Legal
Privacy Policy
Last updated: June 2, 2026
DerbyDay, Inc. (“DerbyDay,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights with respect to your data when you use the DerbyDay platform (“Service”). By using the Service, you agree to the practices described in this policy.
1. Data We Collect
Account Information
When you create an account, we collect your name, email address, organization name, and billing address. Account authentication is handled by Clerk (see Third Parties below).
Vehicle and Parts Data
When you use the Service, we store vehicle records (VIN, year, make, model, trim, mileage, condition, intake date) and parts records (part name, category, condition, pricing, warehouse location, listing status, and associated SKUs) that you create. This data belongs to you and is not shared with other customers.
Photos
Vehicle and parts photographs you upload are stored via Cloudinary (see Third Parties below). Photos are associated with your account and are not shared publicly unless you publish them to a marketplace through DerbyDay.
Payment Information
Payment information (credit card number, expiration date, CVV) is collected and processed directly by Stripe, Inc. DerbyDay does not store your full payment card details on our servers. We retain a Stripe customer ID and subscription ID to manage your billing relationship.
Estimate Lead Data
When you use the free parts estimate tool at /lp/payg, we collect your VIN, the vehicle year/make/model decoded from the VIN, your email address (if provided to receive the estimate), and the estimate range generated. This data is used to follow up with you about the Service and is retained for up to 12 months.
Usage Data
We automatically collect usage data when you use the Service, including pages visited, features used, IP address, browser type, device type, and timestamps. This data is used to improve the Service, diagnose technical issues, and understand how the Service is used in aggregate.
2. How We Use Your Data
We use your data to:
- Provide the Service: store your inventory, generate AI-assisted content, process payments, and deliver the features of your plan.
- Transactional communications: send receipts, subscription renewal notices, account alerts, and support responses. You cannot opt out of transactional emails while you have an active account.
- Product communications: send feature announcements, tips, and other non-transactional emails. You may opt out of these at any time by clicking “unsubscribe” in any email.
- Service improvement: analyze usage patterns in aggregate (anonymized) to improve DerbyDay features and AI model accuracy. We do not use your specific inventory data to train AI models that are shared with other customers without your opt-in consent.
- Legal compliance: comply with applicable law, respond to legal process, and protect DerbyDay’s rights.
AI Model Improvement
By default, DerbyDay may use anonymized, aggregated data derived from parts checklists and pricing corrections to improve AI model accuracy for all users. This does not include your personally identifiable information or your specific inventory records in identifiable form. If you wish to opt out of this use, contact privacy@derbydayapp.com and we will honor your opt-out request within 30 days.
3. Third-Party Services
DerbyDay uses the following third-party service providers, each of which may process your data in connection with providing the Service:
- Stripe, Inc. — Payment processing. Stripe collects and processes payment card data directly. DerbyDay does not receive or store your full card details. Stripe Privacy Policy
- Clerk, Inc. — Authentication and user management. Clerk handles account creation, login, and session management. Clerk Privacy Policy
- Cloudinary — Image storage and delivery. Vehicle and parts photos you upload are stored on Cloudinary’s servers. Cloudinary Privacy Policy
- Anthropic, PBC — AI processing. DerbyDay uses Anthropic’s Claude API to generate parts checklists and listing descriptions. Data sent to Anthropic is subject to Anthropic’s API usage policies. Anthropic does not use API data to train models without consent. Anthropic Privacy Policy
- Vercel, Inc. — Cloud hosting and infrastructure. DerbyDay is hosted on Vercel. Vercel Privacy Policy
We do not sell your personal data to third parties. We do not share your data with advertising networks or data brokers.
4. Cookies and Tracking
DerbyDay uses cookies and similar technologies to maintain your session (authentication), remember your preferences, and analyze usage. We use session cookies (deleted when you close your browser) and persistent cookies (retained for a set period).
We do not use third-party advertising cookies. You can control cookies through your browser settings; however, disabling session cookies will prevent you from logging in.
5. Data Retention and Deletion
We retain your account and inventory data for as long as your account is active. After account closure:
- Active data (vehicles, parts, photos) is deleted within 90 days of account closure.
- Billing records are retained for 7 years as required by tax and financial regulations.
- Anonymized, aggregated analytics data may be retained indefinitely.
To request deletion of your account and data, contact privacy@derbydayapp.com. We will process your request within 30 days.
6. Security
DerbyDay uses industry-standard security practices including TLS encryption in transit, encrypted storage at rest, access controls, and regular security reviews. However, no system is completely secure. If you believe your account has been compromised, contact security@derbydayapp.com immediately.
7. California Privacy Rights (CCPA)
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including the right to:
- Know what personal information we collect about you and how it is used.
- Delete personal information we have collected about you, subject to certain exceptions.
- Opt out of the sale of your personal information. DerbyDay does not sell personal information.
- Non-discrimination — we will not discriminate against you for exercising your CCPA rights.
To exercise your California privacy rights, contact us at privacy@derbydayapp.com. We will respond to verifiable requests within 45 days.
8. Children’s Privacy
The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If you believe a child has provided us personal information, contact privacy@derbydayapp.com and we will delete it.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the Service. Your continued use of the Service after changes take effect constitutes your acceptance of the revised policy.
10. Contact
For privacy-related questions, data requests, or to report a concern:
DerbyDay, Inc.
privacy@derbydayapp.com
See also: Terms of Service