Privacy Policy

1. Information We Collect

We collect information you provide directly to us, information collected automatically when you use the Platform, and information from third-party sources. The categories of personal information we may collect include:

1.1 Information You Provide Directly

• Identity Information: Full legal name, date of birth, username or display name, profile photo.
• Contact Information: Email address, phone number, mailing address.
• Account Credentials: Password (stored in hashed, salted form; we never store plain-text passwords) and account security settings.
• Business Information (for service providers): Business name, business address, business license numbers, service descriptions, pricing, portfolio images, and other information you choose to include in your public listing.
• Payment Information: Credit card numbers, debit card numbers, bank account details, and billing address. Payment data is processed and stored by our third-party payment processor, Stripe, Inc., and is not stored on our servers in unencrypted form. We receive only limited payment metadata (last four digits, card brand, expiration date) for display and reconciliation purposes.
• Communications: Messages you send to us (support tickets, emails, feedback, survey responses), and messages between users on the Platform (where applicable).
• User-Generated Content: Reviews, ratings, photos, and other content you post on the Platform.

1.2 Information Collected Automatically

• Device Information: Device type, operating system and version, browser type and version, device identifiers (IDFA, GAID, or similar), device language and locale settings, screen resolution, and hardware configuration.
• Usage Data: Pages and features accessed, search queries, clicks and interactions, session duration, referring URLs, time stamps, features used, and navigation paths through the Platform.
• Location Information: If you grant permission, we collect precise GPS location to show you nearby service providers or to verify your general area. We may also derive an approximate location from your IP address even without GPS permission. You can withdraw location permission in your device settings at any time, though this may limit certain functionality.
• Log Data: IP address, access dates and times, HTTP request method and path, HTTP response codes, bytes transferred, and other standard server log information.
• Cookies and Similar Technologies: See Section 4 for detailed information.

1.3 Information from Third Parties

• Identity Verification Data: When you complete identity verification through Stripe Identity, we receive a verification status (pass/fail) and limited metadata. See Section 2 for full details.
• Social Login Providers: If you choose to register or log in using a third-party account (such as Google or Apple), we receive your name, email address, and profile photo from that provider, subject to your privacy settings on those platforms.
• Payment Processors: Fraud signals and payment status information from Stripe, Inc.
• Business Listing Data: Publicly available business registration information used to verify or enrich business profiles.

2. Identity Verification via Stripe Identity

To maintain the integrity and safety of the Platform, we require certain users — including all service providers and, in some cases, customers — to verify their identity before accessing certain features. We use Stripe Identity, a third-party identity verification service operated by Stripe, Inc. (1275 Battery St., San Francisco, CA 94111).

2.1 What the Verification Process Collects

When you complete identity verification, Stripe Identity collects:

• A photograph or scan of a government-issued photo ID (such as a driver's license, state ID, or passport).
• A selfie or live video capture used for biometric facial comparison against the photo on the ID.
• The data extracted from the ID, which may include your legal name, date of birth, ID number, issuing state or country, and expiration date.
• Device and session metadata associated with the verification attempt.

2.2 How Verification Data Is Used

Stripe processes your identity documents and biometric data to determine whether you are who you claim to be. We receive a verification result (verified, unverified, or requires review) and limited extracted information. We use this result to:

• Grant or restrict access to features requiring verified status.
• Display a "Verified" badge on your profile, if applicable.
• Investigate fraud, abuse, or disputes on the Platform.

2.3 Stripe's Handling of Biometric Data

Your government ID images and biometric facial data are processed and stored by Stripe under Stripe's own Privacy Policy and applicable biometric privacy laws. We strongly encourage you to review Stripe's privacy practices before submitting your identity documents. We do not receive or store raw images of your government ID or your biometric data on our own servers.

3. Analytics & Tracking Technologies

3.1 Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043). Google Analytics uses cookies and similar technologies to collect and analyze information about how you use the Platform, including which pages you visit, how long you spend on each page, where you came from, and general demographic and interest information.

Google Analytics may use your data in accordance with Google's own Privacy Policy. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-Out Browser Add-on. You can also control interest-based advertising from Google at adssettings.google.com.

We have enabled IP anonymization in Google Analytics where technically available, which truncates your IP address before it is stored by Google.

3.2 Microsoft Clarity

We use Microsoft Clarity, a behavioral analytics service provided by Microsoft Corporation (One Microsoft Way, Redmond, WA 98052). Microsoft Clarity records and replays user sessions on our Platform, including mouse movements, clicks, scrolls, and keystrokes (excluding sensitive input fields such as passwords and payment information). It also generates heatmaps showing aggregate interaction patterns across pages.

