Privacy Policy

Last updated: May 4, 2026

This policy describes how FBdealersupply, Inc.(“we”, “us”) handles personal information when you use fbdealersupply.com (the “Service”). It is written in plain English on purpose. If anything here is unclear, email us at privacy@fbdealersupply.com.

1. What we collect

• Account info. When you sign in with Google (or, optionally, link your Facebook account) we receive your name, email, and profile picture from that provider. If you link Facebook, we also store the app-scoped Facebook ID that Meta assigns to you for our app.
• Seller info. If you create a listing, we collect your phone number, the Facebook profile URL you paste, and the vehicle details you submit (VIN, year, make, model, mileage, photos, condition, reserve price).
• Dealer info. If you apply as a dealer, we collect your business name, GA dealer license number, license document, ZIP code, and service radius. Bidding is free during the GA pilot — we do not collect or store payment cards and there is no payment processor in the loop.
• Bids and messages. We store every bid placed on the platform and every message sent through our in-app chat after a deal is accepted.
• Usage data. Standard server logs (IP address, user agent, request paths, timestamps) for security and abuse prevention.

2. How we use your data

• To run the auction: match listings to dealers in radius, take bids, accept the winner.
• To send you transactional notifications (SMS via Twilio, email via Resend) — bid received, auction closing soon, you won, etc. You can opt out per channel in settings.
• To verify identity: the Facebook profile URL you paste and (if you link Facebook) the Meta-verified name/photo are shown to the dealer who wins your auction so they know who they're buying from.
• To deliver the Deal Slip PDF — emailed to both seller and dealer via Resend the moment a bid is accepted — so the parties have a shared written record for the in-person handoff.
• To prevent fraud, debug bugs, and comply with the law.

3. Who we share it with

• The other party in a deal.When a dealer wins your auction, we share your name, phone number, and (if linked) your Facebook profile so they can arrange pickup. Vice versa for sellers — you see the dealer's business name and phone.
• Service providers. Supabase (database + auth), Resend (transactional email and Deal Slip PDF delivery), Twilio (SMS), Anthropic (OCR of marketplace screenshots only), Vercel (hosting). We do not use a payment processor — bidding is free during the GA pilot and the platform never sees a card. Each provider is bound by their own privacy and security obligations and handles only the data needed to do its job.
• Law enforcement if served with a valid subpoena or court order.
• We never sell your data to advertisers or list brokers.

4. Data we get from Facebook

If you choose to link your Facebook account, we receive: your name, email (if your Facebook account has one), profile picture URL, and an app-scoped Facebook ID. We do not request access to your friends, posts, photos, or Marketplace activity. We never post anything to your Facebook account.

5. How long we keep it

• Active listings, bids, transactions: as long as your account is active.
• Account data: until you ask us to delete it (see section 7).
• Server logs: 90 days, then deleted.
• Records we are legally required to keep (e.g., tax records): up to 7 years.

6. Where it's stored

Your data is stored in the United States on Supabase's infrastructure (which runs on AWS). We use TLS in transit and AES-256 at rest. Database access is gated by row-level security policies that scope reads to the user's own rows.

7. Your rights

• Access. Request a copy of the data we hold on you by emailing privacy@fbdealersupply.com.
• Correction.Update name, phone, ZIP, etc. directly in your account settings, or email us if a field isn't editable.
• Deletion. See our data deletion instructions.
• Opt out. Toggle SMS or email notifications in account settings.
• California (CCPA) and EU/UK (GDPR) users: you have additional rights including portability and the right not to be discriminated against for exercising these rights. Email us to invoke them.

8. Cookies

We use cookies set by Supabase Auth to keep you signed in. We do not use third-party advertising cookies or cross-site trackers. You can clear cookies anytime — you'll just have to sign in again.

9. Children

The Service is for adults aged 18 or over. We do not knowingly collect data from anyone under 18.

10. Changes

If we make material changes to this policy we'll email registered users at least 14 days before the changes take effect.

11. Contact

FBdealersupply, Inc.
Email: privacy@fbdealersupply.com

This page is a working draft and is not legal advice. Have it reviewed by a licensed attorney before relying on it in production.