Privacy Policy

1. Overview

DealerScout.ai ("we", "our", "us") operates a Chrome browser extension and companion website at dealerscout.ai. The extension helps users identify private seller vehicle listings on Facebook Marketplace by classifying listings as private sellers, dealers, or uncertain using AI. This privacy policy describes what data we collect, how we use it, who we share it with, and your rights regarding your data.

This policy applies to the DealerScout.ai Chrome extension and the dealerscout.ai website. By using our service, you agree to the collection and use of information as described in this policy.

2. Data We Collect

We collect the following categories of data:

2.1 Personally Identifiable Information (PII): When you sign in with Google OAuth, we receive and store your name, email address, and profile picture URL. This data is used to manage your account, authenticate you, and associate your subscription with your identity.

2.2 Authentication Information:We store a session token (HTTP-only cookie) for website authentication and a signed JWT (JSON Web Token) in your browser's extension local storage for API authentication. These tokens contain your user ID, email, organization ID, role, and subscription status. Tokens expire after 30 days.

2.3 Website Content — Facebook Marketplace Listing Data: When the extension is active on Facebook Marketplace pages, it passively observes publicly visible listing information that Facebook has already sent to your browser. This includes listing titles, prices, seller names, seller profile IDs, listing locations, listing IDs, and vehicle descriptions. This data is sent to our servers for AI classification (dealer vs. private seller) and is stored in our database to improve classification accuracy over time.

2.4 User-Generated Classification Data: When you interact with the extension (marking a listing as dealer, private seller, or uncertain; marking a listing as messaged, revisit, or not interested), these verdicts and actions are stored on our servers and associated with the listing.

2.5 Usage Analytics: We collect anonymized, aggregated analytics about website usage (pages visited, load times) through Vercel Analytics. This data cannot be used to identify individual users.

2.6 Payment Information: If you subscribe to a paid plan, payment is processed entirely by Stripe. We never receive, store, or have access to your credit card number, bank account details, or other financial account information. We store only your Stripe customer ID and subscription status to manage your account.

3. How We Use Your Data

We use the data we collect for the following purposes:

Account management: To create and manage your account, authenticate you, and manage your subscription.

Core service delivery: To classify Facebook Marketplace listings as private sellers or dealers using AI, display classification badges in your browser, and maintain a database of known dealers for improved accuracy.

Service improvement: To improve our AI classification models using aggregated, de-identified listing data.

Communication: To send you important account-related notifications (e.g., trial expiration, subscription changes). We do not send marketing emails.

4. Data Sharing and Third-Party Services

We share user data only with the following third-party service providers, solely for the purposes of operating the DealerScout.ai service:

Google OAuth (Google LLC): Receives your Google account information during sign-in. Used for authentication only. Google Privacy Policy.

OpenRouter (OpenRouter Inc.): Receives listing titles and prices for AI vehicle type classification. Does not receive your personal information. OpenRouter Privacy Policy.

MongoDB Atlas (MongoDB Inc.): Stores account data, listing classifications, and dealer records with encryption at rest and in transit. MongoDB Privacy Policy.

Vercel (Vercel Inc.): Hosts our website and API. Processes API requests and collects anonymized analytics. Vercel Privacy Policy.

Stripe (Stripe Inc.): Processes subscription payments. Receives your email address for billing purposes. We do not have access to your payment card details. Stripe Privacy Policy.

5. Data We Do NOT Collect

DealerScout.ai does not collect browsing history, does not track your activity outside of Facebook Marketplace, does not read your Facebook messages or private data, does not access your Facebook account credentials, does not collect data from any website other than facebook.com/marketplace, and does not use cookies for tracking or advertising purposes.

6. Limited Use Disclosure

DealerScout.ai's use and transfer to any other app of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements. Specifically: we only use data for the purposes described in this policy, we do not sell user data, we do not use user data for advertising, and we do not transfer user data to third parties except as described in Section 4.

7. Data Storage and Security

All data transmitted between the extension, our servers, and third-party services uses HTTPS (TLS 1.2+). Account and listing data is stored in MongoDB Atlas with AES-256 encryption at rest. Authentication tokens are signed using HMAC-SHA256 (JWT) and stored locally in the browser's chrome.storage.local API. Our servers are hosted on Vercel's infrastructure with enterprise-grade security.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

8. Data Retention

Account data: Retained while your account is active. If you request account deletion, we will delete your personal data within 30 days.

Listing classification data: Stored indefinitely in aggregated, de-identified form to maintain and improve classification accuracy. Individual listing associations can be deleted upon request.

Authentication tokens: JWT tokens expire automatically after 30 days. Session cookies are cleared when you sign out. You can clear all locally stored extension data by uninstalling the extension or clearing extension storage.

9. Your Rights

You have the right to:

Access: Request a copy of the personal data we hold about you.

Correction: Request correction of inaccurate personal data.

Deletion: Request deletion of your personal data and account.

Opt out: Sign out of the extension at any time to stop all data collection. Uninstall the extension to remove all locally stored data.

To exercise any of these rights, contact us at daniel@dealerscout.ai. We will respond to all requests within 30 days.

10. Chrome Extension Permissions

The DealerScout.ai extension requests the following permissions, each for a specific purpose:

Host permission — facebook.com: Required to inject content scripts on Facebook Marketplace pages that observe listing data and display classification badges.

Host permission — dealerscout.ai: Required to communicate with our API for authentication, listing classification, and data persistence.

Storage permission: Required to persist your authentication token locally so you stay signed in between browser sessions.

The extension does not request access to any other websites, your browsing history, bookmarks, downloads, or any other browser data.

11. Children's Privacy

DealerScout.ai is not intended for use by individuals under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, please contact us and we will promptly delete it.

12. Changes to This Policy

We may update this privacy policy from time to time. If we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, for significant changes, by displaying a notice in the extension or sending an email to your registered email address. Your continued use of the service after changes are posted constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this privacy policy, your personal data, or our privacy practices, please contact us at:

Email: daniel@dealerscout.ai

Website: dealerscout.ai