Privacy Policy

Last updated: June 28, 2026

1. Data We Collect

• Account data: name, email, phone, role, dealership assignment.
• Customer records: contact info, vehicles, deals, activity, consent preferences.
• Inventory data: VINs, pricing, photos, costs.
• Usage telemetry: authentication events, AI prompts/responses, audit logs.

2. How We Use It

Data is used to deliver WHIP functionality — CRM, desking, reporting, AI summaries, and notifications — and to maintain security, billing, and compliance audit trails.

3. Consent & Communications

Outbound SMS and email require explicit consumer consent recorded in the customer profile. WHIP enforces TCPA and CAN-SPAM consent checks before allowing send.

4. AI Processing

Customer summaries and assistant prompts are processed by Google Gemini via the Lovable AI gateway. Prompts are logged for rate limiting and quality review.

5. Data Sharing

We do not sell personal data. Subprocessors include Supabase (database/auth), Resend (email), and Lovable (AI gateway). Each is bound by data-processing terms.

6. Security

All data is encrypted in transit and at rest. Row-level security restricts access to a user's assigned rooftops. MFA is available for all users.

7. Retention & Deletion

Customer records are retained per the dealership's policy. Account deletion or data export requests can be made through your administrator.

8. Your Rights

Depending on jurisdiction (CCPA, GDPR), you may request access, correction, or deletion of your personal data. Contact your dealership administrator or andrew@leanengineering.io.