Privacy Policy

1. Overview

Dealerflow Tech ("we", "our", or "us") provides an AI-powered Chrome extension and web dashboard that help car dealership sales teams manage their inventory, track leads, and draft replies to customers on Facebook Marketplace and Messenger. This policy explains what data we collect, how it is used and shared, and your rights.

2. Who This Policy Covers

Our product is organised around dealerships (companies). A company owner creates an account, subscribes, and invites sales representatives. Data created through the product is associated with the company and is accessible to authorised members of that company.

The product also processes information about prospective buyersthat dealership staff communicate with on Facebook. For that buyer information, the dealership is the data controller and we act as a processor on the dealership's behalf. Dealerships are responsible for handling buyer data lawfully and for any notices or consents required in their jurisdiction.

3. Data We Collect

• Account & dealership information: Your name and email address, your sales-rep profile (display name and reply-tone preference), your company name, and your role within the company. You can sign in with an email and password or via Google or Facebook sign-in.
• Vehicle inventory: Vehicle records you add or import — including details such as make, model, year, trim, mileage, price, your private minimum (floor) price, condition, location, VIN, and description. For each vehicle we also generate and store a numeric embedding (a mathematical representation used to match vehicles to buyer questions).
• Buyer & conversation data:When you use the extension on a conversation, we store information needed to manage the lead — such as the buyer's display name, a link to the conversation, the associated vehicle, the lead stage, and AI-generated notes (for example, the buyer's likely intent, budget signals, and the vehicle they are interested in).
• Conversation content and shared images: To draft a reply, the extension reads the current Messenger conversation and any photos shared in it from the active browser tab and sends that content to our AI provider (see Section 5). Photos shared in the chat are first screened locally in your browser, and a short text description of relevant images is stored with the conversation.
• Billing information: When your company subscribes, payments are processed by Stripe. We store your Stripe customer identifier and your subscription/trial status. We do not store full payment card numbers — these are handled directly by Stripe.
• Local browser storage: Your session tokens (to keep you signed in), your currently selected company, and small interface flags are stored locally in your browser via the chrome.storage API.

4. How We Use Your Data

• To authenticate you and keep you signed in.
• To store and manage your vehicle inventory and match vehicles to buyer questions.
• To generate AI-assisted reply drafts and to summarise leads and conversation stages.
• To process images shared in conversations into short descriptions used for replies.
• To manage your subscription, billing, and usage limits.
• To operate, secure, and troubleshoot the service.

5. AI Processing & Service Providers

We rely on the following sub-processors to provide the service:

• OpenAI— to generate reply drafts, summarise conversations, describe shared images, and create vehicle embeddings. Conversation content, shared images, and vehicle data are sent to OpenAI's API to perform these functions.
• Supabase — our database and authentication provider, where account, inventory, lead, and conversation data are stored.
• Stripe — our payments provider, which processes subscription and onboarding payments.

We do not sell your data, and we do not use it to serve advertising.

6. Data Storage and Security

Account, inventory, lead, and conversation data is stored in Supabase with access controls enforced via row-level security so that data is scoped to your company. Session tokens and preferences in local browser storage are not transmitted to third parties other than the providers listed above. All data in transit is protected with HTTPS.

7. Data Sharing Within Your Dealership

Inventory, leads, and conversation summaries are shared among authorised members of the same company so the team can collaborate. Company owners can manage which sales representatives have access. We do not share your company's data with other dealerships.

8. Data Retention

We retain account, inventory, lead, and conversation data for as long as your account is active. You may request deletion of your account and associated data at any time by contacting us. Local browser storage is cleared when you sign out, uninstall the extension, or clear your browser data.

9. Your Rights

You have the right to access, correct, or delete your personal data. Buyers whose data a dealership has processed should direct requests to that dealership, which we will support as a processor. To exercise your rights or raise a request, contact us at the address below. We will respond within 30 days.

10. Changes to This Policy

We may update this policy from time to time. We will notify active users of material changes via email. Continued use of Dealerflow Tech after changes constitutes acceptance of the updated policy.