Privacy Policy

Last updated: November 7, 2025

1. Introduction

JaggLink Auto Salvage ("we", "us", "our", or "the Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Software-as-a-Service (SaaS) platform and related services (collectively, the "Service").

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, do not use our Service.

This Privacy Policy complies with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Union, the California Consumer Privacy Act (CCPA) for California residents, and other applicable privacy laws.

2. Information We Collect

We collect information that you provide directly to us, information that is automatically collected when you use our Service, and information we obtain from third-party sources.

2.1 Personal Information You Provide

When you register for an account, use our Service, or contact us, we collect:

  • Account Information: Name, email address, phone number, business name, business address
  • Business Information: Tax identification numbers, business registration information, billing address
  • Payment Information: Payment card details (processed securely through Stripe), billing history
  • Profile Information: Profile picture, preferences, settings, role assignments
  • Content and Data: Vehicle inventory, parts catalog, customer information, transaction records, orders
  • Communication Data: Messages, support tickets, feedback, feature requests
  • Authentication Information: Passwords (stored in encrypted form), security questions

2.2 Automatically Collected Information

When you access or use our Service, we automatically collect:

  • Usage Data: Page views, features used, time spent, click paths, search queries
  • Device Information: Browser type and version, operating system, device type, screen resolution
  • Log Data: IP address, access times, error logs, security events, request timestamps
  • Location Data: General location based on IP address (country/region level)
  • Performance Data: Response times, error rates, system performance metrics
  • Analytics Data: User behavior patterns, feature adoption, session duration

2.3 Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to track activity and store information. For detailed information about our use of cookies, see Section 8 below.

2.4 Information from Third Parties

We may receive information about you from third-party services:

  • Payment Processors: Stripe provides payment and billing information
  • Authentication Providers: Supabase provides authentication and user management data
  • Analytics Services: Error monitoring and usage analytics from Sentry and Vercel Analytics
  • Email Services: SendGrid provides email delivery and engagement data (if enabled)

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Provision

  • Provide, maintain, and operate the JaggLink Auto Salvage platform
  • Process transactions and manage subscriptions
  • Authenticate users and manage access control
  • Store and process your business data (inventory, customers, transactions)
  • Enable integrations with third-party services

3.2 Communication

  • Send transactional emails (order confirmations, receipts, invoices)
  • Send service-related notifications (security alerts, maintenance notices)
  • Respond to support requests and customer inquiries
  • Send marketing communications (with your consent, where required)
  • Provide announcements about new features or policy changes

3.3 Service Improvement

  • Analyze usage patterns and trends to improve the Service
  • Develop new features and functionality
  • Fix bugs and technical issues
  • Conduct research and analytics
  • Optimize performance and user experience

3.4 Legal and Security

  • Comply with legal obligations and regulatory requirements
  • Enforce our Terms of Service and policies
  • Detect, prevent, and address fraud, security threats, and abuse
  • Protect the rights, property, and safety of users and the Company
  • Respond to legal requests and court orders

3.5 Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on:

  • Contract Performance: To fulfill our contractual obligations to provide the Service
  • Legitimate Interests: To improve our Service, ensure security, and prevent fraud
  • Consent: For marketing communications and optional features (you can withdraw consent at any time)
  • Legal Obligation: To comply with applicable laws and regulations

4. Information Sharing and Disclosure

We do not sell your personal information. We share your information only in the following circumstances:

4.1 Service Providers and Processors

We share information with trusted third-party service providers who assist us in operating our platform. These providers are contractually obligated to protect your information and use it only for the purposes we specify:

  • Supabase: Database hosting, authentication, and backend services (data processing agreement in place)
  • Stripe: Payment processing and billing management (PCI DSS compliant)
  • Vercel: Hosting, content delivery, and analytics
  • SendGrid: Email delivery services (if enabled, optional)
  • Sentry: Error monitoring and performance tracking

4.2 Business Transfers

If we are involved in a merger, acquisition, asset sale, or other business transaction, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

4.3 Legal Requirements

We may disclose your information if required by law or if we believe disclosure is necessary to:

  • Comply with legal obligations, court orders, or government requests
  • Enforce our Terms of Service or other agreements
  • Protect our rights, property, or safety, or that of our users or others
  • Investigate potential violations or fraudulent activity
  • Respond to a valid legal process

4.4 With Your Consent

We may share your information with your explicit consent or at your direction.

