Draft note · not legal advice
This document is starter content drafted to reflect how Ames currently handles data. It is not legal advice and has not been reviewed by an attorney. Before publishing, a privacy-aware attorney should review for state-specific requirements (Wisconsin has minimal state-level privacy law currently, but federal CAN-SPAM, TCPA, and emerging state laws apply).
01. The short version
We collect what we need to book your appointment, do the work, take payment, and communicate with you about your service. We don't sell your data. We don't share it with anyone except the vendors required to actually run the business (Stripe for payments, Twilio for text messages). You can request deletion of your account and data at any time.
02. What we collect
Information you give us directly
- Identity and contact: name, email address, phone number, service address.
- Vehicle information: year, make, model, color, size, condition.
- Booking information: services selected, scheduling preferences, special requests.
- Payment information: credit/debit card details are entered directly into Stripe — we do not see or store your full card number. We store only the last four digits and card type for your reference.
- Account credentials: if you create a customer portal account, your username and a hashed (not plaintext) password.
- Communications: any messages, emails, or texts you send us.
Information collected automatically
- Basic technical data: when you visit the website, the server logs your IP address, browser type, and pages visited. This is used for security and basic analytics.
- Cookies: see section 06.
Information we do not collect
- We do not use third-party advertising tracking.
- We do not sell or rent your data to anyone.
- We do not collect data about you from data brokers or external sources.
- We do not collect biometric, health, or precise location data.
03. How we use your information
We use the information we collect to:
- Provide service: book appointments, schedule visits, perform the work, process payments, follow up.
- Communicate with you: confirmation texts, appointment reminders, service follow-ups, response to questions.
- Improve our operations: understanding which services are popular, what scheduling patterns work, where service gaps exist.
- Comply with the law: tax records, business reporting, responding to legal process if required.
- Marketing (only if you've agreed): occasional emails or texts about new services, promotions, or seasonal reminders. Always with a clear opt-out.
04. Who we share information with
We share information only with vendors required to run the business. Each is bound by their own privacy and security obligations:
Payment processing
Stripe processes online payments and deposits. They see what's necessary to process the transaction. Stripe's privacy policy: stripe.com/privacy.
Square processes in-person card payments at completion. Square's privacy policy: squareup.com/legal/privacy.
Communications
Twilio sends SMS messages on our behalf (appointment confirmations, reminders). Twilio's privacy policy: twilio.com/legal/privacy.
Infrastructure
Our website, customer portal, and business systems run on infrastructure we host ourselves. We don't use third-party analytics, advertising trackers, or marketing automation platforms that share data outside the business.
Legal obligations
We may disclose information if required by law (subpoena, court order, tax authority request) or to protect against fraud, security threats, or harm to ourselves or others. We will resist overly broad requests and notify you if we are legally permitted to do so.
What we never do
- Sell your data to third parties.
- Share your data with advertisers or data brokers.
- Use your data for ad targeting on other platforms.
05. How we protect your information
We take reasonable security measures appropriate for the size and nature of our business:
- All traffic between you and our website uses HTTPS encryption.
- Payment information is handled by PCI-compliant processors (Stripe, Square) — we do not store full card numbers.
- Customer portal passwords are stored hashed using industry-standard algorithms, never in plaintext.
- Database access is restricted to the business owner and authorized systems.
- Our infrastructure is protected by firewalls, network isolation, and access controls.
- Backups are encrypted at rest.
No system is perfectly secure. If you suspect a security issue or unauthorized access, contact us immediately at info@amesautodetail.pro.
06. Cookies and tracking
Our website uses minimal cookies, only what's necessary for the site to function:
- Session cookies to keep you signed in to the customer portal.
- Preference cookies to remember settings (like accepting cookies, theme preferences).
We do not use third-party analytics cookies (Google Analytics, etc.), advertising cookies, or cross-site tracking. If we add basic analytics in the future, this policy will be updated and you'll be notified.
07. Your rights
You can:
- Access your information by signing in to the customer portal or requesting a copy by email.
- Correct inaccurate information in your account or by contacting us.
- Delete your account and associated data by contacting us. We will delete personal data within 30 days, retaining only what's required for legal/tax compliance (e.g., transaction records for 7 years per IRS requirements).
- Opt out of marketing communications anytime — reply STOP to any text or click unsubscribe in any email.
- Export a copy of your information in a portable format.
- Object to any processing you believe is improper.
Send any privacy request to info@amesautodetail.pro with the subject line "Privacy Request." We respond within 30 days.
08. How long we keep your information
- Active customers: we retain your information for the duration of our service relationship plus 7 years after your last service (to comply with IRS record-keeping requirements).
- Marketing data: we retain email addresses and phone numbers for marketing as long as you remain subscribed.
- Deletion requests: when you ask to delete your data, we delete personal data within 30 days. Transaction records required by law are retained for the legally required period.
- Inactive accounts: we may delete customer portal accounts that have been inactive for more than 3 years, after attempting to notify you first.
09. Children's privacy
Our service is intended for adults (vehicle owners). We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child, contact us and we will delete it.
10. Marketing communications and opt-out
If you opt in to marketing messages:
- SMS: reply STOP to any marketing text to unsubscribe immediately. Standard message rates apply.
- Email: click "unsubscribe" at the bottom of any marketing email.
Transactional messages (booking confirmations, appointment reminders, service follow-ups) are part of our service and not subject to opt-out unless you delete your account.
11. Changes to this policy
We may update this policy. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated to active customers via email. Continuing to use our services after a policy update constitutes acceptance.
Privacy questions or requests:
Ames Auto Detail LLC
Stoddard, Wisconsin
Phone: (608) 804-8333
Email: info@amesautodetail.pro
Subject line: "Privacy Request"