Privacy policy

Who we are

VinReach, Inc. (a Delaware corporation, "VinReach") operates a SaaS platform for new and used vehicle dealers. Contact: privacy@vinreach.ai.

Data we collect as controller (dealer customers)

• Account identity — name, email, phone, role (owner / admin / operator).
• Organization + rooftop metadata — dealership name, brand, website URL, timezone.
• Billing info — Stripe customer + subscription identifiers. Card data stays with Stripe; we never see the PAN.
• Audit + usage telemetry — every change you make in the console is logged into our SOC 2-ready audit ledger (third-party Type II attestation in progress; not yet issued).

Data we process as processor (visitor data)

The dealer is the controller of their visitor data. VinReach is the processor. The dealer's privacy policy governs the collection notice; our DPA governs the processing terms.

• Pixel events — URL, referrer, device fingerprint (UA + IP /24 + Accept-Language + hashed device hash), timestamp, dealer-provided tags. IPs are hashed with a daily-rotated salt and not stored in raw form.
• Form submissions — email + phone entered on the dealer's site, associated with the visitor's resolved person record.
• Inventory signals — publicly available VDP content crawled from the dealer's own site, keyed by VIN.
• Reply + engagement — inbound emails + SMS the dealer receives, opens + clicks on dealer-sent messages.

How we use it

• Deliver remarketing journeys the dealer configures (email + SMS + inbox workflows).
• Run the compliance engine (consent, suppression, quiet hours, CAN-SPAM headers, CPRA opt-out signals).
• Improve platform-level ML (intent classification, subject-line bandits) using de-identified signals only. No per-person training data leaves the tenant boundary.
• Support + operate the service (debugging, billing, internal audit + SOC 2-readiness program).

Who we share with

Sub-processors listed at /subprocessors. We do not sell personal information in the CPRA sense. We do not share personal information with third parties for their independent commercial use.

Anonymous-visitor identity resolution (opt-in)

When a dealer enables it on a specific rooftop AND the visitor has granted both analytics and marketing consent AND has not asserted a Global Privacy Control signal or CPRA "do-not-sell-or-share" opt-out, the VinReach pixel loads an anonymous identity-resolution webtag. VinReach uses one of two vendors depending on the rooftop's identity tier: FullContact (Essential tier) or Leadpipe (Enhanced tier). FullContact writes a first-party cookie (fc_pid) on the dealer's domain containing a PersonID; our server calls FullContact's Enrich API with that PersonID to retrieve first-party identifiers (email, phone, and postal region) when FullContact has a match on file. Leadpipe operates on the same consent gate and returns equivalent identifiers when matched against its identity graph; data shared with Leadpipe is limited to hashed email, hashed phone, IP address, and user agent.

• The dealer's privacy policy must disclose this identity-resolution practice (and name the active vendor — FullContact or Leadpipe) to meet their controller obligations.
• Enrichment never runs without the consent gate above. Flipping any single signal (marketing off, GPC on, sale-share opt-out) stops the pixel from loading FullContact or Leadpipe and the server from enqueuing enrichment.
• FullContact and Leadpipe are each separate data controllers for their own identity graphs. VinReach cannot delete a record from either graph on request; a consumer-level opt-out must go to the relevant vendor directly. We enforce dealer-side suppression locally + never re-enrich a suppressed person.
• Returned identifiers attach to the visitor's person record in VinReach. Outbound messaging still requires explicit per-channel consent captured through the dealer's own forms.

California residents

Your CPRA rights + how we handle GPC signals are on the CAN-SPAM · CPRA page.

Retention

• Dealer-account data: retained while account is active + 60 days after termination. CSV export provided on request.
• Visitor behavioral data: 18 months rolling default, then purged unless retained under a paid plan.
• Audit + SOC 2 logs: 18 months fixed, then purged.
• Immutable CASL / CPRA opt-out history: retained indefinitely (regulatory requirement).

SMS / text messaging

VinReach sends SMS on behalf of the dealership you interacted with. You opt in by submitting a form on the dealer’s website (lead, trade-in, or pre-qualification) where you provide your mobile number and agree to receive text messages, or through an existing business relationship with the dealer.

• Message frequency varies based on your activity and the dealer’s configured journeys — typically 1–5 messages per relevant event (a vehicle you viewed, a price change, an appointment).
• Message and data rates may apply. Carriers may charge for messages per your mobile plan.
• Reply STOP to any message to opt out (also STOPALL, UNSUBSCRIBE, CANCEL, END, QUIT). Reply HELP for help, or contact the dealership directly.
• We do not sell or share your mobile number or SMS opt-in information with third parties or affiliates for their own marketing or promotional purposes. Mobile opt-in data is used solely to deliver the messages you requested from the dealer.

Your rights

• Know, access, correct, delete, port your data — email privacy@vinreach.ai.
• Withdraw consent at any time via the unsubscribe link in every commercial email or STOP on any SMS.
• Appeal a decision — we respond to appeals within 45 days.

Security

See /trust for the full posture. Short version: TLS 1.2+ in transit, AES-256 at rest, RLS-segmented per-tenant data, SOC 2-ready controls.

Children

The VinReach platform is not directed at children under 16. Dealers do not market to minors. We do not knowingly collect personal information from anyone under 16.

Changes

Material changes to this policy are posted here with at least 30 days' notice. Continued use of the service after the effective date constitutes acceptance.