🔒 Your Privacy Matters: We are committed to protecting your personal information.
This policy explains what data we collect, how we use it, and your privacy rights.
1. Introduction
NonstopLog ("we," "us," "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains:
- What personal information we collect
- How we use, process, and protect your information
- Your rights regarding your personal data
- How we comply with U.S. privacy laws
This policy applies to all users of NonstopLog and covers:
- Your Personal Data: Information about you as a registered user and dealership user
- Limited Customer Data: NonstopLog is designed to track sales activities and performance metrics. The system allows entry of customer names only for activity tracking purposes. No other customer personal information (phone numbers, email addresses, addresses, or other contact details) can be stored in the system.
3. How We Use Your Information
We use your information for the following purposes:
3.1 Service Delivery
- Provide access to your NonstopLog account
- Process and store your sales activity data
- Generate reports and analytics
- Deliver customer support
3.2 Account Management
- Process subscription payments
- Send transactional emails (password resets, account notifications)
- Manage account security (two-factor authentication)
3.3 Service Improvement
- Analyze usage patterns to improve features
- Monitor system performance and fix bugs
- Develop new features based on user needs
3.4 Legal Compliance
- Comply with legal obligations
- Protect our rights and prevent fraud
- Respond to lawful requests from authorities
4. Data Security and Encryption
We implement industry-standard security measures to protect your data:
4.1 Encryption
- In Transit: All data transmitted between your browser and our servers uses TLS 1.2+ encryption
- At Rest: Sensitive data is encrypted in our database
- Passwords: All passwords are hashed using bcrypt with a cost factor of 12
4.2 Access Controls
- Role-based access control (only you can access your data)
- Two-factor authentication (2FA) available
- Session management with secure cookies
- Automatic logout after inactivity
4.3 Infrastructure Security
- Regular security audits and monitoring
- Secure database configuration
- Regular encrypted backups
- DDoS protection
- Firewall and intrusion detection systems
4.4 Data Breach Response
In the unlikely event of a data breach affecting your personal information, we will:
- Notify affected users within 72 hours via email
- Report to relevant authorities as required by law
- Provide details about the breach and mitigation steps
- Offer support and guidance to affected users
5. Data Sharing and Third Parties
We do not sell your personal data. We may share limited data with:
5.1 Service Providers
We work with trusted third-party service providers who process data on our behalf:
| Service Provider |
Purpose |
Data Shared |
| Hosting Provider |
Server infrastructure |
All application data (encrypted) |
| Payment Processor |
Subscription billing |
Email, billing info (not credit cards) |
| Email Service |
Transactional emails |
Email address, name |
| Analytics Provider |
Usage statistics (optional) |
Anonymized usage data |
All service providers are contractually obligated to:
- Use data only for specified purposes
- Maintain appropriate security measures
- Comply with applicable privacy laws
- Not share data with other parties
5.2 Legal Requirements
We may disclose information if required by law or to:
- Comply with legal process (subpoenas, court orders)
- Protect our rights and property
- Prevent fraud or illegal activity
- Protect the safety of users or the public
5.3 Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email and/or a prominent notice on our website at least 30 days before any transfer occurs.
6. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience:
6.1 Types of Cookies We Use
Essential Cookies (Always Active):
- Session Cookies: Maintain your login state
- Security Cookies: CSRF protection, authentication
- Preference Cookies: Remember your settings (dark mode, etc.)
Functional Cookies (Optional):
- Remember Me: Keep you logged in across sessions
- Language Preference: Remember your language choice
- UI State: Remember collapsed/expanded sections
Analytics Cookies (Optional):
- Usage Analytics: Understand how features are used (anonymized)
- Performance Monitoring: Track page load times
- Error Tracking: Identify and fix technical issues
6.2 Managing Cookies
You can control cookies through:
- Our cookie consent banner (appears on first visit)
- Your browser settings (most browsers allow you to refuse cookies)
- Your account preferences (for logged-in users)
⚠️ Note: Disabling essential cookies will prevent you from using the Service. Optional cookies can be disabled without affecting core functionality.
6.3 Third-Party Cookies
We do not allow third-party advertising cookies. The only third-party cookies are from our service providers (analytics, if enabled).
