Privacy Policy

Effective Date: March 5, 2026

1. Introduction

Welcome to CarScout. CarScout is a vehicle search monitoring and market intelligence platform that helps car buyers find and track vehicles across dealerships and marketplaces. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website at usecarscout.com and our related services (collectively, the "Service").

By using CarScout, you agree to the collection and use of information as described in this policy. If you do not agree with the practices described here, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect information through our authentication provider, Clerk. This includes:

  • Email address
  • Name (first and last)
  • Profile image (if provided through your identity provider)
  • Authentication method and session data

2.2 Payment Information

When you subscribe to a paid plan, payment processing is handled entirely by Stripe. We store:

  • Stripe customer ID and subscription ID
  • Subscription plan, status, and billing period
  • Billing interval and renewal status

We do not store your credit card number, CVV, or full billing address. All sensitive payment data is handled directly by Stripe in accordance with PCI DSS standards.

2.3 Search and Scout Data

When you create vehicle search monitors ("scouts"), we collect and store the search criteria you define:

  • Vehicle make, model, year range, and trim preferences
  • Price range (minimum and maximum)
  • Mileage limits
  • Location (ZIP code or city) and search radius
  • Color preferences (exterior and interior)
  • Transmission type, drivetrain, body style, and fuel type
  • Desired features and other filters

2.4 Activity and Usage Data

As you interact with the Service, we collect data about your activity:

  • Vehicle listings you view, save, or dismiss
  • Alert history and notification preferences
  • Feedback you submit about listings or the Service
  • Feature usage patterns and navigation behavior

2.5 Technical Data

We collect technical information to improve the Service and assist with support requests:

  • Browser user agent string
  • Viewport dimensions and device type
  • Page URL at the time of feedback submission
  • IP address (collected by Cloudflare as part of standard request handling)

2.6 Advertising and Attribution Data

To measure the effectiveness of our marketing, we collect attribution parameters when you arrive at our site:

  • UTM parameters (utm_source, utm_medium, utm_campaign, utm_term, utm_content)
  • Google Click ID (gclid)
  • Facebook Click ID (fbclid)
  • TikTok Click ID (ttclid)
  • Facebook browser ID (_fbp) and click ID cookie (_fbc)
  • TikTok browser ID (_ttp)
  • Google Analytics client ID (gaClientId)

2.7 Lead Capture Data

On our public market intelligence pages, you may optionally provide your email address to receive vehicle alerts. When you do, we collect:

  • Email address
  • The vehicle (make, model, year) you expressed interest in
  • Any UTM or attribution parameters from your session

2.8 Cookies and Local Storage

We use cookies and browser storage to operate the Service:

  • Authentication cookies: Set by Clerk to maintain your login session
  • Analytics cookies: _ga and related cookies (Google Analytics), _fbp and _fbc (Meta Pixel), and _ttp (TikTok Pixel)
  • Session storage: Used to temporarily store attribution parameters and UI state

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service delivery: To run vehicle searches, deliver match notifications, and display market intelligence data
  • Payment processing: To manage subscriptions, process payments, and handle billing inquiries through Stripe
  • Transactional emails: To send match alerts, subscription confirmations, and account-related notices through Resend
  • Advertising measurement: To measure ad campaign effectiveness and attribute conversions to the correct marketing channels
  • Analytics: To understand how users interact with the Service, identify issues, and improve features
  • Lead remarketing: To follow up with users who expressed interest in specific vehicles through our market intelligence pages
  • Support: To diagnose issues and respond to feedback submissions

4. How We Share Your Information

We share your information with the following third-party service providers, each for a specific purpose:

Identity and Authentication

  • Clerk: Manages user accounts, authentication, and session management. Receives your email, name, and profile image.

Payments

  • Stripe: Processes all payments and manages subscriptions. Receives your payment method details directly (we never see your full card number).

Email Delivery

  • Resend: Delivers transactional emails including match alerts and account notifications. Receives your email address and message content.

