Privacy Policy

The short version

Who we are

CarWhere ("we," "us," or "our") operates the website www.carwhere.com (the "Site"). CarWhere is a car pricing transparency platform that helps consumers compare verified buyer transaction data, analyze dealer quotes, and research vehicle pricing. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our Site or use our services.

Information we collect

Account information

When you create an account, we collect your email address and authentication credentials. We use Supabase for authentication, which securely manages login sessions. We do not store passwords directly — authentication is handled via secure token-based login.

Deal submissions

When you submit a deal or upload a dealer quote, we collect vehicle details (year, make, model, trim, VIN), pricing information (MSRP, selling price, out-the-door price, fees, incentives), lease or finance terms, dealer name, and approximate location (ZIP code, city, state). We do not collect your personal name, phone number, or home address from deal submissions. Submitted deals are displayed anonymously to help other buyers.

Payment information

If you subscribe to CarWhere Pro, payment is processed securely by Stripe. We do not store your credit card number, expiration date, or CVC on our servers. Stripe may collect information as described in their privacy policy.

Automatically collected information

When you visit our Site, we automatically collect certain information about your device and usage, including your IP address, browser type, operating system, referring URLs, pages viewed, time spent on pages, and other diagnostic data. This information is collected through cookies, log files, and similar tracking technologies as described below.

Cookies and tracking technologies

We use cookies and similar tracking technologies to collect and store information when you visit our Site. Cookies are small data files placed on your device that help us improve your experience, analyze site traffic, and understand usage patterns.

Types of cookies we use

You can control cookie preferences through your browser settings. Most browsers allow you to refuse cookies or alert you when a cookie is being placed. Note that disabling cookies may affect the functionality of certain features on our Site.

Third-party advertising

We may use third-party advertising companies, including Google AdSense, to serve advertisements on our Site. These companies may use cookies and similar technologies to collect information about your visits to this and other websites in order to provide relevant advertisements about goods and services that may interest you.

Google's use of advertising cookies enables it and its partners to serve ads based on your visit to our Site and/or other sites on the internet. You may opt out of personalized advertising by visiting Google Ads Settings. You may also opt out of third-party vendor cookies by visiting www.aboutads.info/choices or optout.networkadvertising.org.

For more information about how Google uses data when you use our Site, please visit How Google uses information from sites or apps that use our services.

How we use your information

We use the information we collect to:

• Provide, operate, and maintain our services
• Display anonymous deal data to help buyers compare prices
• Analyze dealer quotes and provide pricing insights
• Process payments and manage subscriptions
• Send transactional emails (account verification, deal analysis results)
• Send marketing communications (you can unsubscribe at any time)
• Analyze usage trends and improve our Site
• Detect and prevent fraud or abuse
• Comply with legal obligations

How we share your information

We do not sell your personal information. We may share information in the following circumstances:

• Service providers: We share data with third-party services that help us operate our business (Supabase for database/auth, Stripe for payments, Resend for email, Vercel for hosting, Google Analytics for analytics)
• Advertising partners: We share anonymized usage data with advertising partners (Google AdSense, Meta) for ad personalization and measurement
• Aggregated data: We may share aggregated, non-personally-identifiable deal data (e.g., average car prices by state) publicly on our Site and with partners
• Legal requirements: We may disclose information if required by law, court order, or government request
• Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred

Data retention

We retain your account information for as long as your account is active. Deal submissions are retained indefinitely as part of our anonymous pricing database, even if your account is deleted. Automatically collected data (analytics, logs) is retained according to the retention policies of our analytics providers (typically 14-26 months for Google Analytics). You may request deletion of your personal data at any time by contacting us.

Data security

We implement industry-standard security measures to protect your information, including encryption in transit (TLS/HTTPS), secure authentication (Supabase Auth), and PCI-compliant payment processing (Stripe). However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Your rights and choices

All users

• Access: You can request a copy of the personal data we hold about you
• Correction: You can request that we correct inaccurate information
• Deletion: You can request deletion of your account and personal data
• Opt-out of marketing: You can unsubscribe from marketing emails at any time using the link in each email
• Cookie control: You can manage cookie preferences through your browser settings

California residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information as defined under the CCPA. To exercise your rights, contact us at [email protected].

EEA/UK residents (GDPR)

If you are located in the European Economic Area or United Kingdom, you have rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict processing, data portability, and object to processing. Our legal basis for processing your data is your consent (for cookies and marketing), performance of a contract (for account and subscription services), and legitimate interests (for analytics and fraud prevention). To exercise your rights, contact us at [email protected].

Children's privacy

Our Site is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will promptly delete it.

Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "last updated" date. Your continued use of the Site after changes are posted constitutes your acceptance of the updated policy.