ApexPitCoreSubmit a Privacy Request →

Privacy Policy

Last updated: May 9, 2026

ApexPitCore LLC · [REGISTERED ADDRESS] · Privacy Contact: [email protected]

1. Who This Policy Covers

This Privacy Policy explains how ApexPitCore LLC (“ApexPitCore,” “we,” “us,” or “our”) handles personal information in connection with the ApexPitCore software-as-a-service platform. It applies to:

  • Shop accounts: Auto repair shop owners and their employees who use ApexPitCore to manage their business.
  • Vehicle owners / customers: Individuals whose vehicle and repair information is managed within ApexPitCore by a shop account.
  • Visitors: People who visit our website or contact us.

Shop accounts act as independent data controllers for the personal data of their vehicle owner customers. ApexPitCore acts as a data processor on their behalf for that data. See our Data Processing Agreement for details.

2. Information We Collect

Shop Account Data

When a shop creates an account and uses ApexPitCore, we collect:

  • Business name, address, phone number, and website
  • Owner and employee names, email addresses, phone numbers, and job titles
  • Account credentials (passwords are hashed — never stored in plain text)
  • Billing information processed through Stripe (we do not store card numbers or CVV codes)
  • Shop configuration settings, labor rates, and business preferences
  • Login history and session metadata

Vehicle Owner / Customer Data

Shops enter and manage information about their vehicle owner customers. This data is stored in ApexPitCore on the shop's behalf and may include:

  • Names, email addresses, phone numbers, and mailing addresses
  • Vehicle information: year, make, model, VIN, license plate number, color, and mileage
  • Repair history, service descriptions, technician notes, and inspection results
  • Photos and documents uploaded during inspections or repair orders
  • Estimates, invoices, and payment transaction metadata
  • SMS and email communication history with the shop
  • Appointment records and scheduling history

Payment Data

Payment processing is handled entirely by Stripe, a PCI DSS Level 1 certified payment processor. ApexPitCore does not store credit card numbers, debit card numbers, CVV codes, or bank account details. We store only Stripe transaction identifiers and payment metadata (amount, date, status).

Analytics and Log Data

We collect application usage logs, error reports, and basic analytics to operate and improve the service. This includes IP addresses, browser/device information, and page interaction data. Log data is retained for 90 days.

SMS and Email Communications

SMS messages are sent through Twilio and email through Resend. We log message metadata (recipient, channel, timestamp, delivery status) and store a preview of message content. We record consent status for SMS communications in accordance with TCPA requirements.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the ApexPitCore platform
  • Process payments and manage shop subscriptions
  • Send transactional communications: appointment reminders, estimate approvals, invoices
  • Respond to support requests and troubleshoot issues
  • Monitor for security incidents and prevent fraud
  • Comply with legal obligations including tax record retention
  • Improve the platform through aggregate, de-identified analytics

We do not sell personal information to third parties. We do not use vehicle owner customer data to build advertising profiles or to market unrelated services.

4. Sharing Your Information

We share information only as necessary to deliver the service or comply with legal requirements:

  • Service providers / subprocessors: Stripe (payments), Twilio (SMS), Resend (email), Cloudflare R2 (file storage), Railway (hosting), PostHog (analytics), Sentry (error monitoring), and others listed at apexpitcore.com/legal/subprocessors. These providers are contractually bound to use data only to provide services to us.
  • Legal compliance: We may disclose information when required by law, court order, or to protect the rights and safety of our users.
  • Business transfers: If ApexPitCore is acquired or merges with another company, your information may be transferred. We will notify affected users at least 30 days before such a transfer takes effect.

5. Data Retention

We retain different categories of data for different periods:

  • Account data: Retained for the duration of the subscription plus 3 years.
  • Financial records (invoices, payments): 7 years, as required for tax and business record purposes.
  • Vehicle and repair records: 7 years from last service date, or longer if required by state law.
  • Application logs: 90 days.
  • Security events: 2 years.
  • Deleted customer data: PII is anonymized. Financial record structure is retained for legal compliance with personal identifiers removed.

