Privacy Policy
Effective date: May 22, 2026
Privacy questions? Email support@stackdrive.io
The short version: StackDrive is a B2B SaaS platform for car dealerships. We collect information about your dealership to run our service. We do not sell your data or your customers' data to anyone. Your customers' information stays yours. Read on for the full details.
1. Who We Are
StackDrive Inc. ("StackDrive," "we," "us," or "our") is a corporation incorporated in Quebec, Canada, that operates an automotive CRM platform for car dealerships. This Privacy Policy explains how we collect, use, disclose, and safeguard information when dealerships and their personnel use the StackDrive platform at https://app.stackdrive.io and the StackDrive website at stackdrive.io (collectively, the "Service").
StackDrive is a business-to-business service. Our direct customers are automotive dealerships and dealer groups ("Customers" or "you"), not individual consumers. This Policy governs our relationship with you as a Customer.
2. Data We Collect
We collect different categories of data depending on how you interact with us:
2.1 Account and Registration Data
When you create a StackDrive account, we collect information about your dealership and the individuals who register, including:
- Business name, address, and dealership information
- Name, job title, and email address of the account owner and Authorized Users
- Phone number (optional, for support purposes)
- Billing information (credit card or payment details, processed securely by our payment processor — we do not store full card numbers)
- Subscription plan selection and billing history
2.2 Customer Data (Your Leads and Contacts)
As you use the platform, you upload, import, or create records that contain information about your dealership's leads and customers ("Customer Data"). This may include:
- Consumer names, email addresses, phone numbers, and mailing addresses
- Vehicle preferences, trade-in vehicle information, and purchase history
- Lead source, lead status, and notes entered by your sales team
- Communication history between your dealership and its leads
- Any other information your team enters into the CRM
You are the controller of Customer Data. That data belongs to you and your dealership. We only process it to run your CRM — we do not use it for our own marketing or sell it to anyone.
2.3 Usage and Technical Data
When you and your team use the Service, we automatically collect:
- Log data: IP addresses, browser type, pages visited, timestamps, and referring URLs
- Device information: hardware model, operating system, and screen resolution
- Feature usage data: which features you use, how often, and in what sequence
- Error and crash reports to help us identify and fix bugs
- Performance metrics to monitor and improve the Service
2.4 Cookies and Tracking Technologies
We use cookies and similar technologies on our website and within the application:
- Essential cookies: Required for the Service to function (e.g., maintaining your session, remembering your login).
- Analytics cookies: Help us understand how users navigate the Service so we can improve it (e.g., Vercel Analytics). These are aggregated and not used for cross-site advertising.
- Preference cookies: Remember your settings and preferences within the application.
You can configure your browser to refuse cookies or alert you when cookies are being sent. Note that disabling essential cookies may impair Service functionality.
2.5 Communications Data
If you contact our support team by email, chat, or phone, we retain records of those communications to resolve your issue and improve our support quality.
3. How We Use Your Data
We use the data we collect for the following purposes:
3.1 Service Delivery
- Providing, operating, and maintaining the CRM platform
- Processing your Customer Data to power the features you use (lead management, AI scoring, messaging sequences, trade-in evaluations, analytics)
- Managing your Account, subscription, and billing
- Authenticating users and enforcing security
- Sending transactional emails (account confirmations, invoices, password resets)
3.2 Customer Support
- Responding to your support tickets and questions
- Diagnosing and fixing technical issues in your Account
- Providing onboarding assistance and training
3.3 Product Improvement
- Analyzing aggregated, de-identified usage patterns to improve features and workflows
- Training and refining our AI models using aggregated or anonymized data
- Conducting internal research and testing of new features
- Fixing bugs and improving reliability
3.4 Communications
- Sending product updates, feature announcements, and release notes
- Notifying you of changes to pricing, terms, or policies
- Sending renewal reminders and billing notifications
You may opt out of non-transactional marketing emails at any time by clicking "Unsubscribe" in any such email. You cannot opt out of transactional communications (e.g., invoices, security alerts) while your Account is active.
3.5 Security and Fraud Prevention
- Monitoring for unauthorized access, abuse, and security threats
- Investigating and responding to suspected violations of our Terms of Service
- Complying with legal obligations and law enforcement requests
3.6 Legal Compliance
- Meeting our obligations under applicable law
- Asserting or defending legal claims
- Responding to lawful requests from government authorities
4. We Do Not Sell Your Data
We do not sell, rent, or trade your data — or your customers' data — to any third party for their own marketing, advertising, or commercial purposes. Full stop.
For purposes of the California Consumer Privacy Act (CCPA) and similar state laws, StackDrive does not "sell" or "share" personal information as those terms are defined in applicable law. We do not share Customer Data with third-party data brokers, advertising networks, or data aggregators.