4.5 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you for analytics, research, or business purposes.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

  • Encryption: Data encrypted in transit using TLS/SSL and encrypted at rest
  • Access Controls: Role-based access control, strong authentication requirements, least privilege principles
  • Security Monitoring: Continuous monitoring for security threats and anomalies
  • Regular Audits: Security assessments, vulnerability scanning, and penetration testing
  • Secure Infrastructure: Hosted on secure cloud platforms with physical security controls
  • Backup and Recovery: Regular backups with disaster recovery procedures
  • Employee Training: Staff training on data protection and security best practices
  • Incident Response: Procedures for detecting, responding to, and reporting security incidents

While we implement strong security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we continuously work to improve our security practices.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and relevant supervisory authorities as required by applicable law (typically within 72 hours for GDPR).

6. Your Rights and Choices

Depending on your location, you have certain rights regarding your personal information:

6.1 Rights Under GDPR (European Users)

  • Right of Access: Request a copy of your personal data we hold
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw previously given consent at any time
  • Right to Lodge a Complaint: File a complaint with your local supervisory authority

6.2 Rights Under CCPA (California Residents)

California residents have the following rights:

  • Right to Know: Request disclosure of personal information collected, used, and shared
  • Right to Delete: Request deletion of personal information (subject to exceptions)
  • Right to Opt-Out: Opt-out of the sale of personal information (we do not sell your information)
  • Right to Non-Discrimination: Exercise your rights without discrimination
  • Right to Correction: Request correction of inaccurate personal information

To exercise these rights, please contact us using the information in Section 12. We will verify your identity before processing your request and respond within the timeframes required by law (typically 30-45 days).

6.3 How to Exercise Your Rights

To exercise any of these rights, you can:

  • Use the data export feature in your account settings
  • Use the account deletion feature in your account settings
  • Contact us at privacy@jagglink.com with your request
  • Update your account information directly in your profile settings

6.4 Marketing Communications

You can opt-out of marketing emails by:

  • Clicking the "unsubscribe" link in marketing emails
  • Updating your preferences in your account settings
  • Contacting us directly

Note: You cannot opt-out of transactional emails (service-related notifications, security alerts, etc.) as these are necessary for the Service to function.

7. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Active Accounts: We retain data for as long as your account is active
  • Deleted Accounts: We delete most personal data within 30 days of account deletion
  • Backup Data: Some data may remain in backups for up to 90 days before permanent deletion
  • Legal Requirements: We may retain certain data longer if required by law (e.g., tax records, transaction history, legal disputes)
  • Anonymized Data: Aggregated and anonymized data may be retained indefinitely for analytics purposes

When we delete your data, it is permanently removed from our active systems. Data in backups will be deleted when backups are rotated, typically within 90 days.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our platform:

8.1 Types of Cookies We Use

  • Essential Cookies: Required for the Service to function (authentication, session management, security)
  • Functional Cookies: Remember your preferences (theme, language, settings)
  • Analytics Cookies: Help us understand how you use the Service (page views, feature usage, performance metrics)
  • Performance Cookies: Monitor Service performance and identify technical issues

8.2 Cookie Management

Most browsers allow you to control cookies through their settings. However, disabling essential cookies may affect the functionality of the Service.

You can manage cookie preferences through your browser settings:

  • Chrome: Settings → Privacy and Security → Cookies and other site data
  • Firefox: Options → Privacy & Security → Cookies and Site Data
  • Safari: Preferences → Privacy → Cookies and website data
  • Edge: Settings → Cookies and site permissions → Cookies and site data

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our servers and service providers are located. These countries may have data protection laws different from those in your country.

When we transfer personal data from the EEA to other countries, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data processing agreements with our service providers
  • Adequate security measures and compliance certifications

By using our Service, you consent to the transfer of your information to countries outside your country of residence.

10. Data Processing Agreement (DPA)

When we process personal data on your behalf as a data processor (e.g., when you store customer data in our platform), we:

  • Process data only as instructed by you (the data controller)
  • Implement appropriate technical and organizational measures to protect data
  • Ensure that our sub-processors (e.g., Supabase, Stripe) meet the same data protection standards
  • Assist you in responding to data subject requests
  • Notify you of any data breaches without undue delay
  • Delete or return data upon termination of the Service

If you require a formal Data Processing Agreement (DPA), please contact us at privacy@jagglink.com.

11. Children's Privacy

Our Service is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@jagglink.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Emailing you at the address associated with your account (for material changes)
  • Posting a prominent notice on our Service
  • Updating the "Last updated" date at the top of this Privacy Policy

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Officer: privacy@jagglink.com

General Support: support@jagglink.com

Mailing Address: JaggLink Auto Salvage, Privacy Officer

13.1 EU Representative (GDPR)

If you are located in the European Economic Area (EEA), you have the right to lodge a complaint with your local supervisory authority. You can find your supervisory authority at https://edpb.europa.eu.

13.2 California Privacy Rights (CCPA)

California residents can contact us using the information above to exercise their CCPA rights. We do not sell personal information, and we do not discriminate against users who exercise their privacy rights.

← Back to Home