Privacy Policy
DealBlast (“DealBlast,” “we,” “us”) operates the website at dealblast.app and routes buyer quote requests to franchised car dealers. This policy explains what we collect, how we use it, and the choices you have.
1. Information we collect
When you submit a quote request, we collect:
- Vehicle preferences: make, model, trim, notes, trade-in details, and your finance vs. cash preference.
- Shopping area: the geographic polygon you draw on the map.
- Contact info: your name, email address, and (optionally) phone number.
- Payment info: handled directly by Stripe. We never see or store your card number, expiry, or CVC. We only receive a payment identifier confirming the $29.95 fee was paid.
- Usage data: IP address, browser type, pages viewed, timestamps, and similar information collected through Google Analytics and our server logs.
2. How we use it
- To send your quote request to franchised dealers inside your drawn area, on your behalf.
- To verify your email address (we send a one-time confirmation link before any dealer is contacted).
- To bill you the $29.95 quote-request fee and prevent abuse / spam.
- To respond to your support questions and improve the service.
- To comply with legal obligations, enforce our terms, and protect against fraud.
3. What we share — and what we don’t
What we share with dealers
Once you confirm your request, the dealers inside your drawn area receive the following so they can email you a quote:
- Your name and email address (so they can reply directly).
- Your vehicle preferences, trade-in details, and finance/cash preference.
- Your phone number — only if you chose to provide it. Leave the phone field blank and dealers will not receive it.
What we don’t share
We do not sell your information. We do not share your drawn polygon with dealers — they only learn whether they fall inside it. We do not share your payment information with dealers.
Service providers
We use these processors to operate the service. Each accesses only the data needed for their function:
- Google Cloud — hosting (App Engine), data storage (Firestore), task queue, and Google Analytics.
- Amazon Web Services (SES) — sending emails to you and to dealers.
- Stripe — payment processing. Stripe’s own privacy policy applies to card data.
- OpenStreetMap — map tiles (no account data shared; only your viewport requests).
4. Cookies and analytics
We use Google Analytics (gtag.js) to understand which pages are used and how the site performs. Google Analytics may set cookies in your browser. You can opt out by installing the Google Analytics opt-out browser add-on or by using your browser’s “Do Not Track” / cookie controls.
Stripe and our own server set strictly-necessary cookies (e.g. CSRF tokens, payment session). These cannot be disabled without breaking checkout.
5. How long we keep your data
- Quote requests: retained for up to 24 months for refund, dispute, and customer-support purposes, then deleted or anonymized.
- Email verification tokens: expire after 24 hours and are deleted shortly thereafter.
- Payment records: retained by Stripe and by us for the period required by tax / financial regulations (typically 7 years).
- Server logs & analytics: retained according to Google Analytics’ default retention (14 months) and our own access logs (up to 90 days).
6. Your rights
You can ask us to:
- Access the personal information we hold about you.
- Correct inaccurate information.
- Delete your information, subject to legal/billing retention requirements.
- Port a copy of your data to another service.
- Opt out of marketing emails (we send transactional emails only — receipts, verification, dealer-match summaries — but you can request we stop sending those by emailing us, in which case we will close your account).
California, Colorado, Connecticut, Virginia, Utah, and similar state-law rights apply where required. EU/UK residents have equivalent rights under GDPR. Email support@dealblast.app to exercise any of these.
7. Children
DealBlast is not directed to children under 16. We do not knowingly collect information from anyone under 16. If you believe a child has provided us information, please contact us and we will delete it.
8. Security
We use HTTPS for all traffic, encrypt data in transit and at rest, store minimal personal information, and never store full card numbers. No system is perfectly secure; if you suspect unauthorized access to your account, contact us immediately.
9. Changes to this policy
We may update this policy from time to time. Material changes will be posted here with a new “Last updated” date and, when reasonable, communicated by email to recent users.
10. Contact
For privacy questions or any other inquiry: support@dealblast.app