This information helps us understand how users navigate the Platform and identify usability issues. Microsoft may use session replay data in accordance with its own privacy policy. You can learn more about Microsoft Clarity's data practices at privacy.microsoft.com.

We configure Microsoft Clarity to mask sensitive fields and do not permit it to record payment card numbers, government ID fields, or other highly sensitive personal information.

3.3 Other Analytics

We may from time to time use additional analytics, A/B testing, performance monitoring, and crash-reporting services. We will update this Privacy Policy when we add material new analytics providers.

4. Cookies and Tracking Technologies

We and our service providers use cookies, web beacons, pixel tags, local storage, session storage, and other tracking technologies to operate the Platform and collect information about your usage.

4.1 Types of Cookies We Use

• Strictly Necessary Cookies: Required for the Platform to function. These include session authentication cookies, CSRF protection tokens, and cookies that remember your preferences essential to operation (e.g., language setting). You cannot opt out of these cookies without disabling core functionality.
• Performance and Analytics Cookies: Help us understand how you use the Platform. Set by Google Analytics, Microsoft Clarity, and similar services. These can be opted out of as described in Section 3.
• Functionality Cookies: Remember your preferences such as your logged-in state, display preferences, and saved searches.
• Targeting and Advertising Cookies: May be set by third parties to deliver relevant advertising and track the effectiveness of marketing campaigns. We do not sell your personal information, but some third-party advertising cookies may be used to show you relevant ads on other platforms.

4.2 Your Cookie Choices

You can control cookies through:

• Browser settings: Most browsers allow you to block or delete cookies. Consult your browser's help documentation.
• Opt-out tools: The Digital Advertising Alliance opt-out at aboutads.info and the Network Advertising Initiative opt-out at networkadvertising.org.
• Platform cookie preferences: Where we provide a cookie preference center, you can manage your choices there.

Note that blocking certain cookies may impair Platform functionality, including the ability to log in or complete bookings.

4.3 Do Not Track

Some browsers transmit "Do Not Track" (DNT) signals. Our Platform does not currently respond to DNT signals in a standardized way. We will update our practices if industry-wide standards develop.

5. How We Use Your Information

We use the information we collect for the following purposes:

• To provide and operate the Platform: Creating and managing your account, processing transactions, facilitating connections between customers and service providers, displaying listings, and providing customer support.
• To verify your identity: Conducting identity verification through Stripe Identity for eligible users, displaying verified status on profiles, and detecting fraud.
• To personalize your experience: Showing you relevant service providers based on your location, search history, and preferences; recommending businesses that may interest you.
• To communicate with you: Sending transactional emails (booking confirmations, receipts, password resets), service announcements, and, with your consent, promotional messages and newsletters.
• To improve the Platform: Analyzing usage data and session recordings to identify bugs, usability issues, popular features, and areas for improvement.
• To ensure safety and security: Detecting, investigating, and preventing fraudulent transactions, unauthorized access, abuse, and other harmful conduct.
• To comply with legal obligations: Responding to subpoenas, court orders, or other lawful requests; complying with applicable laws and regulations.
• To enforce our policies: Reviewing reviews, listings, and user conduct for compliance with our Terms of Service and Community Standards.
• To conduct research and analytics: Understanding how our Platform is used, measuring the effectiveness of features, and conducting market research.
• For other purposes you consent to: Any other purpose for which we obtain your consent at the time of collection.

We rely on the following legal bases to process your personal information, depending on context:

• Contractual necessity: Processing required to provide the services you request.
• Legitimate interests: Operating, improving, and securing the Platform, subject to your right to object.
• Legal obligation: Compliance with applicable law.
• Consent: Where you have given explicit consent (e.g., marketing emails, location tracking, biometric processing).

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We share your information only in the following circumstances:

6.1 Service Providers

We share information with trusted third-party vendors who assist us in operating the Platform. These include:

• Stripe, Inc. — Payment processing and identity verification.
• Google LLC — Analytics (Google Analytics), cloud infrastructure, email delivery.
• Microsoft Corporation — Behavioral analytics (Microsoft Clarity).
• Hosting and cloud infrastructure providers.
• Customer support software providers.
• Email delivery providers.
• SMS / push notification providers.
• Fraud detection and security providers.
• Legal, accounting, and professional service advisors.

All service providers are contractually bound to use your information only on our behalf, in accordance with our instructions and this Privacy Policy, and to implement appropriate security measures.

6.2 Between Users

When you use the Platform to connect with another user (e.g., a customer inquiring about a business listing), certain information you have made public — such as your name, profile photo, review history, or business listing details — is shared with that user to facilitate the connection. Business listings are publicly visible by default. Private information (phone number, email, precise address) is shared only to the extent you choose to make it available or as required to facilitate a booking.

