Legal
Privacy Policy
Last updated: January 2025
Quick Summary
- We collect only the data necessary to provide lotPro services.
- We use your data to deliver, improve, and secure our platform.
- We never sell your personal data to third parties.
- You can request access to, correction of, or deletion of your data at any time.
- We implement industry-standard security measures to protect your information.
Contents
1. Information We Collect
Information You Provide
- Account Information: Name, email address, phone number, and password when you create an account.
- Profile Information: Profile picture, job title, department, and position within your organization.
- Business Data: Vehicle inventory, sales records, customer names, delivery information, and other data you enter into lotPro.
- Communications: Support requests, feedback, and any messages you send us.
- Payment Information: Billing address and payment details (processed securely by our payment provider, Stripe).
Information Collected Automatically
- Device Information: Browser type, operating system, and device identifiers for trusted device authentication.
- Log Data: IP addresses, access times, pages viewed, and actions taken within the platform.
- Security Data: Login attempts, multi-factor authentication events, and session information to protect your account.
- Usage Analytics: Feature usage patterns to improve our services (aggregated and anonymized where possible).
2. How We Use Your Information
We use your information to:
- Provide Services: Operate lotPro, manage your account, and deliver the features you use.
- Security: Protect against unauthorized access, detect fraud, enforce rate limits, and maintain platform integrity.
- Communications: Send service notifications, security alerts, MFA codes, and respond to your inquiries.
- Improvements: Analyze usage patterns to enhance features, fix issues, and develop new functionality.
- Legal Compliance: Meet legal obligations, respond to lawful requests, and protect our rights.
- Billing: Process payments, generate invoices, and manage your subscription.
3. Data Sharing and Disclosure
We do not sell your personal data. We may share information only in these circumstances:
- Service Providers: Trusted third parties who help us operate lotPro (e.g., cloud hosting, email delivery, payment processing). These providers are contractually bound to protect your data.
- Within Your Organization: Store administrators can view user information for their store(s).
- Legal Requirements: When required by law, court order, or government request.
- Safety: To protect the rights, property, or safety of lotPro, our users, or the public.
- Business Transfers: In connection with a merger, acquisition, or sale of assets (you would be notified).
Our Service Providers
- Microsoft Azure: Cloud infrastructure and data storage
- SendGrid: Email delivery services
- Twilio: SMS verification for multi-factor authentication
- Stripe: Payment processing
4. Data Retention
We retain your data only as long as necessary:
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 30 days after deletion request |
| Business data (vehicles, sales, etc.) | Duration of account (you can delete anytime) |
| Security logs (IP addresses, login events) | 180 days |
| MFA codes and trusted devices | Codes: 10 minutes; Devices: Until revoked or 90 days of inactivity |
| Inactive accounts | Automatically anonymized after 180 days of inactivity |
| Billing records | 7 years (legal requirement) |
5. Security Measures
We implement comprehensive security measures to protect your data:
- Encryption: All data transmitted using TLS 1.2+ (HTTPS). Sensitive data encrypted at rest.
- Authentication: Strong password requirements (12+ characters), mandatory multi-factor authentication (MFA).
- Access Control: Role-based permissions, store-level data isolation, principle of least privilege.
- Monitoring: Rate limiting, brute force protection, suspicious activity detection.
- Infrastructure: Microsoft Azure with enterprise-grade security, regular security updates.
- Auditing: Automated vulnerability scanning, security-focused code reviews.
For more details, see our Security page.
6. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
Right to Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure
Request deletion of your personal data ("right to be forgotten").
Right to Portability
Receive your data in a structured, machine-readable format.
Right to Restrict Processing
Request limitation of how we process your data.
Right to Object
Object to processing based on legitimate interests.
7. Cookies and Tracking
We use cookies and similar technologies for:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Authentication, session management, security (CSRF protection) | Session / 30 days |
| Security | Trusted device recognition, MFA bypass for known devices | Up to 90 days |
| Preferences | Store selection, display settings | Session |
We do not use advertising or third-party tracking cookies. Essential cookies cannot be disabled as they are required for the platform to function.
8. Children's Privacy
lotPro is designed for business use and is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our platform or sending you an email. The "Last updated" date at the top indicates when the policy was last revised. Continued use of lotPro after changes constitutes acceptance of the updated policy.
10. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
- Email: privacy@lotpro.space
- Support: Submit a support request