CarMatch

Privacy Notice

Last updated: May 23, 2026 (rev. 2)

1. Who We Are

CarMatch, part of BakerStreet AI LLC (“we,” “us,” or “our”), operates the CarMatch web application at carmatch.com. We are committed to protecting your privacy and being transparent about how we collect, use, and share your information.

2. Information We Collect

Information you provide directly:

  • Account information: Email address, display name, and password when you create an account.
  • Survey responses: Your answers to our 8-question driving personality quiz, which are used to generate personalized vehicle recommendations.
  • User actions: Your interactions with recommended vehicles, including hearts (saves), passes, and “Say Hi” clicks.

Information collected automatically:

  • Usage data: Pages visited, features used, and interaction patterns within the app.
  • Device information: Browser type, operating system, and screen resolution.
  • Essential cookies and session data: We use essential cookies to maintain your login session and remember your survey progress.
  • Advertising cookies (with your consent): If you accept cookies via our banner, Google AdSense places cookies on your device to serve and measure ads on the results page. AdSense may also use cookies set by you on other websites to personalize the ads it shows you here.

Information from third parties:

  • Google OAuth: If you sign in with Google, we receive your name, email address, and profile photo from Google. We do not access your Google contacts, calendar, or other Google services.

3. How We Use Your Information

  • Personalized recommendations: Your survey answers are processed by our matching algorithm to recommend vehicles that fit your preferences, lifestyle, and personality.
  • Virtual Garage: We store your hearted, passed, and visited vehicles so you can revisit them later.
  • AI personality summary: We analyze your vehicle preferences to generate a driving personality summary visible in your garage.
  • Service improvement: Aggregated, anonymized data helps us improve our recommendation algorithm and user experience.
  • Account management: To create and maintain your account, authenticate your identity, and provide customer support.

4. How We Share Your Information

We do not sell your personal information. We may share information in the following limited circumstances:

  • Service providers: We use Supabase for database hosting and authentication, Resend for transactional emails, and Google for OAuth sign-in. These providers process data on our behalf under strict contractual obligations.
  • Affiliate partners (Commission Junction): When you click “Say Hi” or “Visit Again” for a participating brand, your click is routed through Commission Junction’s (CJ) tracking domain (typically tkqlhc.com) before reaching the manufacturer’s or partner’s website. CJ uses cookies to attribute the click for commission purposes. We may earn a commission from these referrals. The destination manufacturer may also collect information independently under their own privacy policy. You can opt out of CJ’s consumer tracking at CJ’s Privacy Notice.
  • Google AdSense: If you accept advertising cookies, Google AdSense receives information about your visit (such as your IP address and browser characteristics) to serve and measure ads. Google’s use of this data is governed by their Advertising Policies. We do not have access to the personal identifiers Google associates with you.
  • Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Data Storage and Security

Your data is stored securely using Supabase (hosted on AWS infrastructure) with encryption at rest and in transit. We implement row-level security (RLS) policies to ensure users can only access their own data. Passwords are hashed using industry-standard algorithms and are never stored in plaintext.

6. Your Rights and Choices

  • Access and portability: You can view all your saved data in your Virtual Garage.
  • Deletion: You may request deletion of your account and all associated data by contacting us. Account deletion is permanent and cannot be undone.
  • Correction: You can update your display name and email through your account settings.
  • Opt out: You can use CarMatch as a guest without creating an account. Account creation is only required to save your results.
  • Cookie preferences: You can manage cookies through your browser settings. Click “Reject” on our cookie banner to decline advertising cookies; you can also opt out of personalized Google ads at Google’s Ads Settings. Disabling essential cookies may affect app functionality.

7. Children’s Privacy

CarMatch is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will promptly delete it.

8. California Privacy Rights (CCPA)

If you are a California resident, you have the right to: (a) know what personal information we collect, (b) request deletion of your personal information, (c) opt out of the sale of personal information (we do not sell personal information), and (d) not be discriminated against for exercising your privacy rights.

9. Changes to This Notice

We may update this privacy notice from time to time. We will notify you of material changes by posting the updated notice on this page with a revised “Last updated” date. Your continued use of CarMatch after changes constitutes acceptance of the updated notice.

10. Contact Us

If you have questions about this privacy notice or our data practices, please contact us at:

CarMatch, part of BakerStreet AI LLC
Email: CarMatch-app@bakerstreetai.com

← Back to CarMatch