Privacy Policy

Last updated: February 11, 2026

This Privacy Policy explains how WCAP Detailing Inc. ("DetailerBase," "we," "us") collects, uses, and shares information. In this policy, "you" refers to any person or entity using the DetailerBase platform, whether as a business user (a "User") or as an end customer of a business (a "Customer").

Company details

WCAP Detailing Inc. (Nova Scotia, Canada)
51 Wentworth Drive, Halifax, NS B3M 0R7, Canada
Support: support@detailerbase.com

1) Scope

This policy applies to:

  • Users: Business owners, admins, and staff using the web application to manage their detailing business.
  • Customers: Individuals who interact with a business's public booking page, receive reminders, or use the customer portal.

2) Information we collect

A) Account & business information (collected from Users)

Examples: name, email, password hash, phone number, business details, website URL, service areas, and settings.

B) Customer information (collected through the Service)

Examples: name, phone, email, vehicle details, address/location for services, booking history, and notes. This information is collected by the User's business via our platform to facilitate bookings and service delivery.

C) Files and photos

Media uploaded by Users or Customers (e.g., vehicle condition photos). These may contain personal data depending on the image content.

D) Communication and consent data

We store records of opt-in/opt-out selections, timestamps, and metadata (e.g., consent source) to help Businesses comply with regulatory requirements.

E) Payment Information (Connected Accounts)

To facilitate your use of Stripe Connect, we may collect and share your Stripe Account ID and transaction metadata. We do NOT store your customers' full credit card numbers; these are processed securely and directly by Stripe.

F) Usage and diagnostics

We collect logs needed to operate the Service, prevent abuse, and troubleshoot (e.g., basic request metadata, error reports).

G) Referral & Affiliate data

If you participate in our Referral or Affiliate programs, we collect and store: unique referral codes, attribution records (which user referred whom), commission payout amounts and dates, and—for affiliates—your Stripe Connect Account ID for payouts. This data is used solely to operate the programs and calculate earnings.

3) How we use information

We use information to:

  • provide and operate the Service (bookings, reminders, portal access),
  • authenticate users and secure accounts (email/phone verification),
  • send service communications (e.g., verification, booking confirmations, reminders),
  • prevent abuse and enforce policies (anti-spam, fair use),
  • provide support and respond to requests,
  • improve reliability and performance.

4) Legal bases (general)

We process information as necessary to:

  • perform our contract with you (provide the Service),
  • comply with legal obligations,
  • protect legitimate interests (security, fraud prevention),
  • based on consent where required (especially for marketing/automations).

5) How communications work (email/SMS)

Email delivery: via Resend.

SMS verification/delivery: via Twilio (including Twilio Verify for OTP).

Marketing Communications (Newsletter)

If you subscribe to our newsletter or opt-in to marketing updates:

  • Double Opt-in: We use a double opt-in process. You must confirm your email address by clicking a link sent to you before gaining "Subscribed" status.
  • Data Collected: We collect your email address, optional first name, IP address (hashed for privacy), user agent, confirmation timestamp, and source URL to prove consent.
  • Unsubscribe: Every marketing email includes a one-click unsubscribe link. We process these requests immediately in our database and sync with our email provider (Resend) to suppress future sends.
  • Retention: We retain consent logs (timestamps, hashed IPs) for 7 years to demonstrate compliance with CASL and CAN-SPAM, even after you unsubscribe.

You are responsible for collecting valid consent where required. We enforce opt-out and include STOP language where applicable (industry standard).

6) Cookies and similar technologies

We use first-party cookies for authentication (session cookies). Additionally, if you consent, we use Google Analytics 4 and Microsoft Clarity to understand how our marketing pages are used. These tools may collect device/browser data and set their own cookies. See our Cookie Policy for full details and withdrawal instructions.

7) Sharing with subprocessors

We share data with vendors that help us operate the Service, such as:

  • Vercel: hosting and analytics.
  • Supabase: database and authentication.
  • Cloudflare R2: file storage.
  • Stripe: Subscription billing (paying us) and Connect payouts (receiving money from your customers). We do not store full credit card numbers on our servers.
  • Resend: email delivery.
  • Twilio: SMS delivery/verification.
  • Sentry: error monitoring.
  • Google: analytics (GA4) and optional Google Calendar integration.
  • Microsoft: analytics and session recording (Clarity).

We share only what's needed for them to provide their services.

8) Data location

Your data is hosted in the United States (Supabase in Ohio) and North America (Cloudflare R2). Data may be processed outside your country.

9) Data retention & Account Deletion

We maintain a multi-stage data retention and deletion process to balance your privacy with our legal and tax obligations:

  • Stage 1: Immediate Deactivation (30 Days). Upon requesting account deletion, your workspace is immediately deactivated. Public booking pages are taken offline, communications are blocked, and user access is revoked. We retain all data for 30 days in this "locked" state to allow for legal hold requests or accidental deletion recovery.
  • Stage 2: Automatic PII Purge. After the 30-day deactivation window, all Personally Identifiable Information (PII) of your Customers and Users is permanently purged or anonymized. This includes names, email addresses, phone numbers, notes, and all uploaded media/files.
  • Stage 3: Legal & Tax Retention (7 Years). To comply with Canadian (CRA/PIPEDA) and US (IRS/TCPA/FCRA) laws, we retain minimal, non-PII billing metadata (Stripe IDs, invoice totals, timestamps) and consent/communication logs for 7 years. These records are strictly for audit and legal defense purposes.

10) Security

We use industry-standard safeguards such as encryption of sensitive secrets, access controls, and secure session cookies. No system can be guaranteed 100% secure, but we continuously work to protect your data using industry-standard practices. We encourage you to use strong passwords and protect your account.

11) Your choices and rights

Depending on your location, you may have rights to access, correct, delete, or export data. Businesses can contact support to request account/data actions.

12) Contact & Privacy Officer

For privacy-related inquiries, data access requests, or to contact our designated Privacy Officer (acting for WCAP Detailing Inc. under PIPEDA):

Email: support@detailerbase.com (Attn: Privacy Officer)
Mail: 51 Wentworth Drive, Halifax, NS B3M 0R7, Canada