GetCarfeinatedPowered byCARFEINE
Claim a rooftopScan a dealership
PrivacyTerms
How we collect, use, and protect your data

Privacy Policy

Effective May 11, 2026 · v1.0

In one paragraph

Plain-language summary of what's in this document. Carfeine builds public scoring of dealer websites — most of what we collect is what those websites already make public. The exceptions are below.

1. What we collect

When you visit getcarfeinated.com without claiming a rooftop or signing up for the quarterly brief, we collect minimal pageview telemetry: URL, referrer, viewport, and a cookie-less device hash for rate-limiting.

When you submit a URL to scan, we record the URL, the IP it came from, and a timestamp.

When you sign up for the quarterly brief, we collect the email address you provided and the source surface (footer, insights band, claim flow).

When you claim a rooftop, we collect the verification artifact you used (DNS record, meta tag, or domain-email confirmation) plus the contact email tied to the claim.

2. What we publish

Scan results — score, dimension breakdown, and evidence — are public by design. They appear on the directory and the rooftop's own results page. We do not gate them behind authentication.

We do not publish: claim contact emails, claim verification artifacts, scan-submitter IPs, or any data tied to a logged-in carfeine.com session.

3. What we share with third parties

We use a small set of operational vendors: Cloudflare (CDN + DDoS), Sentry (error reporting, scrubbed), Postmark (transactional email), and AWS (hosting). None resell your data.

We do not run advertising. We do not sell email lists. We do not load tracking pixels from social networks.

4. Your rights

You can request a copy of any data tied to a claimed rooftop or a brief subscription by emailing privacy@carfeine.com. We respond within 30 days.

You can unsubscribe from the quarterly brief in one click — every email contains a working unsubscribe link.

You can request deletion of a claim and its associated artifacts. Public scan results are not deletable on request, because they describe a public website — but a claim can be unwound.

5. Cookies and similar technologies

getcarfeinated.com sets two cookies: a session token (after claim verification) and a CSRF token. Neither tracks you across sites.

We set no analytics cookies. We use server-side, cookie-less analytics for traffic measurement.

6. Changes to this policy

If we materially change what we collect, what we publish, or what we share, we'll update the version stamp at the top of this page and email subscribers of the quarterly brief at least 30 days before the change takes effect.

7. Contact

Privacy questions: privacy@carfeine.com. Postal: Carfeine, Inc · 1 Market St · San Francisco, CA 94105.