Skip to content
← Pitlane

Privacy Policy

Last updated: April 28, 2026

1. Who We Are

Pitlane ("we," "our," or "us") is a cloud platform built for independent auto repair shops. The Service is operated by Auto Shift Media, an Ohio limited liability company. You can reach us at support@usepitlane.com.

2. Information We Collect

We collect information you provide directly and information generated through your use of the platform:

  • Account information: name, email address, business name, and password when you register.
  • Business data: customer contacts, vehicles, service history, appointments, inspections, estimates, invoices, campaigns, and reviews you create within the platform.
  • Payment information: billing details for your Pitlane subscription are processed securely by Stripe. We do not store full card numbers. If you enable customer payments, your customers' card details are handled by Stripe Connect and are not stored by us.
  • AI interactions: prompts you or your staff submit to PitCrew, the context we attach (e.g. a vehicle record or an inspection you are editing), and the AI responses generated.
  • Usage data: pages visited, features used, device information, IP address, and other interactions with the platform collected automatically.
  • Communications: messages you send through support, and messages you send to your customers via SMS and email through the platform.
  • SMS brand registration data: if you opt to send SMS through Pitlane, you submit business identity information so Twilio Trust Hub and the U.S. mobile carriers can vet your shop's messaging brand under the A2P 10DLC framework. This includes your legal business name, doing-business-as name, business address, website, an authorized representative's name, title, email, and mobile phone, and a tax identifier (EIN or, for sole proprietors without an EIN, an SSN). The tax identifier is transmitted to Twilio Trust Hub over an encrypted connection but is not stored in the Pitlane database; the rest of the brand data is stored so we can show you the registration status and continue the carrier-vetting flow on your behalf.

3. How We Use Your Information

  • To provide, operate, secure, and improve the Pitlane platform.
  • To process subscription payments and manage your account.
  • To send transactional emails and notifications about your account, including optional morning briefings summarizing your shop's daily activity.
  • To deliver SMS messages, email campaigns, and review requests on your behalf to your customers.
  • To generate AI suggestions via PitCrew when you request them.
  • To respond to support requests and provide customer service.
  • To detect, prevent, and address fraud, abuse, or technical issues.

We do not sell your personal information, and we do not use your business data or AI prompts to train any third-party AI model.

4. Sub-Processors We Share Data With

We do not sell your personal information. We share data only as necessary to operate the platform, and only with vetted sub-processors:

  • Supabase — authentication and primary database infrastructure.
  • Vercel — hosting, deployment, analytics, and performance monitoring.
  • Stripe — subscription billing and, if enabled, customer payments via Stripe Connect.
  • Twilio — SMS message delivery and A2P 10DLC brand and campaign registration via Twilio Trust Hub. Each shop on Pitlane is provisioned a dedicated Twilio subaccount and phone number; the subaccount's authentication credentials are encrypted at rest using AES-256-GCM in our database.
  • Resend — transactional email and campaign delivery.
  • Anthropic — AI language model that powers PitCrew suggestions.
  • Upstash — rate limiting and caching infrastructure.

We may also disclose information if required by law, subpoena, or legal process, or to protect the rights and safety of Pitlane, our users, or the public.

5. AI Processing (PitCrew)

PitCrew uses a large language model operated by Anthropic to generate suggested text. When you trigger a PitCrew action, the following may be transmitted to Anthropic over an encrypted connection:

  • The prompt, tone option, or question you submitted.
  • Relevant shop and customer context for the action — for example, a customer's first name, a vehicle's make/model/year, an inspection's findings, or an estimate's line items.
  • A brief system prompt describing PitCrew's role and safety rules.

We do not send full customer contact lists, payment details, or unrelated business data to Anthropic. Anthropic operates under a zero-data-retention agreement with respect to API requests and does not use the data it receives from us to train its models. Full customer phone numbers, addresses, and payment identifiers are not included in prompts.

Input and output token counts are stored by us for metering and abuse prevention. You can disable PitCrew at any time from your account settings; if you do, no further data is sent to Anthropic from your account.

6. Data Retention

We retain your data for as long as your account is active. If you cancel your account or request deletion, we will delete your data within 30 days, except where retention is required by law, needed to resolve disputes, or necessary to enforce our agreements. Anonymized and aggregated usage metrics may be retained beyond this period.

7. Security

We use industry-standard security measures, including HTTPS encryption in transit, HTTP-only cookies with strict same-site enforcement, row-level security on the database, rate limiting, webhook signature verification on all third-party callbacks (Stripe, Twilio), AES-256-GCM encryption at rest for sensitive credentials such as per-shop SMS authentication tokens, and strict tenant isolation to protect your data. Tax identifiers submitted for SMS brand registration are transmitted to Twilio Trust Hub but are not stored in our database. No system is completely secure, but we take reasonable precautions to safeguard your information and review our posture regularly.

8. Your Rights

You may request access to, correction of, portability of, or deletion of your personal data at any time by contacting us at support@usepitlane.com. We will respond within 30 days. If you are a resident of California, the EU, or another jurisdiction with additional data rights, we honor those rights on request.

9. Cookies & Analytics

Essential cookies. We set HTTP-only cookies to maintain your login session and protect against cross-site request forgery. Stripe sets cookies during checkout for fraud prevention. These cookies are required for the platform to function and are not subject to consent.

Analytics. We use Vercel Analytics and Speed Insights for aggregate web-vitals reporting; these are cookieless by design. We also load Google Analytics on marketing pages to understand traffic sources and pageviews. Google Analytics sets first-party cookies in your browser. We do not use any advertising, retargeting, or cross-site tracking cookies.

Global Privacy Control. If your browser sends a Sec-GPC: 1 signal — automatic in Brave and DuckDuckGo, available as an extension in Firefox, Safari, and Chrome — Pitlane will not load Google Analytics on your visit. The signal is honored at the network layer, not just disclaimed here.

Other ways to opt out of GA. Use the official Google Analytics opt-out browser add-on, or block analytics domains in your browser’s tracking-protection settings. We do not display a cookie consent popup because Pitlane targets US-based shops and does not use any tracking that triggers EU/UK consent requirements; if that ever changes, this policy and the platform will be updated together.

10. Demo Account

Our public demo account uses shared credentials and is intended for evaluation only. Any data you enter into the demo may be visible to other demo visitors and may be reset or deleted at any time. Outbound actions (messages, AI calls, payments) are stubbed in the demo and do not reach real customers. Do not enter real customer information, payment details, or confidential data into the demo.

11. Children's Privacy

Pitlane is a business-to-business service and is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

12. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by email or by posting a notice in the platform. Continued use of Pitlane after changes take effect constitutes acceptance of the updated policy.

13. Contact

Questions about this policy? Email us at support@usepitlane.com.

Terms of Service · Back to Pitlane