6.3 Business Transfers

If The Glossary is involved in a merger, acquisition, asset sale, financing, reorganization, or other corporate transaction, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Platform before your personal information becomes subject to a different privacy policy.

6.4 Legal Requirements

We may disclose your information if we believe in good faith that disclosure is required to:

• Comply with applicable law, regulation, legal process, or governmental request (including subpoenas, court orders, and law enforcement requests).
• Enforce our Terms of Service or other agreements.
• Protect the rights, property, or safety of The Glossary, our users, or the public.
• Detect, prevent, or address fraud, security, or technical issues.

6.5 With Your Consent

We may share your information for other purposes with your explicit prior consent.

7. Data Retention and Deletion

7.1 Retention Periods

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. General retention guidelines include:

• Active account data: Retained for the life of your account plus a reasonable period afterward to allow for re-activation and dispute resolution.
• Transaction records: Retained for a minimum of seven (7) years for tax and accounting compliance purposes.
• Identity verification records: Retained for the duration of your account plus such additional period as required by applicable law or our legal obligations.
• Communication logs: Generally retained for three (3) years, unless needed longer for ongoing disputes or legal proceedings.
• Analytics data: Aggregated and anonymized analytics may be retained indefinitely, as they no longer constitute personal information.
• Server logs: Typically retained for up to 90 days for security and debugging purposes.

7.2 Account Deletion

You may request deletion of your account and associated personal information at any time by contacting us at jen@carsmotology.com or using the deletion feature in your account settings (where available). Upon a verified deletion request, we will delete or anonymize your personal information within 45 days, subject to the following:

• We may retain information required for legal compliance, fraud prevention, dispute resolution, or enforcement of our agreements.
• Aggregated or anonymized data derived from your information may be retained as it no longer identifies you.
• Information already provided to third parties (e.g., reviews visible to other users) may persist in archival systems for a reasonable period.
• Backup systems may contain copies of your data for up to 90 days after deletion from production systems.

7.3 Data Minimization

We endeavor to collect only the personal information necessary for the stated purposes and to promptly delete or anonymize data that is no longer needed.

8. Your Rights

Depending on your location and applicable law, you may have the following rights with respect to your personal information:

8.1 Right of Access

You have the right to request a copy of the personal information we hold about you, including the categories of data collected, the purposes for which it is processed, and any third parties with whom it has been shared.

8.2 Right to Correction

You have the right to request that we correct any inaccurate or incomplete personal information we hold about you. You can update much of your account information directly through your account settings.

8.3 Right to Deletion ("Right to be Forgotten")

Subject to applicable legal exceptions, you have the right to request that we delete your personal information. See Section 7.2 for details on how we process deletion requests.

8.4 Right to Data Portability

Where technically feasible, you have the right to receive your personal information in a structured, commonly used, machine-readable format, and to transmit that data to another service provider without hindrance from us.

8.5 Right to Restrict Processing

In certain circumstances, you have the right to request that we limit our processing of your personal information, for example while you contest the accuracy of the data or while a dispute is pending.

8.6 Right to Object

You have the right to object to certain types of processing, including processing based on legitimate interests and processing for direct marketing purposes. If you object to direct marketing, we will cease using your data for that purpose immediately.

8.7 Right to Withdraw Consent

Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

8.8 How to Exercise Your Rights

To exercise any of these rights, submit a request to jen@carsmotology.com with the subject line "Privacy Rights Request." We may need to verify your identity before fulfilling your request. We will respond within the timeframe required by applicable law — typically 30 to 45 days — and we will not discriminate against you for exercising your privacy rights.

9. California Consumer Privacy Act (CCPA/CPRA)

This section applies specifically to residents of the State of California and provides additional disclosures required by the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA/CPRA").

9.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information about California consumers:

• Identifiers: Real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, or other similar identifiers.
• Personal information categories listed in Cal. Civ. Code § 1798.80(e): Name, address, telephone number, credit card number, debit card number, and other financial information.
• Protected classification characteristics: Age (date of birth, where collected for verification purposes).
• Commercial information: Records of services purchased, obtained, or considered, booking history, transaction records, and other purchasing or consuming histories.
• Biometric information: Facial geometry or other biometric data collected during identity verification through Stripe Identity.
• Internet or other electronic network activity information: Browsing history on the Platform, search history, and information regarding your interaction with the Platform or advertisements.
• Geolocation data: Physical location data, including precise GPS coordinates where permission is granted.
• Sensory data: Photographs submitted in connection with your profile, listings, or identity verification.
• Professional or employment-related information: Business name, service categories, licenses, and other professional information submitted by service provider users.
• Inferences drawn from other personal information: Profile reflecting your preferences, characteristics, predispositions, behavior, and attitudes, derived from usage data and interactions with the Platform.