Analytics and Advertising

  • Google Analytics 4 (GA4): Receives page views, events, and server-side purchase events for analytics and conversion measurement.
  • Meta Pixel and Conversions API (CAPI): Receives hashed event data for ad targeting and conversion attribution on Facebook and Instagram.
  • TikTok Pixel and Events API: Receives event data and attribution identifiers for TikTok ad measurement and website conversion optimization.
  • Microsoft Clarity: Records anonymized session replays and heatmaps to help us understand user behavior and improve the interface.

Vehicle Data Providers

  • MarketCheck: Receives vehicle search queries (make, model, year, location) to return matching listings. No user identity information is shared.
  • Google Maps Platform: Receives location text for geocoding purposes. No user identity information is shared.

AI and Public Data Services

  • Cloudflare Workers AI: Processes vehicle listing images for analysis. No personally identifiable information is sent.
  • NHTSA and EPA: Public government APIs used for vehicle specifications and safety data. No user data is shared with these services.

We do not sell your personal information. We only share data with the providers listed above for the specific purposes described.

5. Data Infrastructure and Security

CarScout is built on Cloudflare's infrastructure. Your data is processed and stored using:

  • Cloudflare Workers: Application hosting and request processing
  • Cloudflare D1: Primary database for account and application data
  • Cloudflare R2: Storage for vehicle images and media assets
  • Cloudflare KV: Fast-access storage for application configuration

All data in transit is encrypted via TLS. Sensitive credentials (API keys, authentication secrets) are stored as encrypted environment variables, never in source code. Authentication and payment data are handled by Clerk and Stripe respectively, both of which maintain industry-standard security certifications.

6. Data Retention

We retain your data as follows:

  • Active accounts: Your account data, scouts, and match history are retained for the duration of your account.
  • Account deletion: When you delete your account, we perform a soft-delete that anonymizes your personal information. Your email and name are removed, and your user record is marked as deleted. Scout configurations and match history are retained in anonymized form for analytics purposes.
  • Attribution data: Marketing attribution records (UTM parameters, click IDs) are retained permanently in anonymized form after account deletion to maintain accurate campaign performance reporting.
  • Lead capture data: Email addresses collected through market intelligence pages are retained until you unsubscribe or request deletion.

7. Your Rights and Choices

You have the following choices regarding your data:

  • Email preferences: You can unsubscribe from marketing and alert emails using the tokenized unsubscribe link included in every email we send.
  • Account deletion: You can delete your account at any time through your account settings. This will anonymize your personal data as described in the Data Retention section.
  • Analytics opt-out: You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
  • Cookie management: You can control cookies through your browser settings. Note that disabling cookies may affect the functionality of the Service.
  • Data access and deletion requests: You can request a copy of your data or request deletion by emailing us at privacy@usecarscout.com.

8. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know: You can request details about the categories and specific pieces of personal information we have collected about you, the sources of that information, and the purposes for which it is used.
  • Right to delete: You can request that we delete the personal information we have collected from you, subject to certain exceptions.
  • Right to opt-out of sale: We do not sell personal information. There is no need to opt out because no sale occurs.
  • Non-discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise these rights, email us at privacy@usecarscout.com. We will verify your identity before processing any request and respond within 45 days as required by law.

9. Vehicle Data Sources

CarScout aggregates vehicle listing data from third-party sources to provide our search and market intelligence features:

  • MarketCheck: Aggregates listings from dealer websites, manufacturer certified pre-owned programs, and major marketplaces.
  • AutoTrader: Used as a supplementary source for market pricing and inventory data.
  • NHTSA: Provides vehicle safety ratings, recall information, and VIN decoding through public APIs.
  • EPA: Provides fuel economy ratings and vehicle specifications through public APIs.

No personal information is collected from or shared with these vehicle data sources. The data we obtain is limited to publicly available vehicle listing and specification information.

10. Children's Privacy

CarScout is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at privacy@usecarscout.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make changes, we will update the "Effective Date" at the top of this page. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: