Draft for review. This describes how Spiff is built today. Have an attorney confirm it meets your obligations (including any state privacy laws), and replace each [bracketed] placeholder.
This Privacy Policy explains what information Spiff, operated by [Your legal name / business name] ("we," "us"), collects and how we use it.
Information we collect
Account information: your email address and a securely hashed version of your password. We never store your password in plain text.
Device information: a randomly generated device identifier for each browser where you install Spiff, plus an optional device label and last-seen time. This is used to enforce the device limit on your account.
Payment information: processed by Stripe. We receive a customer reference and payment status from Stripe but do not receive or store your card number.
Support reports: if you use the in-extension "report this site" feature, we receive the website URL you were on, any notes you add, your email, and basic technical diagnostics about the page so we can add support for that site.
Information we do NOT collect
We do not collect your Facebook password or log in to Facebook for you.
We do not sell your personal information.
Vehicle data Spiff reads from dealer pages is processed to help you create a listing; we do not build a profile of you from it.
How we use information
To create and manage your account and verify your license.
To enforce the device limit and protect against account sharing and trial abuse.
To process your purchase and send transactional emails (welcome, receipt, password reset, activation).
To respond to support requests and improve site coverage.
AI processing
When Spiff needs help reading an unfamiliar dealership page, the page's text may be sent to our backend and to a third-party AI provider [Groq] to extract vehicle details and generate a listing description. This text is processed to produce your listing and is not used to identify you.
Service providers
We share limited information with providers that run the Service, including our hosting provider [Render], payment processor [Stripe], email provider [Resend/SendGrid], and AI provider [Groq]. They process information only to provide their service to us.
Data retention
We keep account information while your account exists. You may request deletion of your account and associated data by contacting us at support@spiffauto.com.
Your choices
You can remove devices from your account at any time in your account settings.
You can request access to or deletion of your data by emailing us.
Children
Spiff is a business tool not intended for anyone under 18, and we do not knowingly collect data from children.
Changes
We may update this policy and will post changes here with a new date.