9.2 Business or Commercial Purpose for Collection

We collect the categories of personal information described above for the business and commercial purposes set forth in Section 5 of this Privacy Policy.

9.3 Categories of Sources

We collect personal information from the following categories of sources: directly from you, automatically from your device and browser, from third-party analytics providers (Google Analytics, Microsoft Clarity), from identity verification providers (Stripe Identity), from payment processors (Stripe), and from social login providers (where applicable).

9.4 Categories of Third Parties with Whom We Share Personal Information

In the preceding 12 months, we have disclosed personal information to the following categories of third parties for business purposes:

• Payment processors (Stripe, Inc.)
• Identity verification providers (Stripe Identity)
• Analytics providers (Google LLC, Microsoft Corporation)
• Cloud hosting and infrastructure providers
• Customer support platform providers
• Email and communications service providers
• Legal, accounting, and professional advisors
• Law enforcement or government authorities, as required by law

9.5 Sale or Sharing of Personal Information

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising, as defined under the CCPA/CPRA. We have not sold or shared personal information in the preceding 12 months.

9.6 California Consumer Rights

California residents have the following rights under CCPA/CPRA:

• Right to Know: The right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes for collection, and the categories of third parties with whom we share it.
• Right to Delete: The right to request deletion of personal information we have collected about you, subject to certain exceptions.
• Right to Correct: The right to request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing: Because we do not sell or share personal information for cross-context behavioral advertising, there is no opt-out action currently required. However, you may submit an opt-out request to confirm this status at any time.
• Right to Limit Use of Sensitive Personal Information: You may request that we limit the use and disclosure of sensitive personal information (such as biometric data, precise geolocation, or government ID information) to purposes necessary to provide the services you request.
• Right of Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights. We will not deny you goods or services, charge you a different price, provide a different quality of service, or suggest you will receive a different quality of service because you exercised a privacy right.

9.7 How to Submit a California Privacy Rights Request

To submit a CCPA/CPRA request, contact us at:

• Email: jen@carsmotology.com (subject line: "California Privacy Rights Request")
• Mail: The Glossary, 1885 FM 2673, Suite H31, Canyon Lake, TX 78133

We will verify your identity before processing your request. You may designate an authorized agent to submit a request on your behalf; we will require written proof of the authorization and may require direct verification from you as well. We will respond to verifiable consumer requests within 45 calendar days of receipt. If we require additional time, we will notify you in writing of the reason and extension period, not to exceed 90 days total.

9.8 Shine the Light

California Civil Code Section 1798.83 ("Shine the Light") permits California residents to request, once per calendar year, information about our disclosures of personal information to third parties for direct marketing purposes during the immediately preceding calendar year. We do not currently disclose personal information to third parties for their own direct marketing purposes. To submit a Shine the Light request, contact us at jen@carsmotology.com.

10. Children's Privacy (COPPA)

The Platform is not directed at, and we do not knowingly collect personal information from, children under the age of 13. We comply with the Children's Online Privacy Protection Act of 1998 ("COPPA") and its implementing regulations. If you are under 18, you may not register for an account, use the Platform, or submit any personal information to us.

If we learn that we have inadvertently collected personal information from a child under 13, we will take immediate steps to delete that information from our systems. If you are a parent or guardian and you believe that your child under 13 has provided personal information to us without your consent, please contact us immediately at jen@carsmotology.com. We will respond promptly and delete the information from our records.

All users who register for an account affirm that they are at least 18 years of age. Where identity verification is completed, the verified age is checked to confirm this requirement. Accounts found to belong to minors will be suspended and their data deleted.

11. International Users & GDPR

The Platform is operated from the United States and is primarily intended for U.S. residents. If you access the Platform from outside the United States, including from the European Economic Area (EEA), United Kingdom, or Switzerland, please be aware that your information will be transferred to, processed, and stored in the United States, where data protection laws may differ from those in your country.

11.1 EU/EEA and UK Users

If you are located in the EEA or UK, you have additional rights under the General Data Protection Regulation (GDPR) or UK GDPR. These include the rights described in Section 8, as well as the right to lodge a complaint with your local supervisory authority (your country's Data Protection Authority).

