Privacy Policy
Effective Date: April 5, 2026 · Last Updated: April 5, 2026
1. Introduction
Instant Dealer Docs ("we," "us," or "our") operates the web application at instantdealerdocs.com (the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect personal information when you use our Service.
We process two categories of personal information: (a) Account Data from dealership staff who create accounts and use the Service, and (b) Deal Data — information about vehicle buyers and transactions that dealers enter into the Service to generate paperwork.
By using the Service you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the Service.
2. Information We Collect
2.1 Account Data (Dealer Staff)
- Full name, email address, username, and profile photo
- Phone number (when phone verification is used)
- Organization/dealership name and role (owner, admin, manager, viewer)
- Billing and subscription information (processed by Stripe)
- Authentication credentials and two-factor authentication status (managed by Clerk)
- Connected third-party accounts (e.g., Google OAuth)
2.2 Deal Data (Vehicle Buyer Information)
Dealers enter the following information about their customers into the Service to auto-fill dealer documents:
- Customer name, address, email, and phone number
- Driver license number
- Vehicle identification number (VIN), year, make, model, and mileage
- Sale price, down payment, trade-in details, lender information, and fee breakdowns
- Electronic signature data and consent records
Important: The dealer who enters Deal Data into the Service acts as the data controller for that information. We process Deal Data on behalf of the dealer as a data processor/service provider. For Account Data relating to dealer users, billing, and administrative operations, Instant Dealer Docs acts as the controller. Dealers are responsible for obtaining any required consents from their customers before entering their information into the Service.
2.3 Automatically Collected Data
- Device information (browser type, operating system, screen resolution)
- IP address and approximate location
- Pages visited, features used, interaction events, and masked diagnostic replay data (via PostHog and Sentry, with consent where applicable)
- Referring URL and session duration
3. How We Use Your Information
- To provide, maintain, and improve the Service
- To auto-fill state-specific dealer documents (bills of sale, tax reports, temporary permits, etc.)
- To facilitate electronic document signing
- To process payments and manage subscriptions
- To authenticate users and manage organization access
- To verify phone numbers and send transactional SMS messages
- To analyze usage patterns and improve product experience
- To detect fraud, abuse, and security incidents
- To respond to support requests
- To comply with legal obligations
4. Third-Party Service Providers
We share personal information with the following categories of service providers. These providers process data on our behalf and, for Deal Data, as subprocessors supporting our provision of the Service to the dealer:
| Provider | Purpose | Data Shared |
|---|---|---|
| Clerk | Authentication & identity | Name, email, phone, org membership |
| Stripe | Payment processing | Billing email, payment method, subscription plan |
| Supabase | Database & file storage | All Account Data and Deal Data |
| PostHog | Product analytics | User ID, email, org, pageviews, feature usage |
| Sentry | Error monitoring & session replay | IP address, browser metadata, URLs, crash diagnostics, and masked replay data around errors |
| Google Maps | Address autocomplete | Address search queries |
| Cloudflare | Bot protection (Turnstile) | IP address, browser fingerprint |
| Vercel | Hosting & CDN | IP address, request logs |
5. Sale & Sharing of Personal Information
We may share certain categories of Account Data — such as dealer business contact information, staff names, email addresses, and service usage data — with trusted third-party partners for marketing purposes, including industry-relevant offers and services that may benefit your dealership.
We do not sell, share, or disclose Deal Data — meaning vehicle buyer personal information collected during transactions, including but not limited to buyer names, addresses, driver license numbers, financial information, signatures, and vehicle transaction details — to any third party for marketing, advertising, or any purpose unrelated to completing the transaction for which it was collected. Deal Data is processed solely to fulfill the dealer services you have engaged us to provide and to comply with applicable law.
Categories of Account Data We May Share
- Business contact information (names, email addresses, phone numbers of dealer staff)
- Dealership name, address, and business identifiers
- Service usage and preference data (e.g., features used, transaction volume tiers)
Categories of Third-Party Recipients
- Automotive industry service providers
- Business software and services companies
- Marketing and analytics partners
Your Right to Opt Out
You may opt out of the sale or sharing of your personal information at any time by visiting our Your Privacy Choices page, clicking "Do Not Sell My Info" in the footer of our website, or emailing [email protected]. We will process your request within 15 business days. You do not need to create an account to exercise this right. We honor Global Privacy Control (GPC) signals as valid opt-out requests.
We may also disclose personal information when required by law, subpoena, or legal process; to protect our rights, safety, or security or that of others; to detect or prevent fraud; and in connection with a merger, acquisition, financing, bankruptcy, or sale of all or part of our business, subject to applicable confidentiality and notice obligations.
6. Data Storage & Security
We primarily host and store Service data in the United States. Some service providers or subprocessors may access or process data in other locations consistent with their services and applicable law. Our primary database is hosted on Supabase (managed PostgreSQL) with row-level security (RLS) enforced to ensure strict multi-tenant data isolation — each dealership can only access its own data.
We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, role-based access controls, and regular security reviews. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.
7. Data Retention
We retain Account Data for as long as your account is active or as needed to provide the Service. Deal Data is retained for the duration of the dealer's subscription plus a reasonable wind-down period to allow data export. After account termination, we will delete or anonymize personal information within 90 days, except as required by law or legitimate business purposes (e.g., dispute resolution, audit compliance).
We retain e-signature records and audit trails (signer identity, IP address, timestamps, consent records) for at least seven years as an evidentiary and compliance practice, and longer where required by tax, dealer-record, litigation-hold, or other applicable legal obligations.
8. Cookies & Tracking Technologies
We use cookies and similar technologies for authentication, security, analytics, and user preferences. For full details, see our Cookie Policy.
You can manage your cookie preferences at any time by clicking "Cookie Preferences" in the footer of any page or through your browser settings.
9. Your Privacy Rights
9.1 All Users
Subject to applicable law, identity verification, technical feasibility, and legal retention obligations, you may:
- Access and review the personal information we hold about you
- Request correction of inaccurate information
- Request deletion of your personal information (subject to legal retention requirements)
- Opt out of non-essential analytics tracking
- Export your data in a machine-readable format
For Deal Data submitted by a dealer, we will direct the request to the dealer or assist the dealer in responding, as the dealer controls that data.
9.2 State Consumer Privacy Rights
Depending on your state of residence, you may have additional rights under applicable state consumer privacy laws, including but not limited to the California Consumer Privacy Act (CCPA/CPRA), the Utah Consumer Privacy Act (UCPA), the Colorado Privacy Act (CPA), the Virginia Consumer Data Protection Act (VCDPA), the Connecticut Data Privacy Act (CTDPA), the Texas Data Privacy and Security Act (TDPSA), and the Oregon Consumer Privacy Act (OCPA). These rights may include:
- Right to Know/Access: Request disclosure of the categories and specific pieces of personal information we have collected
- Right to Delete: Request deletion of your personal information, subject to certain exceptions
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt Out: Opt out of the sale of your personal information, targeted advertising, or certain profiling activities
- Right to Data Portability: Receive your personal information in a portable, readily usable format
- Right to Non-Discrimination: Exercise your privacy rights without receiving discriminatory treatment
California Residents: You have additional rights under the CCPA/CPRA, including the right to opt out of sharing for cross-context behavioral advertising, the right to limit the use of sensitive personal information, and the right to designate an authorized agent. We honor Global Privacy Control (GPC) signals as valid opt-out requests. You may also click "Do Not Sell or Share My Personal Information" in the footer of our website.
For Deal Data we process on behalf of a dealer, we act as a service provider/contractor and will assist the dealer in responding to verified requests as required by law. To exercise any of the rights listed above, contact us at [email protected]. We will verify your identity and respond within the timeframe required by applicable law (generally 45 days, with extensions as permitted).
9.3 Vehicle Buyer Rights
If you are a vehicle buyer whose information was entered into the Service by a dealer, please contact the dealer directly to exercise your privacy rights regarding Deal Data. The dealer is the data controller for your information. If you are unable to resolve your request with the dealer, you may contact us at [email protected] and we will assist in facilitating your request.
10. Children's Privacy
The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will delete that information promptly.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date. For material changes that significantly affect how we process your personal information, we will provide additional notice (such as an in-app notification or email). Your continued use of the Service after any changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at:
- Email: [email protected]
- Website: instantdealerdocs.com