7. Data Retention
7.1 Active Accounts
We retain your data as long as your account is active and for legitimate business purposes:
- Account Information: Retained until you delete your account
- Activity Data: Retained until you delete records or your account
- Login Logs: Retained for 90 days for security purposes
- Backup Data: Retained for 30 days in encrypted backups
7.2 Account Deletion
When you delete your account:
- Your personal information is deleted within 30 days
- Activity data is permanently deleted
- Backup copies are deleted within 90 days
- Some data may be retained for legal compliance (e.g., payment records for 7 years)
7.3 Inactive Accounts
Accounts inactive for more than 2 years may be deleted after:
- Email notification sent to registered email address
- 90-day grace period to reactivate
- Final warning 30 days before deletion
7.4 Legal and Regulatory Requirements
Some data must be retained longer for compliance:
- Payment and billing records: 7 years (IRS requirement)
- Legal notices and acceptances: Duration of legal requirement
- Security incident logs: 1 year minimum
8. Your Privacy Rights
You have the following rights regarding your personal data:
8.1 Right to Access
You can access your personal information at any time through:
- Your account settings page
- Requesting a data export (CSV/JSON format)
- Contacting us at support@nonstoplog.com
8.2 Right to Rectification
You can update or correct your information:
- Edit account information in your profile
- Update activity records directly in the application
- Contact support for assistance
8.3 Right to Erasure ("Right to be Forgotten")
You can request deletion of your data:
- Delete your account through account settings
- Request account deletion via support@nonstoplog.com
- We will process deletion requests within 30 days
8.4 Right to Data Portability
You can export your data in machine-readable format:
- Export activity logs as CSV or JSON
- Download account information
- Request complete data export from support
8.5 Right to Object
You can object to certain data processing:
- Opt out of marketing emails (we don't send marketing by default)
- Disable optional analytics cookies
- Request restriction of processing in certain circumstances
8.6 Right to Withdraw Consent
Where we rely on consent, you can withdraw it at any time:
- Change cookie preferences
- Update email notification settings
- Disable optional features
8.7 How to Exercise Your Rights
To exercise any of these rights:
- Email us at support@nonstoplog.com
- Include "Privacy Rights Request" in the subject line
- Specify which right you wish to exercise
- We will respond within 30 days
9. California Privacy Rights (CCPA)
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):
9.1 Your CCPA Rights
Right to Know:
- What personal information we collect
- How we use your information
- Whether we sell or share your information (we don't)
- Categories of third parties we share with
Right to Delete:
- Request deletion of your personal information
- We will comply within 45 days (may extend to 90 days with notice)
Right to Opt-Out:
- We do NOT sell personal information
- You can opt out of optional data sharing through your settings
Right to Non-Discrimination:
- We will not discriminate against you for exercising your CCPA rights
- Same service quality regardless of privacy choices
9.2 CCPA Data Categories We Collect
| Category |
Examples |
Collected |
| Identifiers |
Name, email, username, IP address |
✓ Yes |
| Commercial Information |
Subscription type, payment history |
✓ Yes |
| Internet Activity |
Login times, features used |
✓ Yes |
| Geolocation Data |
Approximate location from IP |
✓ Yes |
| Sensitive Personal Information |
Account credentials (hashed) |
✓ Yes |
| Biometric Information |
N/A |
✗ No |
| Audio/Visual Information |
N/A |
✗ No |
9.3 How to Submit CCPA Requests
- Email: support@nonstoplog.com with "CCPA Request" in subject
- Phone: (530) 341-2323
- Online: Through your account settings
We will verify your identity before processing requests.
9.4 Notice of Financial Incentive
We do not offer financial incentives for personal information collection.
10. Children's Privacy
Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children.
10.1 Age Requirement
- You must be at least 18 years old to use this Service
- We do not target or market to children
- We do not knowingly collect data from minors
10.2 If We Learn of Child Data
If we discover we have collected information from a child under 18:
- We will delete the information immediately
- We will terminate the account
- We will notify the account holder
10.3 Parental Rights
If you believe your child has provided us with personal information, contact us immediately at support@nonstoplog.com
11. Data Processing Relationship
Understanding data responsibilities when using NonstopLog:
11.1 What Customer Data NonstopLog Stores
NonstopLog is designed as a sales activity and performance tracking system, not a customer relationship management (CRM) platform. The system intentionally limits customer data collection:
- Allowed: Customer first and last names for activity tracking purposes
- Not Allowed: Customer phone numbers, email addresses, physical addresses, or any other personal contact information
- System Design: The platform does not provide fields for entering customer contact details
11.2 Your Responsibilities
Even though NonstopLog only stores customer names, you should:
- Inform customers that their names will be recorded in your dealership's sales tracking system
- Ensure you have a lawful basis for recording customer names in connection with sales activities
- Maintain your own privacy policy that covers your dealership's data practices
- Use a separate CRM system if you need to store comprehensive customer contact information
11.3 Data Processing Roles
For the limited customer name data collected:
- You (the dealership) are the data controller who determines what customer names are entered
- NonstopLog acts as a data processor providing the infrastructure to store and display this information
- NonstopLog will not use customer names for any purpose other than displaying them in your sales activity records
- You can delete or modify customer names at any time through the activity editing features
11.4 Data Minimization Approach
NonstopLog follows a data minimization principle:
- We only collect customer names because they are necessary for tracking which salesperson worked with which customer
- We deliberately do not provide fields for additional customer personal information
- This approach reduces privacy risks for both you and your customers
- For comprehensive customer relationship management, use a dedicated CRM system alongside NonstopLog
💡 Best Practice: NonstopLog is designed to track sales performance and activities. For managing customer relationships, collecting contact information, and marketing activities, use a separate CRM system. This separation of concerns provides better security and compliance for sensitive customer data.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes:
12.1 Notification Method
- Update the "Last Updated" date at the top of this page
- Send email notification to your registered email address
- Display a prominent notice in the application
- Provide at least 30 days notice before changes take effect
12.2 Your Options
After receiving notice of changes:
- Review the updated policy carefully
- Continue using the Service (indicates acceptance)
- Exercise your right to delete your account if you disagree
- Contact us with questions or concerns
12.3 Material Changes
Material changes include:
- Changes to data collection practices
- New ways we use your information
- Changes to data sharing practices
- Changes to your rights
- Changes to retention periods
12.4 Version History
Previous versions of this policy are available upon request. Contact support@nonstoplog.com to request historical versions.
🔒 Privacy Commitment Summary
- We encrypt your data in transit and at rest
- We do NOT sell your personal information to anyone
- You own your data and can export or delete it anytime
- We comply with CCPA and other U.S. privacy laws
- We're transparent about what data we collect and why
- We respond quickly to your privacy requests
- Limited customer data: Only customer names can be entered - no phone numbers, emails, or addresses
- Data minimization: By design, NonstopLog limits data collection to what's necessary for sales tracking