5. How We Share Data
We share data only in the limited circumstances described below:
5.1 Service Providers (Sub-Processors)
We engage trusted third-party companies to help us operate and improve the Service. These service providers act as processors on our behalf and are contractually obligated to protect data and use it only for the purposes we specify. Categories include:
- Cloud infrastructure: Hosting and data storage (e.g., Vercel, cloud database providers)
- Payment processing: Billing and payment collection (e.g., Stripe)
- Email delivery: Transactional email services for account communications
- AI and machine learning infrastructure: Third-party AI API providers that power AI Features
- Analytics: Aggregated product usage analytics (e.g., Vercel Analytics)
- Customer support tools: Help desk and ticketing software
- Market data providers: Third-party vehicle valuation data for trade-in estimates
5.2 Legal Requirements
We may disclose data if required to do so by law, subpoena, court order, or government request. To the extent permitted by law, we will attempt to notify you before disclosing your data in response to a legal demand.
5.3 Business Transfers
In the event of a merger, acquisition, bankruptcy, or sale of substantially all of our assets, Customer Data and Account data may be transferred to the successor entity. The successor will be bound by privacy commitments no less protective than those in this Policy.
5.4 With Your Consent
We may share data with third parties for purposes not described in this Policy if we have your explicit written consent to do so.
6. Customer Data — Your Dealership Is the Controller
When you upload or generate records containing your customers' and leads' personal information into StackDrive, your dealership is the data controller and StackDrive is the data processor. It is your data. You are responsible for it. We process it only to power your CRM.
As the data controller, your dealership is responsible for:
- Having a lawful basis to collect and use your customers' personal information
- Providing your customers with appropriate privacy notices
- Responding to consumer privacy rights requests (deletion, access, correction)
- Obtaining proper consent before sending marketing or automated communications
7. AI Features and Data Processing
StackDrive's AI Features — including lead scoring, AI-drafted messages, and predictive analytics — are powered by machine learning models.
7.1 What Data AI Features Process
When you use AI Features, relevant Customer Data fields are submitted to AI processing systems. This may include data processed by third-party AI API providers under service agreements that prohibit them from using your data for their own model training.
7.2 How We Use Data to Improve AI
We may use aggregated, de-identified, or anonymized usage data to improve our AI models. We do not use identified Customer Data to train AI models without your consent.
7.3 AI Output Is Not Guaranteed
AI-generated outputs are probabilistic and may contain errors. You are responsible for reviewing all AI-generated content before using it and for ensuring it is accurate and compliant with applicable law.
8. Data Retention
8.1 While Your Account Is Active
We retain Account data and Customer Data for as long as your subscription is active or as needed to provide you the Service.
8.2 After Cancellation
Following cancellation, we retain your Customer Data for thirty (30) days to allow you to export it. After this period, we will delete or anonymize Customer Data from our production systems. Backup copies may persist for up to ninety (90) additional days.
8.3 Account and Billing Data
Account and billing records may be retained for longer periods as required by accounting standards, tax law, or to resolve disputes (typically seven (7) years for financial records).
9. Security Measures
We implement commercially reasonable technical and organizational security measures, including:
- Encryption of data in transit using TLS (HTTPS)
- Encryption of data at rest in our database infrastructure
- Role-based access controls limiting who within StackDrive can access your data
- Regular security assessments and monitoring
- Vendor security reviews for service providers who handle Customer Data
No method of transmission over the internet is 100% secure. If we become aware of a data breach that affects your Account in a material way, we will notify you as required by applicable law.
10. California Privacy Rights (CCPA / CPRA)
If you are a California resident, or represent a dealership whose customers include California residents, the CCPA as amended by the CPRA may apply.
California residents have the right to:
- Know what personal information we collect, use, disclose, sell, or share
- Delete personal information we hold about them, subject to certain exceptions
- Correct inaccurate personal information
- Opt out of the sale or sharing of personal information (we do not sell or share personal information)
- Non-discrimination for exercising your CCPA rights
To submit a CCPA rights request, email support@stackdrive.io with subject "CCPA Privacy Request." We will respond within forty-five (45) days.
11. International Transfers and GDPR
StackDrive is a Canada-based service primarily designed for North American automotive dealerships. We do not actively market to or serve customers in the European Economic Area (EEA), the United Kingdom, or Switzerland.
If your dealership requires a Data Processing Agreement (DPA) for GDPR compliance purposes, please contact us at support@stackdrive.io.
12. Children's Privacy
The Service is intended for use by business professionals at automotive dealerships. It is not directed at, and we do not knowingly collect personal information from, individuals under the age of 18. If you believe a minor has submitted personal information to us without authorization, please contact us at support@stackdrive.io.
13. Other State Privacy Laws
Several U.S. states have enacted comprehensive consumer privacy laws, including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and others. StackDrive operates as a processor acting on your instructions as the controller. Your dealership is responsible for ensuring your use of the Service complies with applicable state privacy law.
14. Links to Third-Party Services
The Service may contain links to or integrations with third-party websites or services. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party service you connect to StackDrive.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email at least fourteen (14) days before the change takes effect. Your continued use of the Service after the updated Policy takes effect constitutes acceptance of the revised Policy.
16. How to Contact Us
For any privacy-related questions, rights requests, or concerns, please contact us:
- Email: support@stackdrive.io
- Subject line for privacy requests: "Privacy Request — [your company name]"
- Mailing address: StackDrive Inc., Quebec, Canada
© 2026 StackDrive Inc. All rights reserved. · Effective: May 22, 2026