We rely on the following legal bases for processing under GDPR:

• Art. 6(1)(b): Processing necessary for the performance of a contract with you.
• Art. 6(1)(c): Processing necessary for compliance with a legal obligation.
• Art. 6(1)(f): Processing based on our legitimate interests, where not overridden by your rights.
• Art. 6(1)(a): Processing based on your consent (for optional activities such as marketing communications and precise location tracking).
• Art. 9(2)(a): Explicit consent for processing of special categories of data, including biometric data.

11.2 International Data Transfers

When we transfer personal data outside the EEA, UK, or Switzerland, we do so in accordance with applicable transfer mechanisms, which may include Standard Contractual Clauses approved by the European Commission, adequacy decisions, or other lawful transfer tools. You may request information about the safeguards applicable to your data transfer by contacting us.

11.3 Data Protection Officer

We do not currently have a designated Data Protection Officer (DPO) as we are a small business. For all GDPR-related inquiries, contact us at jen@carsmotology.com.

12. CAN-SPAM Act Compliance

We comply with the Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003 (CAN-SPAM Act). Our commercial email practices include:

• We include our physical mailing address (1885 FM 2673, Suite H31, Canyon Lake, TX 78133) in all commercial emails.
• We clearly identify all commercial emails as advertisements or promotional communications.
• We do not use deceptive subject lines or misleading "From" names.
• Every commercial email includes a clear and conspicuous mechanism to unsubscribe from future commercial messages.
• We honor opt-out requests within 10 business days of receipt.
• We do not transfer the email addresses of users who unsubscribe to any third party for marketing purposes.

To unsubscribe from promotional emails, click the "Unsubscribe" link in any email we send, or contact us directly at jen@carsmotology.com. Note that you will continue to receive transactional emails (such as booking confirmations and receipts) even if you opt out of marketing communications.

13. Security Measures

We take the security of your personal information seriously and implement a range of technical and organizational measures designed to protect it against unauthorized access, disclosure, alteration, and destruction. These measures include:

• Encryption in transit: All data transmitted between your device and our servers is protected by TLS (Transport Layer Security) encryption.
• Encryption at rest: Sensitive data stored in our databases is encrypted using industry-standard encryption algorithms.
• Access controls: Access to personal information is restricted to authorized personnel on a need-to-know basis. We use role-based access control and require authentication for all administrative access.
• Password security: User passwords are hashed using a strong cryptographic algorithm (such as bcrypt) and are never stored in plain text.
• Payment security: Payment card data is processed by Stripe, which maintains PCI-DSS Level 1 compliance. We do not store full payment card numbers on our servers.
• Regular security reviews: We conduct periodic security assessments of our Platform and third-party integrations.
• Incident response: We maintain an incident response plan and will notify affected users and, where required, regulatory authorities, in the event of a qualifying data breach within the timeframes required by applicable law.

Despite these measures, no security system is impenetrable. We cannot guarantee that unauthorized third parties will never be able to circumvent our security measures. You are responsible for maintaining the confidentiality of your account credentials and for any actions taken through your account.

If you believe your account has been compromised, or if you discover a security vulnerability in our Platform, please contact us immediately at jen@carsmotology.com.

14. Third-Party Links and Services

The Platform may contain links to third-party websites, applications, or services that are not owned or controlled by The Glossary. This Privacy Policy applies only to information collected by us on the Platform. We are not responsible for the privacy practices of any third-party website or service. When you click a link to a third-party site, you will be subject to that site's privacy policy.

We encourage you to review the privacy policies of any third-party services you access through the Platform, including:

• Stripe Privacy Policy
• Google Privacy Policy
• Microsoft Privacy Statement

The inclusion of any link does not imply endorsement by The Glossary of the linked site or service.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Platform, applicable law, or for other operational, legal, or regulatory reasons. When we make material changes, we will:

• Update the "Effective Date" at the top of this page.
• Post a prominent notice on the Platform or send you an email notification (where required by law or where we deem appropriate given the significance of the change).

We encourage you to review this Privacy Policy periodically. Your continued use of the Platform after the Effective Date of any updated Privacy Policy constitutes your acceptance of the updated policy. If you do not agree with the updated policy, you must discontinue your use of the Platform and may request deletion of your account as described in Section 7.2.

For material changes that require your explicit consent (such as new uses of biometric data or new categories of sensitive personal information), we will seek your affirmative consent before the new processing begins.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: jen@carsmotology.com
• Mail: The Glossary
  1885 FM 2673, Suite H31
  Canyon Lake, TX 78133
• Website: theglossaryapp.com

We are committed to working with you to resolve any privacy concerns promptly. If you are not satisfied with our response, and you are located in the EEA or UK, you have the right to lodge a complaint with your local data protection supervisory authority.

This Privacy Policy was last updated on May 25, 2026. Previous versions are available upon request.