Last Updated: [DATE — set on publication] · AutoListIQ LLC
AutoListIQ LLC ("AutoListIQ," "we," "us," or "our") operates autolistiq.app and the AutoListIQ platform (the "Service"). This Privacy Policy explains how we collect, use, store, and protect information when you use our Service.
By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.
1.1 Account Information. When you register for AutoListIQ, we collect: business name and address, your name and email address, phone number, dealer website URL, and payment information (processed by Stripe — we do not store full card numbers).
1.2 Platform Credentials. To post listings on your behalf, we collect and store: OAuth access tokens for Facebook Marketplace and eBay Motors (stored encrypted; no passwords), and login credentials for Craigslist and CarGurus (stored AES-256-GCM encrypted with HKDF-derived per-dealer keys). All credentials are encrypted at rest with per-dealer derived keys. Credentials are accessed only when needed to post, update, or remove listings, and are never cached in memory between operations.
1.3 Vehicle Inventory Data. We scrape vehicle inventory data from your dealer website, including: vehicle identification numbers (VINs), year, make, model, trim, price, mileage, vehicle photos (cached temporarily for listing purposes), and vehicle features and descriptions. This data belongs to you. We process it solely to provide the Service.
1.4 Usage and Log Data. We automatically collect: IP address and browser/device information, pages visited within the Service, actions taken (listings posted, removed, settings changed), and error logs and performance data. This data is used for security monitoring, debugging, and improving the Service.
1.5 Communication Data. If you contact our support team, we retain your messages and our responses.
We use the information we collect to: (a) Provide the Service — scrape inventory, generate listing copy, post to platforms, detect sold vehicles, remove listings; (b) Process payments via Stripe; (c) Send transactional emails — account creation, billing notices, listing status updates, security alerts; (d) Provide customer support; (e) Maintain security — monitor for unauthorized access, fraud, and abuse; (f) Improve the Service — analyze usage patterns; (g) Comply with legal obligations.
We do not sell your personal information. We do not use your vehicle inventory data or listing content to train AI models.
When generating listing copy, your vehicle data is sent to Anthropic (our AI provider) via their API. Anthropic's API usage is governed by their terms and privacy policy. Anthropic states that data sent via their API is not used to train their models. We recommend reviewing Anthropic's Privacy Policy.
We do not sell, rent, or trade your personal information. We share information only in the following circumstances:
4.1 Service Providers (Sub-processors). We use trusted third-party services to operate the Service. Each is bound by contractual data protection obligations:
4.2 Third-Party Platforms. When we post listings on your behalf, vehicle data and listing content is transmitted to the relevant Platforms (Facebook, Craigslist, CarGurus, eBay). That data is governed by each Platform's own privacy policies.
4.3 Legal Requirements. We may disclose your information if required by law, court order, or government authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
4.4 Business Transfer. In the event of a merger, acquisition, or sale of AutoListIQ's assets, your information may be transferred to the successor entity. We will provide notice before your information is transferred.
We implement technical and organizational security measures including:
Despite these measures, no system is completely secure. In the event of a data breach that affects your information, we will notify you as required by applicable law.
In compliance with the Michigan Identity Theft Protection Act (MCL 445.63), AutoListIQ will notify affected Michigan residents of a data breach involving their personal information within 45 days of discovering the breach, unless a law enforcement agency advises that notification would impede a criminal investigation.
8.1 Access and Correction. You may access and update your account information at any time through your account settings. To request a copy of your data or corrections to inaccurate data, contact [email protected].
8.2 Deletion. You may request deletion of your account and associated data by contacting [email protected]. We will delete your data within 30 days, subject to our legal retention obligations (Section 5).
8.3 Data Portability. Upon request, we can provide a copy of your vehicle inventory data in CSV format.
8.4 Credential Revocation. You may revoke AutoListIQ's access to your Platform accounts at any time through your account settings.
8.5 Marketing Communications. We do not currently send marketing emails. If we introduce marketing communications in the future, every email will include an unsubscribe link.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA): right to know what personal information we collect, use, and share; right to delete personal information (with exceptions); right to opt out of the sale of personal information (we do not sell personal information); and right to non-discrimination for exercising your rights. To exercise your CCPA rights, contact [email protected]. We will respond within 45 days.
10.1 Session Cookies. We use session cookies to maintain your logged-in state. These are essential for the Service to function and cannot be disabled.
10.2 Analytics. We do not currently use third-party analytics tools that place tracking cookies.
10.3 No Cross-Site Tracking. We do not track users across third-party websites.
The Service is designed for business use by adults. We do not knowingly collect personal information from anyone under 18 years of age.
We may update this Privacy Policy from time to time. We will notify you of material changes by email to your registered address at least 30 days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.
For privacy-related questions, requests, or concerns: