Processing
If and to the extent applicable under relevant law, we process personal information on one or more of the following legal bases: performance of a contract with you; compliance with legal obligations; our legitimate interests, such as operating, securing, and improving the Services; your consent, where required by law; and protection of vital interests or other lawful bases permitted by applicable law.
10. Data Retention
We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to: provide the Services; maintain your account; complete transactions; comply with legal, tax, accounting, and regulatory obligations; resolve disputes; enforce agreements; detect and prevent fraud and abuse; and preserve backups and business continuity records. Retention periods may vary depending on the type of information, the nature of our relationship with you, our legal obligations, and operational needs. We may retain de-identified or aggregated information for longer periods or indefinitely, where permitted by law.
11. Data Security
We use reasonable administrative, technical, and organizational safeguards designed to protect personal information. These may include access controls, authentication measures, encryption in transit, logging, and service-provider security controls. However, no method of transmission over the internet or method of electronic storage is completely secure. Accordingly, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your credentials and for using the Services in a secure manner.
12. International Data Transfers
Vintrak and its service providers may process and store personal information in the United States and other jurisdictions where we or our vendors operate. If you access the Services from outside the United States, you understand that your information may be transferred to, stored in, and processed in countries that may not provide the same level of data protection as your home jurisdiction.
13. Your Privacy Rights
Depending on where you live, you may have certain rights regarding your personal information, subject to exceptions and limitations under applicable law. These may include the right to: know whether we process your personal information; access or receive a copy of certain personal information; correct inaccurate personal information; delete certain personal information; object to or restrict certain processing; opt out of certain targeted advertising, profiling, or sale/sharing activities, if applicable; appeal certain privacy-rights decisions, where applicable; and withdraw consent where processing is based on consent. To exercise any applicable rights, contact us at legal@vintrak.io. We may need to verify your identity before processing your request. We may also deny or limit requests where permitted by law.
14. U.S. State Privacy Disclosures
If you are a resident of a U.S. state with an applicable privacy law, you may have rights under that law, subject to exceptions. Vintrak does not sell personal information for money. We also do not knowingly share personal information for cross-context behavioral advertising unless and until we implement tools or practices that would qualify as such under applicable law. If we begin engaging in activities that trigger opt-out rights under applicable privacy law, we will update this Privacy Policy and provide any required notices or mechanisms.
15. Email Communications
We may send you transactional and service-related emails, such as account verification, receipts, security notices, login alerts, and product updates related to your use of the Services. If we send marketing or promotional messages, we will provide a way to unsubscribe where required by law. Even if you opt out of marketing emails, we may still send non-marketing messages related to your account or transactions.
16. Children's Privacy
The Services are not directed to children under 18, and we do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18 without appropriate authorization, we will take reasonable steps to delete it. If you believe a child has provided us with personal information, contact us at legal@vintrak.io.
17. Third-Party Content and Links
The Services may display or link to third-party content, websites, services, articles, images, logos, feeds, or other materials. We do not control those third parties and are not responsible for their privacy practices. Your interactions with those third parties are governed by their own terms and privacy policies.
18. AI Processing Disclosure
If you use AI-powered features, personal information and vehicle-related information that you submit may be processed by third-party AI service providers on our behalf in order to generate requested outputs. AI-generated content may be based on the information you provide, publicly available information, third-party data, and model-generated inferences. AI outputs may be inaccurate or incomplete. You are responsible for reviewing and evaluating outputs before relying on them. We may use AI-related inputs, metadata, and outputs to operate, support, improve, and secure AI-enabled functionality, subject to our agreements with providers and applicable law.
19. Data Storage and User Uploads
If you upload documents, images, receipts, logs, or other materials to the Services, those materials may contain personal information about you or other individuals. You are responsible for ensuring that you have the legal right to upload and share that information. You should not upload sensitive information about others unless you are authorized to do so and it is necessary for your use of the Services. We may store uploaded materials, associated metadata, generated derivatives, thumbnails, extracted text, and related records as necessary to provide the Services.
20. Account Deletion
You may request deletion of your account by contacting us at legal@vintrak.io or by using any in-product deletion functionality we make available. Please note that we may retain certain information after deletion where necessary to comply with legal obligations, resolve disputes, enforce agreements, detect fraud, maintain security, or preserve internal records and backups.
21. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we may provide notice by posting the updated policy, revising the "Last Updated" date, emailing you, or through the Services. Your continued use of the Services after the effective date of an updated Privacy Policy constitutes your acknowledgment of the revised policy, to the extent permitted by law.
22. Contact Us
If you have questions about this Privacy Policy or our privacy practices, contact us at: Vintrak, Inc. Email: legal@vintrak.io