Privacy Policy

This Privacy Policy explains how ClassicCarHunter (“we,” “us,” “our”) collects, uses, stores, and shares personal information when you apply for membership, use the Service, or interact with us. By using the Service, you consent to the practices described here.

Our address: Austin, Texas, United States. Contact: founder@classiccarhunting.com.

We collect the following categories of information:

• Application data — name, email, phone, location, current collection description, wish list, budget range, timeline, referral source, and the free-text note you submit on your application.
• Member account data — login code, membership tier, Founders seat number (if applicable), referral code, and notification preferences.
• Hunt and garage data — the year/make/model/trim/VIN ranges you watch, hunts and pursuits you create, garage entries (including purchase price, mileage, color, photos, service events, and vault documents you upload).
• Match interaction data — which matches you opened, marked Interested, passed, or acquired; bid ceilings you set; outreach you sent.
• Payment information — handled directly by Stripe. We receive a confirmation of payment but do not store full card numbers or CVV codes.
• Usage data — pages viewed, actions taken, IP address, user agent, and approximate location derived from IP, captured via server logs.
• Communications — emails you send us, replies to our messages, and feedback you submit.

We use the information above to:

• Review and respond to your application;
• Operate the matching engine and surface listings that fit your hunts;
• Generate the Acquisition Brief, comp range, deal classification, and provenance signals for each match;
• Send transactional emails (welcome, payment links, match alerts, Daily Brief);
• Authenticate you and protect against fraud and abuse;
• Process payments and refunds;
• Improve our products, including refining the matching engine, classifier, and provenance models;
• Comply with legal obligations and enforce our Terms of Service.

We may use aggregated, anonymized data (for example, “the median sale price of a 1973 Carrera RS over the last 12 months”) for product analysis, research, and public-facing market commentary. Aggregated data cannot reasonably identify any individual member or member transaction.

We use AI services from OpenAI to:

• Generate the editorial portion of the Acquisition Brief from structured comp and provenance signals;
• Analyze listing photos for provenance indicators (respray, panel-gap mismatches, period-incorrect parts);
• Extract structured fields (year, make, model, mileage, VIN) from noisy listing titles and descriptions.

Input we send to OpenAI for these purposes may include listing data, photos, hunt names, and comp summaries. OpenAI’s API terms (as of the effective date of this policy) state that data submitted via the API is not used to train OpenAI’s general models. We do not send sensitive identifiers (Social Security numbers, payment details) to AI providers.

Deal classifications (STEAL / FAIR / PRICED HIGH / WALK) and suggested opening offers are automated outputs presented for your consideration. They are not financial advice and do not bind you.

We use a small set of cookies and session storage entries to keep you signed in (an encrypted session cookie issued by iron-session), remember your sidebar collapse preference, and rate-limit abuse. We do not use third-party advertising cookies, retargeting pixels, or cross-site tracking beacons. We do not sell your information to ad networks.

You can clear cookies through your browser at any time; doing so signs you out of the Service.

We share the minimum information needed with the following processors, each bound by a written data processing agreement or by their published security and privacy commitments:

• Vercel — hosting and serverless compute.
• Neon — managed PostgreSQL database where member data is stored.
• Vercel Blob — storage for photos and uploaded vault documents.
• OpenAI — AI vision and language model inference (see Section 4).
• Resend — transactional email delivery.
• Stripe — payment processing.
• Twilio (when SMS Sniper alerts are configured) — SMS delivery.

We do not sell or rent your personal information to third parties for advertising or marketing purposes.

We retain member account data for as long as your membership is active and for a reasonable period thereafter, generally up to three years from your last interaction, to handle support requests, defend or pursue claims, and comply with tax and recordkeeping obligations. Server logs are retained for a shorter period (typically 30–180 days) for security and abuse-prevention purposes.

Vault dossiers tied to a specific vehicle may be retained longer when the vehicle is transferred to another ClassicCarHunter member, since the dossier follows the chassis; the previous owner’s personal identifiers are scrubbed from the public Certificate of Provenance at transfer.

You have the right to:

• Access a copy of your personal information;
• Correct inaccurate information directly through your account settings, or by emailing us;
• Delete your account and associated personal information, subject to legal retention requirements;
• Export your hunts, garage entries, and vault documents in a portable format;
• Object to processing in specific circumstances, or restrict it;
• Withdraw consent for processing where consent is the legal basis.

To exercise any of these rights, email founder@classiccarhunting.com. We will respond within 30 days for most requests. Residents of the European Union, the United Kingdom, and California have additional rights under GDPR, the UK GDPR, and the CCPA respectively; those rights are described and honored in line with the applicable law.

The Service is operated from the United States. If you access the Service from outside the United States, you understand that your information will be transferred to, stored, and processed in the United States and other jurisdictions where our processors operate. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for cross-border transfers.

The Service is not directed to anyone under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us and we will delete it.

We protect member data with industry-standard measures: TLS-encrypted transport, encrypted session cookies via iron-session, scoped database access, rate-limiting on public endpoints, SSRF protection on outbound photo enrichment, and constant-time string comparison for credential checks. No system is perfectly secure; if you believe your account has been compromised, contact us immediately.

We may update this Privacy Policy from time to time. We will update the “Effective” date above for any change. For material changes, we will notify active members by email. Continued use of the Service after a material change constitutes acceptance of the updated policy.

ClassicCarHunter
Austin, Texas, United States
founder@classiccarhunting.com