Types Fast LLC

CarBuyer.app Privacy Policy

Last Updated: March 30, 2026

This Privacy Policy explains how CarBuyer (“CarBuyer,” “we,” “our,” or “us”) collects, uses, stores, and shares information when you use the CarBuyer iOS app and related backend services.

1. Information We Collect

Account and sign-in information

  • Sign in with Apple identifier (apple_user_id) used to create and maintain your account.
  • Email address from Apple Sign In, if Apple provides it.

Car shopping and negotiation content

  • Car profile data you enter, such as vehicle name, year, make, model, trim, and notes.
  • Negotiation data, including dealer name, dealer type, negotiation status, and rolling summaries.
  • Chat content, including text messages and any images you upload (for example, quote sheets or offer screenshots).

Subscription and purchase verification data

  • Subscription product ID, transaction ID, original transaction ID, and expiration date returned by Apple StoreKit verification.
  • Current subscription tier and expiration status stored on your account.

Security and abuse-prevention data

  • App Attest data (key ID, public key material, attestation/assertion challenge metadata, counters).
  • Refresh-token metadata used for session security (token ID, hash, expiration, revocation/rotation state).
  • Basic request metadata for rate limiting and operations (for example, user/account identifiers and, when unauthenticated, IP-based rate-limit keys).

Usage/account metrics

  • Total AI token usage associated with your account.

Data stored on your device

  • Access/refresh tokens and App Attest key ID in iOS Keychain.
  • Limited local snapshots (cached cars, negotiations, messages) stored in app storage to improve loading/offline resilience.

2. How We Use Information

We use your information to:

  • Create and manage your account and sessions.
  • Provide core app features (vehicle tracking, dealer negotiations, chat analysis, and offer comparison).
  • Process uploaded images and chat content to generate AI responses and negotiation guidance.
  • Verify subscriptions and determine feature access.
  • Secure the service (authentication, App Attest checks, anti-abuse rate limiting, fraud/misuse prevention).
  • Generate model-level research and optional community insights.
  • Maintain and improve reliability and service performance.

3. AI Processing and Third-Party Services

To provide AI negotiation guidance, CarBuyer sends relevant content to AI and infrastructure providers.

AI provider processing

  • CarBuyer sends chat inputs (including text and uploaded image references), conversation history, and relevant car context to our AI provider (OpenAI) to generate responses.
  • CarBuyer may use AI web-search tooling to fetch current market and incentive information for responses/research.

Infrastructure and platform providers

  • Apple: Sign in with Apple and StoreKit subscription verification.
  • Cloud object storage (AWS S3): Secure storage/retrieval of uploaded images.
  • Hosting/operations providers: API hosting and supporting infrastructure.

We do not sell your personal information.

4. Community Insights Sharing

  • Your car notes may be included in aggregated model-level “community insights” summaries.
  • The system attempts to redact direct identifiers (for example, email addresses, phone numbers, and VIN-like strings) before aggregation.
  • Shared insights are intended to be anonymized and model-focused, not user-identifying.

5. Data Retention

We retain data for as long as needed to operate the service and for legitimate security/operational needs.

Examples:

  • Account, car, negotiation, and message records are retained while your account is active unless deleted.
  • Deleting a car or negotiation removes associated records from the application database.
  • Subscription verification records are retained to prevent transaction reuse and fraud.
  • Session/refresh-token records are retained until expiration/revocation and cleanup.
  • Local snapshots on device are best-effort cached data (with aging/cleanup behavior) and are purged on sign-out for that user in current app behavior.

6. Your Choices and Controls

You can:

  • Update or delete car and negotiation records in the app.
  • Control optional notes-sharing via the privacy preference exposed by the service.
  • Sign out at any time (which clears active session credentials and local snapshot data for that user in the app).

For account-level data requests (including deletion requests), contact us at privacy@typesfast.com.

7. Security

We use reasonable technical and organizational safeguards, including:

  • Authenticated API access with signed tokens.
  • Keychain storage for sensitive session credentials on iOS.
  • App Attest checks for sensitive write actions.
  • Access controls around account-owned resources.

No method of transmission or storage is 100% secure, so we cannot guarantee absolute security.

8. International Processing

Depending on provider infrastructure, your information may be processed in countries other than your own.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the “Last Updated” date when changes are made.

10. Contact

Privacy questions or requests:

Types Fast LLC

© 2022 - 2026 Types Fast LLC