Full retention schedules are available at apexpitcore.com/legal/data-retention.

6. Security

We implement technical and organizational measures to protect personal information, including encryption in transit (TLS 1.2+), encryption at rest for sensitive fields, role-based access controls, multi-factor authentication support, audit logging, and intrusion monitoring. See our Security page for details.

No system is perfectly secure. If you discover a security vulnerability, please contact [email protected].

7. Your Privacy Rights (CCPA / CPRA — California)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: You may request a copy of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request deletion of your personal information, subject to exceptions for legal record retention.
  • Right to Correct: You may request correction of inaccurate personal information.
  • Right to Opt Out: You may opt out of the sale or sharing of your personal information (see Section 8 below).
  • Right to Limit Sensitive PI: You may request that we limit our use of sensitive personal information (see Section 9 below).
  • Right to Non-Discrimination: We will not discriminate against you for exercising these rights.
  • Right to Appeal: If we deny your request, you may appeal that decision.

To exercise any of these rights, submit a request at apexpitcore.com/privacy/request or email [email protected]. We will respond within 45 days.

We may need to verify your identity before processing your request. We will not require you to create an account or provide more information than is necessary for verification.

8. Do Not Sell or Share My Personal Information

ApexPitCore does not sell personal information. We do not share personal information with third parties for their direct marketing purposes. We share data only with service providers (subprocessors) who process it on our behalf under contractual restrictions.

If you are a California resident and wish to formally opt out of any future sale or sharing of your personal information, submit a request at apexpitcore.com/privacy/request and select “Opt out of sale/share.”

9. Limit Use of Sensitive Personal Information

We collect certain categories of sensitive personal information as defined under CPRA. In the context of ApexPitCore, this may include vehicle identification numbers (VINs) and precise geolocation if location services are enabled.

We use sensitive personal information only as necessary to provide the core service. You may request that we limit our use of this information to purposes permitted under CPRA by submitting a request at apexpitcore.com/privacy/request and selecting “Limit use of sensitive personal information.”

10. How to Exercise Your Privacy Rights

You may submit a privacy request through any of these channels:

We will acknowledge your request within 10 business days and complete it within 45 calendar days. If we need more time (up to an additional 45 days), we will notify you before the original deadline.

11. Cookies and Tracking

We use cookies and similar technologies to operate the platform and improve our service. Cookies fall into two categories:

  • Essential cookies: Required for login sessions, security, and core platform functionality. These cannot be disabled without breaking the service.
  • Optional analytics cookies: Used to understand how the platform is used so we can improve it. You can decline these without losing any functionality.

Analytics Tools We Use

  • PostHog: Product analytics. Tracks aggregated feature usage (e.g., which pages are visited). Configured with autocapture disabled and all form inputs masked. No customer PII is passed to PostHog.
  • Microsoft Clarity: Session recording and heatmaps. Records mouse movements, clicks, and scrolling to help us identify usability issues. All text inputs are masked before recording. Clarity is operated by Microsoft Corporation and is subject to Microsoft's privacy policy at privacy.microsoft.com. We have IP masking enabled.
  • Sentry: Error monitoring. Records technical error information (stack traces, browser/OS version) to help us fix bugs. No user behaviour data is collected. Sentry is treated as an essential service.

Optional analytics tools only load after you accept cookies via our consent banner. If you decline or withdraw consent, these tools will not run during your session. See our Cookie Policy for the full list of cookies we use and how to manage them.

12. Children

ApexPitCore is intended for use by adults operating businesses. We do not knowingly collect personal information from children under 16. If you believe we have collected such information inadvertently, contact [email protected].

13. Changes to This Policy

We may update this policy from time to time. When we make material changes, we will notify shop account holders by email at least 30 days before the changes take effect. Continued use of the service after the effective date constitutes acceptance of the updated policy.

14. Contact