VinVerify
Run a VIN
Legal

Privacy Policy

This policy describes what information we collect, how we use it, and the choices you have. We try to keep it short and plain, if anything here is unclear, email us.

Last updated February 14, 2026

1. Summary

  • We collect the minimum needed to run your account, deliver reports, and prevent fraud.
  • We never sell your personal information.
  • We use Stripe for payments and never store your full card number on our servers.
  • You can request a copy of your data, or delete your account, at any time.

2. Who we are

VinVerify, LLC (“VinVerify,” “we,” “us”) is the controller of personal information processed under this Policy. We are based at 228 Park Ave S, PMB 12480, New York, NY 10003, USA.

3. Information we collect

Information you provide

  • Account details: name, email, password (hashed).
  • Payment details: handled by Stripe; we store a payment-method token and billing address only.
  • Report inputs: the VIN(s) you submit, and any optional notes you attach to a report in your dashboard.
  • Support messages: anything you send to us, including your email address and the contents of the message.

Information collected automatically

  • Device & log data: IP address, browser type, OS, referrer URL, pages visited, and timestamps. Used for security, fraud prevention, and aggregate analytics.
  • Cookies & similar technologies: small files we use to keep you signed in and to measure traffic. See § 7 below.

Information from third parties

  • Vehicle data records returned from NMVTIS-approved providers, NHTSA, the NICB, J.D. Power, and our DMV partners. This data relates to vehicles, not to you personally.
  • Fraud signals from Stripe Radar to help us prevent abusive purchases.

4. How we use information

  • To deliver the reports you purchase and operate your account.
  • To process payments, including via Stripe.
  • To respond to support requests and notify you of changes.
  • To detect, prevent, and investigate fraud and abuse.
  • To comply with legal obligations and enforce our Terms.
  • To improve our Services, typically using aggregate or de-identified data.

5. Legal bases (EEA/UK users)

If you are in the European Economic Area or the United Kingdom, we process your personal data on these legal bases: performance of a contract (delivering the Services you purchase), legitimate interests (fraud prevention, service improvement), legal obligation (tax, accounting), and your consent (for optional marketing communications, which you can withdraw at any time).

6. Sharing your information

We share personal information only with these categories of recipients, and only as needed:

  • Service providers we rely on to operate the business, hosting (Vercel), payments (Stripe), email (Postmark / Resend), analytics (privacy-preserving providers), and customer support tooling.
  • Data partners only to the extent required to generate a report, typically a hashed VIN query, not your personal information.
  • Legal & safety, when required by law, court order, or to protect rights, property, or safety.
  • Successors in a merger, acquisition, or sale of substantially all of our assets.

We do not sell or rent your personal information to advertisers or data brokers.

7. Cookies

We use a small number of cookies: an authentication cookie to keep you signed in, a session cookie for security, and a first-party analytics cookie. We do not use third-party advertising cookies. You can control cookies through your browser settings; disabling them may impact functionality such as staying signed in.

8. Data retention

We keep account and billing records for as long as your account is active and for up to seven years after closure for tax and accounting purposes. Reports remain available in your dashboard while your account is open. Support correspondence is kept for up to two years.

9. Your rights

Depending on where you live, you may have the right to:

  • Access a copy of the personal information we hold about you.
  • Correct information that is inaccurate.
  • Delete your account and associated personal data.
  • Object to certain processing or withdraw consent.
  • Port your data to another service in a structured format.
  • For California residents under the CCPA/CPRA: the rights to know, delete, correct, and limit the use of sensitive personal information.

To exercise any of these rights, email privacy@vinverify.example. We’ll verify your request and respond within 30 days (or the period required by applicable law).

10. Security

We protect personal information with TLS 1.2+ in transit and AES-256 at rest, scoped access controls, audit logging, and periodic third-party penetration testing. No system is perfectly secure, if you suspect unauthorized access to your account, contact us immediately.

11. International transfers

We process data in the United States. If you are outside the U.S., your information may be transferred to and processed in the U.S. We rely on Standard Contractual Clauses where required for EEA/UK transfers.

12. Children

VinVerify is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us information, contact us and we’ll delete it.

13. Changes to this policy

We’ll post any material changes on this page and update the “Last updated” date above. If the changes are significant we’ll also notify registered users by email.

14. Contact

Privacy questions or requests: privacy@vinverify.example. Postal mail: VinVerify, LLC, Attn: Privacy, 228 Park Ave S, PMB 12480, New York, NY 10003, USA.