Privacy Policy

    Last updated: April 22, 2026

    1. Information We Collect

    When you create a Backlist account we collect:

    • Account details: name, email, dealership name, ZIP/state, search radius
    • Subscription preferences: makes, models, year/mileage filters, alert preferences
    • Activity data: saved listings, dismissed listings, CRM pipeline entries, search queries, click events
    • Device data on the iOS app: device push token, OS version, app version, anonymous device identifier
    • Approximate location derived from your ZIP code (not GPS) to compute distance to listings

    2. How We Use Your Information

    • Provide and operate the Backlist platform
    • Send real-time deal alerts that match your saved criteria via push notification, in-app, email, or SMS (depending on your channel preferences)
    • Process payments and manage your subscription (subscriptions are sold on backlist.io, not via in-app purchase)
    • Improve our matching, ranking, and pricing models
    • Communicate service updates, billing, and support

    3. Data Sources

    Backlist aggregates publicly available vehicle listings from Facebook Marketplace, Craigslist, AutoTrader, and Cars.com. We collect only what the seller has chosen to publish publicly on those platforms.

    4. Push Notifications (iOS & Android)

    When you enable push notifications, your device sends Apple (or Google) an opaque token that lets us deliver alerts to your device. We store this token associated with your account, send the alert via Apple Push Notification service (APNs) or Firebase Cloud Messaging (FCM), and never share it with third parties. Disabling notifications in the Backlist Settings page or your device settings stops delivery and revokes the token.

    5. Data Security

    We use TLS for all network traffic, bcrypt password hashing, JWT-based session tokens with short expirations, and access-controlled database storage. The APNs signing key and other secrets are stored on the server with restricted file permissions and never bundled into the app.

    6. Third-Party Services

    • DigitalOcean — hosting infrastructure (US-based servers)
    • MongoDB — database storage
    • Apple Push Notification service / Google Firebase — push delivery
    • Telnyx — SMS delivery (only if you enable SMS alerts)
    • Stripe — payment processing for backlist.io subscriptions

    Each service has its own privacy policy.

    7. Data Sharing

    We do not sell, rent, or share your personal information with third parties for advertising. We do not use your data for ad targeting or build any user profile beyond what is needed to power the service.

    8. Tracking

    The Backlist iOS app does not use Apple's AppTrackingTransparency framework and does not track you across other apps or websites owned by other companies. The "Tracking" flag in our App Privacy declaration is set to No.

    9. Your Rights

    You may request access to, correction of, or deletion of your personal data at any time by emailing us. You can also delete your account from your dashboard settings, which removes all associated data within 30 days.

    10. Children

    Backlist is intended for licensed motor-vehicle dealers and is not directed to children under 18. We do not knowingly collect data from minors.

    11. Changes

    We may update this policy. Significant changes will be communicated via email and noted at the top of this page.

    12. Contact

    For privacy questions, contact bennett@backlist.io.