Warranty Window
AboutOur PrinciplesThe MethodFor DealershipsPricingFAQLog in
HomeAboutOur PrinciplesThe MethodFor DealershipsPricingFAQ
Legal

Privacy Policy

Last updated: June 26, 2026.

Warranty Window ("we", "us") handles two kinds of personal information: dealership user information (the people who sign in and use the CRM) and end-customer information (records about dealership customers uploaded by the dealership for retention outreach). This Policy describes how we collect, use, and protect both, consistent with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).

1. Information we collect

Dealership users: name, email address, role, assigned stores, login activity, and any profile fields voluntarily provided.

End customers (uploaded by the dealership): name, contact information, vehicle identifiers (VIN, make/model), warranty status fields, odometer readings, sale dates, dealership-entered notes and outreach logs.

2. How we use it

We use dealership user information to authenticate users, enforce per-store access, and provide support. We use end-customer information solely to deliver the Service to the uploading dealership — classification, outreach surfacing, activity logging, and conversion tracking. We do not use end-customer information to market directly to end customers.

3. Lawful basis and consent

End-customer information is uploaded by the dealership under a business relationship already established between the dealership and the customer (e.g., a prior vehicle sale). The dealership remains the controller of that information and is responsible for ensuring CASL and PIPEDA compliance in any outreach conducted through the Service.

4. Where your data lives

All data is stored in a Supabase Postgres project hosted in the Canada Centralregion. Row-Level Security enforces per-dealership isolation — no dealership’s data is visible to another dealership, and F&I managers see only the stores they are assigned to.

5. Subprocessors

We rely on a small, named list of subprocessors:

  • Supabase — Postgres hosting, authentication, and row-level security (Canada Central region).
  • Vercel — static and serverless hosting of the CRM and marketing site.
  • Resend — transactional email delivery (demo-booking confirmations, password reset).

The current list is provided on request and will be updated if it changes materially.

6. Retention

Dealership user records are retained for the life of the account and deleted within ninety (90) days of termination. End-customer records uploaded by the dealership are retained until the dealership terminates the Service, at which point we provide a CSV export and delete within ninety (90) days.

7. Your rights

Individuals may request access to, correction of, or deletion of their personal information. Requests from end customers should be directed to the dealership that uploaded the information; we will support the dealership in fulfilling them. Requests from dealership users may be sent to george@warrantywindow.com.

8. Security

Data in transit is protected by TLS. Data at rest is encrypted by Supabase’s default-encrypted storage. Authentication uses email-and-password with Supabase-managed hashing. Row-Level Security ensures no dealership can query another dealership’s records. We do not export bulk customer data to our own systems for analytics.

9. Text messaging (SMS)

Where a dealership uses Warranty Window to send warranty and service reminders by text message, the customer's mobile number and messaging consent are used solely to deliver that dealership's notifications. Mobile opt-in information and SMS consent are never sold, and are never shared with third parties or affiliates for their own marketing or promotional purposes. Customers may opt out of text messages at any time by replying STOP, which suppresses all further messages immediately. Message and data rates may apply. Full program terms are on our SMS Messaging Terms page.

10. Breach notification

If a breach of security safeguards creates a real risk of significant harm to an individual, we will notify the affected dealership without undue delay and support notification to affected individuals and the Office of the Privacy Commissioner of Canada, consistent with PIPEDA.

11. Changes

We will revise this Policy as the Service evolves. Material changes will be announced by email to dealership owners at least thirty (30) days before taking effect.

12. Contact

Privacy questions: george@warrantywindow.com.

Warranty Window Ltd.
203-2502 16A Street SW, Calgary, AB T2T 4K5, Canada

This Policy is a plain-English draft intended for early dealer engagements. A formal, lawyer-reviewed version will be published before the Service moves past the initial ten-dealership cohort.

TermsPrivacySMS TermsCASL
© 2026 Warranty Window Ltd. · Calgary, AB