Privacy Policy

Deal Drop Direct collects information needed to operate a licensed-dealer wholesale marketplace, verify eligibility, process payments, prevent fraud, and support transactions.

• Account and contact information, including name, business email, phone number, dealership name, address, and login records.
• Dealer-verification information, including dealer license number, issuing state, expiration details, tax or business identifiers, and supporting documents.
• Auction and transaction information, including bids, maximum auto-bids, watchlist activity, wins, team membership, referrals, messages, pickup status, and support requests.
• Payment and subscription information. Payment-card details are collected and processed by Stripe; Deal Drop Direct generally receives tokens, payment status, billing details, and limited card descriptors rather than full card numbers.
• Device and usage information, including IP address, browser, device identifiers, cookies, referring pages, access times, and security events.

We use information to create and secure accounts; verify dealer eligibility; operate auctions, bids, auto-bidding, Buy Now, watchlists, teams, referrals, notifications, memberships, deposits, and payments; communicate transaction and service updates; provide support; enforce agreements; detect fraud; comply with legal obligations; and improve reliability and user experience.

• We may send essential account, payment, auction, security, and legal notices even when optional marketing messages are disabled.
• We do not sell personal information for money. We may use aggregated or de-identified information for analytics and service improvement.

We use necessary cookies and local storage for authentication, security, preferences, checkout continuity, and core functionality. We may use limited analytics technologies to understand performance and usage. Blocking necessary cookies may prevent sign-in, bidding, payments, or other features. Browser settings can control cookies, and optional communications may be managed from account preferences where available.

We disclose information only as reasonably necessary to operate the service, complete transactions, comply with law, or protect users and the platform.

• Stripe processes memberships, deposits, buyer premiums, vehicle-related payments, refunds, and fraud signals under its own privacy terms.
• Resend may process names, email addresses, message content, and delivery metadata to deliver transactional and support email.
• Infrastructure, database, storage, analytics, security, and support providers may process information under contractual obligations.
• Information may be shared with the relevant buyer, seller, dealership team, transport provider, professional adviser, regulator, law-enforcement authority, or successor in a business transaction when legally permitted and necessary.

We retain information for as long as the account is active and as needed for transactions, disputes, fraud prevention, legal compliance, tax and accounting records, and enforcement. Auction, bid, payment, verification, and communication records may be retained after account closure when required by law or legitimate business need. Information is deleted, anonymized, or securely isolated when no longer required, subject to backups and legal holds.

Depending on applicable law, you may request access to, correction of, portability of, or deletion of personal information; object to or restrict certain processing; opt out of optional marketing; and appeal a denied privacy request. Submit requests through the Contact page. We may verify identity and dealer authority before acting. Certain records cannot be deleted while needed for transactions, legal duties, security, or claims.

We use administrative, technical, and organizational safeguards including access controls, encrypted transport, role-based permissions, payment tokenization, logging, monitoring, backups, and restricted administrative access. No online system is completely secure. Users must protect credentials, use authorized devices, promptly report suspected compromise, and ensure former team members are removed.

The service is a business-to-business platform for licensed dealers and is not directed to children. Users must be at least 18 and authorized to act for their dealership. Information may be processed where our providers operate, subject to contractual and legal safeguards.

We may update this policy to reflect operational, legal, or technical changes. The revised date will appear at the top. Material changes may also be announced by email or in the service. Continued use after an effective update signifies acknowledgment of the revised policy, subject to applicable law.