Privacy Policy

Version: 1.1 Created on April 7, 2026

Focus: Data Anonymization, PII Redaction, and AI Training.

1. Introduction

CarBuyInsight ("we," "us," or "our"), powered by SignSpark AI, is committed to protecting your privacy. This policy explains how we collect, use, and safeguard the information you provide when using our platform and the SignSpark App.

2. Data We Collect

  • Contract Data: When you upload only the fee-related pages of a Motor Vehicle Purchase Agreement , you are required to use our in-app tools to perform manual masking of all PII data prior to submission. You will be able to draw masking boxes over the relevant areas containing PII, including name, address, email, phone number, date of birth, SSN, driver’s license number, and signatures. Once submitted, the document will move to AI and OCR extraction for further processing.
  • Survey Data: Information regarding your dealership experience and vehicle pricing.
  • Technical Data: Device ID, IP address, and app usage statistics to prevent fraud.

3. How We Use Your Data

  • Fairness Intelligence Database: We use anonymized, aggregated data to identify market trends and dealer fees.
  • AI Training: Your redacted data helps train the SignSpark AI Fairness Engine to better detect unfair pricing for the community.
  • Reward Fulfillment: To process your $15 instant reward and enter you into the $500 Lucky Draw.

4. Data Anonymization Guarantee

We employ "Privacy by Design". Your privacy is placed directly in your hands to create a complete anonymous document submission process. The tool will provide masking functionality on both iOS and Android through native features, using options such as move and draw. If any remaining PII is later identified, you will have the option to delete the submission and re-upload the corrected document. We do not sell your personal identity; we share only aggregated, non-identifiable market insights.

5. Third-Party Sharing

We do not share PII with third parties except for:

  • Reward processors (e.g., Digital Visa card providers).
  • Cloud infrastructure providers (e.g., AWS).
  • Legal requirements (compliance with a court order).

6. Your Rights (CCPA/GDPR)

Depending on your location, you may have the right to access, delete, or opt-out of the "sale" of your data. Since we anonymize data immediately, we may not be able to link specific data points back to you once redacted.