Privacy Policy

1. Introduction

Q-Automatik ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our car arbitrage platform (the "Service").

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide

When you create an account or use the Service, you may provide:

• Account Information: Name, email address, phone number, and password
• Payment Information: Credit card details, billing address (processed securely through Stripe)
• Profile Information: Preferences, notification settings, saved searches, and price alerts
• Communications: Messages, support requests, and feedback you send to us

2.2 Information Collected Automatically

When you access the Service, we automatically collect:

• Usage Data: Pages viewed, listings clicked, search queries, filters applied, time spent on pages
• Device Information: IP address, browser type, operating system, device identifiers
• Location Data: General location based on IP address (city/state level, not precise geolocation)
• Cookies and Tracking: Session IDs, preferences, authentication tokens (see Section 5)
• Interaction Data: Saved listings, comparison activities, shared content, email open rates

2.3 Information from Third Parties

We may receive information from:

• Authentication Providers: If you sign in with Google or other OAuth providers, we receive your name, email, and profile picture
• Payment Processors: Stripe provides payment verification and fraud detection signals
• Public Listings: We aggregate publicly available vehicle listings from Facebook Marketplace, OfferUp, and Craigslist (this data does not include your personal information)

3. How We Use Your Information

We use your information for the following purposes:

3.1 Service Delivery

• Create and manage your account
• Process payments and subscriptions
• Deliver Daily Drop emails with curated listings
• Send price alerts and saved search notifications
• Provide customer support and respond to inquiries
• Display personalized listings based on your search history and preferences

3.2 Service Improvement

• Analyze usage patterns to improve our algorithms and user experience
• Test new features and conduct A/B testing
• Improve our deal scoring methodology based on user engagement
• Identify and fix technical issues
• Develop new features and services

3.3 Communication

• Send transactional emails (welcome, password reset, payment confirmations)
• Notify you of changes to our Terms of Service or Privacy Policy
• Send marketing communications about new features (you can opt out)
• Request feedback and conduct user surveys

3.4 Security and Compliance

• Detect, prevent, and investigate fraud, abuse, and security incidents
• Enforce our Terms of Service and Acceptable Use Policy
• Comply with legal obligations and respond to lawful requests
• Protect the rights, property, and safety of Q-Automatik and our users

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share data with trusted third-party service providers who perform services on our behalf:

• Clerk (clerk.com): Authentication and user management
• Stripe (stripe.com): Payment processing and subscription management
• Email Service Provider: Transactional and marketing emails (e.g., Resend, SendGrid)
• Cloud Infrastructure: Hosting and database services (e.g., Vercel, Railway, AWS)
• Analytics: Usage tracking and analytics (anonymized where possible)

These providers are contractually obligated to use your information only for the purposes we specify and to protect it in accordance with this Privacy Policy.

4.2 Legal Requirements

We may disclose your information if required by law or in response to:

• Subpoenas, court orders, or other legal processes
• Requests from government authorities or law enforcement
• Situations involving potential threats to safety or security
• Investigations of fraud or Terms of Service violations

4.3 Business Transfers

If Q-Automatik is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred to the successor entity. You will be notified via email and/or a prominent notice on our website of any such change.

4.4 Aggregated and Anonymized Data

We may share aggregated or anonymized data that does not identify you personally, such as market trends, usage statistics, or demographic insights, with partners, advertisers, or the public.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

5.1 Types of Cookies

• Essential Cookies: Required for authentication, security, and core functionality (cannot be disabled)
• Functional Cookies: Remember your preferences, saved searches, and settings
• Analytics Cookies: Help us understand how you use the Service to improve performance
• Marketing Cookies: Track engagement with our emails and ads (you can opt out)

5.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling cookies may limit your ability to use certain features of the Service. Most browsers accept cookies by default, but you can set your browser to:

• Notify you when a cookie is set
• Reject all cookies automatically
• Delete cookies after each session

6. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

• Active Accounts: Data retained while your account is active
• Closed Accounts: Most data deleted within 90 days of account closure
• Legal/Compliance: Some data may be retained longer to comply with legal obligations (e.g., tax records: 7 years)
• Anonymized Data: Aggregated analytics data may be retained indefinitely

You can request deletion of your data at any time by contacting privacy@q-automatik.com.

7. Data Security

We implement industry-standard security measures to protect your personal information:

• Encryption: HTTPS/TLS encryption for data in transit; AES-256 encryption for sensitive data at rest
• Authentication: Secure password hashing (bcrypt), multi-factor authentication support via Clerk
• Access Controls: Role-based access restrictions, least-privilege principle for employees
• Infrastructure: Secure cloud hosting with regular security audits and penetration testing
• Monitoring: Automated threat detection, intrusion prevention, and incident response procedures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

8. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

8.1 Access and Portability

You have the right to request a copy of the personal information we hold about you. We will provide this in a structured, commonly used, machine-readable format (JSON) within 30 days of your request.

8.2 Correction and Update

You can update your account information at any time through your account settings. If you believe we have incorrect information about you, please contact us to request corrections.

8.3 Deletion

You have the right to request deletion of your personal information. Note that we may retain certain information as required by law or for legitimate business purposes (e.g., fraud prevention, accounting records).

8.4 Opt-Out of Marketing

You can unsubscribe from marketing emails by clicking the "Unsubscribe" link in any marketing email or by adjusting your email preferences in your account settings. Note that you will still receive transactional emails (e.g., payment confirmations, password resets).

8.5 Do Not Track

Some browsers have a "Do Not Track" feature. Currently, we do not respond to Do Not Track signals because there is no industry-wide standard for compliance.

8.6 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect, use, disclose, and sell
• Right to request deletion of your personal information
• Right to opt out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

To exercise these rights, email us at privacy@q-automatik.com with "CCPA Request" in the subject line.

8.7 European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Right to access, rectify, or erase your personal data
• Right to restrict or object to processing
• Right to data portability
• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority

Our legal basis for processing your data includes: (1) performance of our contract with you, (2) compliance with legal obligations, (3) legitimate business interests, and (4) your consent where required.

8.8 Exercising Your Rights

To exercise any of these privacy rights, please contact us at privacy@q-automatik.com. We will verify your identity before processing your request and respond within 30 days (or as required by applicable law).

9. Children's Privacy

The Service is not intended for children under the age of 18. We do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@q-automatik.com.

If we discover that we have collected personal information from a child under 18, we will delete that information as quickly as possible.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States, where our servers and service providers are located. These countries may have different data protection laws than your jurisdiction.

By using the Service, you consent to the transfer of your information to the United States and other countries. We take steps to ensure that your data receives adequate protection in accordance with this Privacy Policy and applicable laws, including using Standard Contractual Clauses approved by the European Commission where appropriate.

11. Third-Party Links

The Service contains links to third-party websites and marketplaces (Facebook Marketplace, OfferUp, Craigslist). We are not responsible for the privacy practices or content of these third-party sites.

When you click on a listing and are redirected to a third-party platform, that platform's privacy policy governs the collection and use of your information. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last updated" date at the top of this policy
• Notify you via email (if you have an account)
• Display a prominent notice on the Service

Your continued use of the Service after we make changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry within 30 days (or as required by applicable law).