Privacy Policy

This Privacy Policy explains how Carwash Blitz LLC (“Carwash Blitz™,” “we,” “us”) collects, uses, shares, and protects information in connection with the Carwash Blitz platform and related services (the “Service”). It is part of, and incorporated into, our Terms of Service.

Carwash Blitz™ is in beta. We may update our practices as the Service develops; we will reflect changes here with a new version and effective date.

• Account information — name, email address, password, business/operator details, and authentication data (including via Apple or Google sign-in).
• Customer Data you provide — data you upload or connect, including information about your customers such as names, phone numbers, email addresses, vehicles, memberships, and transaction or point-of-sale data imported from your systems.
• Billing information — processed by our payment processor (Stripe); we do not store full card numbers.
• Usage and device data — log data, IP address, device and browser information, and how you interact with the Service, collected through cookies and similar technologies and analytics tools (see our Cookie Policy).
• Communications — messages you send to us and content you generate through the Service.

We use information to:

• provide, operate, maintain, secure, and improve the Service;
• process data through AI and automated systems to generate insights, automations, and other output (see AI processing);
• enable the communications and automations you configure;
• process payments and manage your subscription;
• provide support and respond to your requests;
• detect, prevent, and address fraud, abuse, and security issues;
• create de-identified or aggregated data that does not identify you or any individual; where we do, we take reasonable measures to ensure the data cannot be re-identified, we will maintain and use it only in de-identified or aggregated form, we will not attempt to re-identify it, and we will contractually require any recipient to do the same; and
• comply with legal obligations and enforce our terms.

To provide AI-assisted features, we process certain data — which may include Customer Data — using our own systems and trusted third-party AI providers. We do not authorize those providers to use your Customer Data to train their general-purpose models except as needed to provide the feature to you or as permitted by their enterprise terms.

AI-generated output may be inaccurate or incomplete and should be reviewed before you rely on it, as described in our Terms of Service.

We do not sell your personal information, and we do not “share” it for cross-context behavioral advertising (as those terms are defined under the California Consumer Privacy Act and similar state laws). We use analytics only to operate, secure, and improve the Service, not to serve third-party targeted advertising. If this ever changes, we will update this Policy and provide any opt-out — including a “Do Not Sell or Share My Personal Information” mechanism and recognition of Global Privacy Control (GPC) signals — that applicable law then requires. We share information only as follows:

• Service providers / subprocessors who help us run the Service — for example hosting and database (Supabase), payments (Stripe), messaging and telephony providers, AI providers, email delivery, and analytics — under contracts that limit their use of the data to providing services to us;
• At your direction — for example, when you connect an integration or send a message;
• Legal and safety — when required by law or legal process, or to protect rights, safety, and the integrity of the Service; and
• Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.

For Customer Data about your end customers, you are the controller of that information and we act as a processor on your behalf — we process it only to provide the Service to you and in accordance with our agreement and your instructions. You are responsible for having a lawful basis and any required notices or consents to collect that information and to provide it to us, and for responding to your customers’ privacy requests. We will reasonably assist you with such requests.

Carwash Blitz™ is a “service provider” under the California Consumer Privacy Act (CCPA/CPRA) with respect to Customer Data about your end customers. We will not: (i) sell or share that Customer Data; (ii) retain, use, or disclose it for any purpose other than performing the Service for you and the business purposes specified in our agreement, or as the CCPA otherwise permits; (iii) retain, use, or disclose it outside the direct business relationship with you; or (iv) combine it with personal information we receive from or on behalf of other parties, or collect from our own interaction with consumers, except as Cal. Civ. Code § 1798.140(e) permits. We certify that we understand and will comply with these restrictions. You may take reasonable and appropriate steps to confirm that our use of the Customer Data is consistent with your obligations under the CCPA, and we will notify you promptly if we determine that we can no longer meet our obligations under the CCPA. These commitments supplement, and do not limit, the disclaimers and limitations of liability in our Terms of Service.

Where the Service sends SMS or other messages, message and data rates may apply, and recipients can opt out at any time by any reasonable means, including the method described in the message (e.g., replying STOP). We do not share recipients’ phone numbers with third parties for their own marketing. You are responsible for obtaining the consents required to message your customers (see our Terms of Service).

We retain information for as long as your account is active and as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. You may request deletion of your account data by contacting us; some data may be retained as required by law or in de-identified form.

We use reasonable administrative, technical, and organizational measures designed to protect information. However, no method of transmission or storage is completely secure, and — particularly during beta — we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential.

Security incidents. If we become aware of a breach of security leading to the unauthorized access, disclosure, alteration, loss, or destruction of Customer Data, we will notify you (the operator) without undue delay and provide the information then reasonably available to help you assess the incident and meet your obligations. Because you are the controller of Customer Data (see Your customers’ information), you are solely responsible for determining whether, and for making, any notification to affected individuals, regulators, or other third parties, and you bear the costs of such notifications, credit monitoring, and remediation — except to the extent the incident results directly from our failure to meet our security obligations. Any liability arising out of or relating to a security incident is subject to the disclaimers and the Limitation of liability in our Terms of Service.

You can access and update your account information, opt out of marketing emails, and request that we delete your data. Depending on where you live (for example, under California or other state privacy laws), you may have rights to access, correct, delete, or obtain a copy of your personal information, and to not be discriminated against for exercising them.

To exercise any right, contact us at contact@carwashblitz.com. If your request concerns data we process on behalf of an operator, we will direct it to that operator.

Appeals (Virginia and similar states). If we deny a privacy-rights request, you may appeal by emailing contact@carwashblitz.com with “Privacy Appeal” in the subject line. We will respond within 60 days. If we deny your appeal, you may contact the Virginia Attorney General at oag.state.va.us, or your own state’s attorney general.

The Service is intended for businesses and is not directed to children under 18. We do not knowingly collect personal information directly from children.

The Service is operated in the United States and information is processed there. If you access the Service from outside the United States, you consent to the processing of your information in the United States, which may have different data-protection rules than your jurisdiction.

We may update this Privacy Policy from time to time. When we make material changes, we will update the version and effective date above and, where appropriate, ask you to re-accept. Your continued use of the Service after changes take effect constitutes acceptance. Each version of this Privacy Policy is identified by the version label and effective date shown above. The version of this Privacy Policy in effect and on file with us at the time you accept it — together with our archived copy of that version’s text — governs your acceptance, and we maintain a record of the version you accepted and the date of acceptance.

Questions about your privacy? Contact Carwash Blitz LLC at contact@carwashblitz.com.