Privacy Policy

Last updated: December 19, 2025

AAP - Auto Appraisals Perfected ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our vehicle appraisal services.

1. Information We Collect

1.1 Personal Information You Provide

When you create an account or use our services, we collect:

• Account Information: Name, email address, phone number (optional), and password
• Address Information: Mailing address for appraisal services, normalized and validated through SmartyStreets
• Vehicle Information: VIN, year, make, model, mileage, condition, and vehicle history
• Documents & Media: Vehicle photos, titles, registrations, inspection reports, maintenance records, CARFAX reports, and audio recordings you upload
• Communication Data: Messages sent through our chat support system, support tickets, and any notes or statements you provide

1.2 Payment Information

We support multiple payment methods including credit/debit cards, ACH bank transfers, Google Pay, Apple Pay, and PayPal. Payment processing is handled by our third-party payment processors:

• Stripe: Processes card payments, ACH transfers, and Google Pay. Card numbers are never stored on our servers—Stripe handles all sensitive payment data securely.
• PayPal: Processes PayPal payments directly through their secure platform.

We store only limited payment method identifiers (such as last 4 digits, card brand, and expiration date) to display your saved payment methods and process future transactions.

1.3 Information Collected Automatically

• Session Data: We use secure session cookies to maintain your authenticated state for up to 30 days
• Security Verification: We use Google reCAPTCHA to protect against automated abuse during login and registration
• OAuth Data: If you sign in with Google or Twitter, we receive your profile information and email address (where available) from those services

2. How We Use Your Information

We use the information we collect to:

• Provide Appraisal Services: Process your vehicle appraisal requests, generate appraisal reports, and deliver completed appraisals
• Schedule Appointments: Manage appointment booking, send reminders, and coordinate with appraisers
• Process Payments: Complete transactions, manage refunds, and maintain billing records
• Communicate With You: Send email and SMS notifications about appraisal status updates, appointment reminders, and support ticket updates (based on your preferences)
• Provide Support: Respond to your inquiries through our chat assistant and ticketing system
• Enhance Services: Use AI-powered document processing to extract vehicle information from uploaded documents and provide intelligent assistance through our chat system
• Ensure Security: Protect against fraud and unauthorized access using two-factor authentication (email, SMS, or authenticator app) and other security measures

3. Information Sharing and Disclosure

We do not sell your personal information. We share information only in the following circumstances:

3.1 Service Providers

• Payment Processors: Stripe and PayPal for payment processing
• Address Validation: SmartyStreets for address normalization and verification
• Vehicle Data: NHTSA, Auto.dev, and MarketCheck for vehicle research and valuation data
• Communication Services: Email (SMTP) and SMS (VoIP.ms) providers for notifications
• AI Services: OpenAI and Letta for document processing, chat assistance, and vehicle data extraction
• Security: Google reCAPTCHA for bot protection

3.2 Appraisers

Licensed appraisers on our platform have access to your vehicle information, uploaded documents, and appointment details necessary to complete your appraisal. They may also communicate with you through our support system.

3.3 Legal Requirements

We may disclose your information if required by law, subpoena, court order, or other legal process, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4. Data Security

We implement comprehensive security measures to protect your information:

• Password Security: Passwords are hashed using PBKDF2 with SHA-512, 100,000 iterations, and unique salts
• Two-Factor Authentication: Optional 2FA via email, SMS, or authenticator apps (TOTP)
• Secure Sessions: Cryptographically secure session tokens with automatic expiration
• OAuth Security: PKCE (Proof Key for Code Exchange) for OAuth authentication flows
• Payment Security: PCI-compliant payment processing through Stripe; we never store complete card numbers
• Encrypted Connections: All data transmitted over HTTPS/TLS encryption

5. Data Retention

• Account Data: Retained while your account is active and for a reasonable period afterward for legal and business purposes
• Appraisal Records: Retained indefinitely as business records; completed appraisals may be archived but not deleted
• Payment Records: Transaction history retained for accounting and legal compliance
• Support Communications: Chat history and support tickets retained for quality assurance and reference
• Session Data: Sessions automatically expire and are deleted after 30 days of inactivity

6. Your Rights and Choices

6.1 Account Settings

You can manage your information through your account settings:

• Update your profile information (name, email, phone, address)
• Configure notification preferences (appraisal updates, ticket updates, appointment reminders, marketing)
• Choose notification channels (email, SMS)
• Enable or disable two-factor authentication
• Manage saved payment methods

6.2 Data Access and Deletion

You have the right to:

• Access: Request a copy of your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and personal data, subject to legal retention requirements
• Portability: Receive your data in a portable format

Note: Appraisals in "draft" or "pending" status can be deleted. Appraisals that have been paid for and are "in review" or "completed" are business records and may be archived but not fully deleted.

7. Cookies and Tracking

We use the following cookies:

• Session Cookie: Essential for maintaining your authenticated state
• OAuth State Cookies: Short-lived (10 minutes) cookies for secure OAuth authentication
• 2FA Verification Cookie: Temporary cookie during two-factor authentication

We do not use third-party advertising cookies or tracking cookies for marketing purposes.

8. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information held by businesses
• Right to opt-out of the sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising your privacy rights

10. International Users

Our services are primarily intended for users in the United States. If you access our services from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from your jurisdiction.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us.