Privacy Policy
This Privacy Policy explains how Detail Suite ("we," "us," or "our") collects, uses, discloses, and protects personal information when you use our software and services (the "Service"). It also describes the rights available to individuals under the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA).
1. Roles: Controller and Processor
When we collect information about our own account holders (the detailing businesses that subscribe), we act as a data controller. When our account holders use the Service to manage their clients' information, the account holder is the controller of that client data and we act as a data processor on their behalf. If you are a client of a business that uses Detail Suite, please direct privacy requests to that business; we will assist them in responding.
2. Information We Collect
| Category | Examples | Purpose |
|---|---|---|
| Account data | Name, email, password (hashed), business name, role | Create and secure your account |
| Business data you enter | Clients, vehicles, jobs, invoices, payments, photos, notes, team members | Provide CRM and scheduling features |
| Client contact data | Client names, phone numbers, email addresses, addresses | Scheduling, messaging, and invoicing on your behalf |
| Messaging data | SMS content, timestamps, delivery status, phone numbers | Send and display two-way SMS |
| Payment data | Subscription status and billing handled by Stripe; we do not store full card numbers | Process your subscription |
| Usage & device data | Log data, browser type, approximate activity | Security, troubleshooting, and improving the Service |
3. How We Use Information
- To provide, maintain, and improve the Service.
- To authenticate users and secure accounts.
- To process subscription payments and prevent fraud.
- To send transactional communications about your account and the Service.
- To enable the SMS, scheduling, invoicing, and reporting features you choose to use.
- To comply with legal obligations and enforce our Terms.
We do not sell or "share" personal information for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA.
4. SMS Data Handling & Twilio
The Service sends and receives SMS messages through Twilio, a third-party communications provider, using credentials supplied by the account holder. When you send or receive a text through the Service:
- Message content, sender and recipient phone numbers, timestamps, and delivery status are processed by Twilio and stored in the account holder's Detail Suite account to display the conversation.
- The account holder is responsible for obtaining consent from recipients before messaging them and for honoring opt-out ("STOP") requests.
- Twilio's handling of this data is governed by Twilio's own privacy policy and data-processing terms.
- SMS consent and phone numbers are used only to deliver the messages you initiate and are not used for unrelated marketing by us.
5. Data Storage & Sub-processors
Application data is stored using Supabase (managed PostgreSQL hosting and authentication). We rely on the following sub-processors to operate the Service:
| Sub-processor | Function |
|---|---|
| Supabase | Database, authentication, and file storage |
| Twilio | SMS delivery and inbound messaging |
| Stripe | Subscription billing and payment processing |
These providers process data on our or the account holder's behalf under contractual data-protection obligations. Data may be processed in the United States and other countries; where required, we rely on appropriate safeguards such as Standard Contractual Clauses for international transfers.
6. Legal Bases (GDPR)
Where GDPR applies, we process personal data on these bases: performance of a contract (to provide the Service), legitimate interests (to secure and improve the Service), consent (where required, e.g., certain communications), and legal obligation (e.g., tax and accounting records).
7. Data Retention
We retain account and business data for as long as your account is active. After cancellation, we may retain data for a limited period to allow reactivation and to meet legal, tax, and security obligations, after which it is deleted or anonymized. Account holders can delete client records and export data at any time from within the Service.
8. Your Rights
GDPR (EU/UK): You have the right to access, correct, delete, restrict, or object to processing of your personal data, the right to data portability, and the right to withdraw consent. You may also lodge a complaint with your local supervisory authority.
CCPA/CPRA (California): You have the right to know what personal information we collect and how it is used, to request deletion, to correct inaccurate information, and to not be discriminated against for exercising these rights. We do not sell or share personal information for cross-context behavioral advertising.
To exercise any right, email support@thedetailsuite.com. We will verify your request and respond within the timeframe required by law. If your request concerns data held by a business that uses Detail Suite, we will refer you to, or assist, that business.
9. Security
We use industry-standard safeguards including encryption in transit (HTTPS/TLS), row-level security to isolate each business's data, hashed passwords, and access controls. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
10. Children's Privacy
The Service is intended for businesses and is not directed to children under 16. We do not knowingly collect personal information from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email or within the Service, and the "Last updated" date above will be revised.
12. Contact
For privacy questions or requests, contact us at support@thedetailsuite.com.