Privacy Policy

Last updated: April 4, 2026

1. Introduction

LotSync ("we," "our," or "us") operates the lotsync.io website and platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. By using LotSync, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Account Information: When you create an account, we collect your name, email address, and password. If you register as a dealer, we also collect your dealership website URL.

Dealer Inventory Data: We scrape publicly available vehicle inventory data from dealer websites to provide our catalog and advertising services. This includes vehicle specifications, pricing, images, and listing URLs.

Facebook/Meta Data: When you connect your Facebook account, we receive and store an access token, your ad account ID, business ID, and page ID. We use these to create and manage advertising campaigns on your behalf. We do not access your personal Facebook profile, messages, or friends list.

Payment Information: Payment processing is handled by Stripe. We do not store credit card numbers or bank account details on our servers.

Usage Data: We collect standard log data including IP addresses, browser type, pages visited, and timestamps to improve our service and detect issues.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our platform
  • Scrape and normalize your vehicle inventory for catalog advertising
  • Create and manage Meta (Facebook/Instagram) advertising campaigns on your behalf
  • Push your vehicle catalog to Meta's advertising platform
  • Process payments through Stripe
  • Send transactional emails (verification codes, welcome emails, campaign reports)
  • Analyze competitor landscape and market intelligence
  • Improve and optimize our services

4. Facebook/Meta Platform Data

When you connect your Facebook account to LotSync, we request the following permissions: ads_management, catalog_management, business_management, pages_read_engagement, and pages_show_list.

We use this data solely to create product catalogs and advertising campaigns on your connected ad account. We do not sell, share, or use your Facebook data for any purpose other than providing the LotSync advertising service you subscribed to.

You can disconnect your Facebook account at any time from your LotSync dashboard, which will revoke our access to your Meta advertising assets.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share information with:

  • Meta/Facebook: Vehicle catalog data and campaign settings are pushed to Meta's advertising platform as part of our core service.
  • Stripe: Payment information is processed by Stripe under their privacy policy.
  • Service Providers: We use Vercel (hosting), Supabase (database), Resend (email), and Browserless (web scraping) to operate our platform.
  • Legal Requirements: We may disclose information if required by law or to protect our rights.

6. Data Retention

We retain your account data for as long as your account is active. Vehicle inventory data is refreshed weekly and historical data is retained for reporting purposes. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.

7. Data Deletion

You can request deletion of your data by emailing [email protected] or by disconnecting your Facebook account and deleting your LotSync account from the dashboard. Upon receiving a deletion request, we will delete your personal data, Meta connection tokens, and associated campaign data within 30 days. Deletion requests submitted via Facebook (Settings → Apps and Websites) are acknowledged automatically and processed on the same 30-day timeline; the confirmation code returned to Facebook can be used to verify the status of your request.

8. Security

We implement industry-standard security measures including encrypted data transmission (TLS), encrypted storage of sensitive tokens (AES-256-GCM), and secure authentication. However, no method of transmission over the Internet is 100% secure.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Data portability

To exercise these rights, contact us at [email protected].

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy, please contact us at:
Email: [email protected]