Car Genius AI Privacy Policy

Last updated: November 6, 2025

Version: 1.0
Company: Car Genius AI, Inc.
Contact: privacy@cargenius.ai

1. Summary

Car Genius AI ("Car Genius AI," "we," "us," or "our") provides AI-powered tools that help automotive dealers serve consumers, and help consumers find the right vehicle. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you:

• visit our websites (including cargenius.ai)

• use our products, dashboards, or APIs

• interact with AI/chat experiences we power on dealer websites

• communicate with us (email, support, sales)

If you are using Car Genius AI on a dealer’s website, you should read both this policy and the dealer’s privacy policy. In some cases we process your data on behalf of the dealer.

2. Roles: Controller vs Processor

1. When we decide what data to collect for our own service (billing, security, product analytics) we act as a data controller.

2. When a dealer uses Car Genius AI on their site and we process consumer data for them (chat transcripts, lead info, vehicle preferences) we act as a data processor or service provider and follow the dealer’s instructions.

3. In some cases we may be a joint controller (for example, if we train or improve models based on dealer chat content in an aggregated/de-identified way). If we do that, we will say so here.

No model training on personal information

When acting as a processor for a dealer, any service improvement we perform uses de-identified or aggregated data. We do not use dealer or consumer personal information to train or fine-tune foundation models (no weight updates on a general model).

3. Information We Collect

We collect information in three main ways.

A. Information you provide to us directly

• Contact info (name, email, phone, company, role)

• Account credentials (if you have a dashboard account)

• Support requests and communications

• Lead/interest forms you submit through a widget we power

• Chat content and prompts you type into an AI/chat experience we provide

B. Information collected automatically

We and our service providers may automatically collect:

• Device and browser information (IP address, user agent, OS, language)

• Usage data (pages viewed, features used, timestamps, referring URLs)

• Product analytics events (login, create chat, send message, view vehicle, CRM sync)

• Log and diagnostic data for security and abuse detection

If you embed our widget on a dealer site, we may also collect:

• Page URL and referring domain

• Dealer ID/integration ID

• Session identifiers

• Vehicle context (e.g. the VDP the user is on)

C. Information from third parties and integrations

We may receive information from:

• Dealers and dealer groups (inventory, pricing, store information, staff profiles)

• Dealer technology providers (CRM/ILM/DMS, inventory feeds, websites, OEM tools)

• Payment, identity, or transaction partners if the workflow requires it

• Marketing and lead sources that send leads or traffic to the experience

• Authentication providers (Google Workspace, Microsoft, SSO) to create/manage user accounts

We will process that data according to the agreement with the partner/dealer.

4. How We Use Your Information

We use personal information for the following purposes:

1. To provide and operate the services

   • power AI/chat experiences

   • return relevant vehicle results

   • route conversations to a dealer

   • create and manage accounts

   • deliver integrations to dealer systems

2. To improve and develop our products

   • analyze chat transcripts, prompts, and outcomes

   • test new features and experiences

   • monitor for abuse, jailbreaks, and unsafe content

3. To communicate with you

   • service and security messages

   • onboarding and product education

   • respond to support, sales, or partnership inquiries

4. For security, fraud, and misuse prevention

   • detect suspicious or automated behavior

   • protect the service and our customers

5. For legal and compliance purposes

   • comply with applicable laws (CCPA/CPRA, where applicable)

   • enforce agreements and terms

   • respond to lawful requests

About model training/use

If we use user content (like chat transcripts) to improve our AI models, we will

• attempt to de-identify or aggregate it first

• use it to improve intent detection, vehicle matching, knowledge retrieval

• respect dealer agreements that prohibit use for any purpose other than providing the service

If a dealer contractually prohibits model training on their data, we will honor that.

5. Legal Bases (EEA/UK only)

If we ever have EEA/UK users, we rely on:

• performance of a contract (to provide the service)

• legitimate interests (to secure and improve the service)

• consent (for certain marketing or cookies, where required)
  If you don’t operate in the EEA/UK you can keep this short or drop it.

6. How We Share Information

We do not sell personal information in the way people usually mean "sell." We may share information with:

1. Service providers and vendors

   • cloud hosting providers

   • logging/monitoring/analytics

   • customer support tools

   • payment processors

   • LLM/AI infrastructure providers (to process prompts/outputs)

2. Dealers and dealer groups
   If you interact with an AI/chat on a dealer site, the dealer may receive:

   • your contact info and lead details

   • the vehicle you inquired about

   • chat transcript or summary

3. Integration partners
   If you ask to book an appointment, get financing, calculate a payment, or ship a vehicle, we may pass your information to the relevant party to fulfill that request.

4. Affiliates and corporate transactions
   We may share information with our affiliates or in connection with a merger, financing, acquisition, or dissolution.

5. Legal, safety, and compliance
   We may share information to comply with law, protect our rights, or prevent fraud/abuse.

We do not allow third parties to use personal information we disclose to them for their own marketing unless you consent or it’s permitted by law.

7. Cookies and Similar Technologies

We and our partners may use cookies, web beacons, and similar technologies to:

• keep you signed in

• understand usage

• measure performance

• support dealer attribution and lead tracking

You can control cookies through your browser settings. Where required, we will present a cookie notice.

8. Data Retention

We keep personal information for as long as:

• we have an ongoing business need to do so (to provide you or a dealer the service)

• we are required to do so by law or contract

• we need it to resolve disputes or enforce agreements

Chat transcripts and model interaction logs may be retained for a reasonable period so we can improve the product, debug issues, and support customers. If a dealer asks us to shorten this or to delete specific records, we will follow the contract.

9. Your Rights and Choices

Depending on where you live, you may have the right to:

• access the personal information we hold about you

• correct or update your information

• request deletion

• restrict or object to certain processing

• opt out of marketing communications

To exercise rights, contact privacy@cargenius.ai. If you interacted through a dealer site, we may direct you to that dealer.

Marketing communications

You can opt out of marketing emails at any time by using the unsubscribe link or contacting us. We may still send transactional or service messages.

CCPA/CPRA (California)

For California residents:

• We don’t "sell" your personal information as defined by the CPRA

• We may "share" identifiers with service providers to deliver the service

• You can request to know, delete, or correct your information

• You can use an authorized agent

We will not discriminate against you for exercising your rights.

10. Children’s Privacy

Our services are not directed to children under 13, and we do not knowingly collect personal information from children. If we learn we have done so, we will delete it.

11. Data Security

We use encryption in transit (TLS), access controls, audit logging, and environment separation. We review vendors and sub-processors for appropriate safeguards and require prompt deletion at end of engagement.

12. International Transfers

We are based in the United States. If you access the services from outside the US, your information may be processed in the US, where laws may be different. If required, we will use appropriate safeguards.

13. Third-Party Sites and Services

Our services may link to third-party websites or services. We are not responsible for their privacy practices. Review their policies.

14. Definitions

Training: using data to update the weights of a general or dealer-agnostic model (fine-tuning or pre-training).

Service improvement: debugging, analytics, evaluation, retrieval quality tuning, latency and uptime work. May use logs; if personal information is involved, we de-identify or aggregate before analysis.

De-identified or aggregated: removal of direct identifiers, rotation/hashing of persistent IDs, cohorting, and suppression of rare queries to reduce re-identification risk.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the service. Your continued use of the services after the update means you accept the changes.

16. Contact Us

Questions about privacy or data protection?
Email: privacy@cargenius.ai