Back to Dashboard
Revised & Effective: 01/01/2026

Privacy Policy

Hot Tomatoes, LLC Customer App & Web Ecosystem

Legal EntityHot Tomatoes, LLC
Address13993 S. Old Saddle Rd, Draper UT 84020
Primary Emailhottomatoesai@gmail.com
Phone+1 (858) 206-8700

Part 1: Privacy Policy

This Privacy Policy describes how Hot Tomatoes, LLC collects, uses, discloses, and protects information when you use our customer-facing mobile application (the “App”), our website and web application (the “Web”), and related services (collectively, the “Services”), including service appointment scheduling and messaging with service advisors and representatives.

1. Scope

This Privacy Policy applies to information collected through:

  • The App (mobile application)
  • The Web (website and web application, including browsers)
  • In-app and in-Web messaging and chat features
  • Service appointment scheduling features
  • Text messages (SMS/MMS) and push notifications you receive from us (where you opt in or otherwise authorize)

It does not apply to third-party websites or services you may access through links in the App or Web.

Data Controller: Hot Tomatoes, LLC. For privacy inquiries and data subject requests (DSRs): hottomatoesai@gmail.com.

2. Information We Collect

We collect information in three main ways: (a) information you provide, (b) information collected automatically, and (c) information from service providers and integrations used to operate the Services.

A. Information You Provide

  • Identifiers and contact info: name, phone number, email address
  • Account verification info: phone number for OTP verification, confirmation status, timestamps related to verification
  • Communications: messages you send and related communication content and metadata (date/time, participants)
  • User Content: profile information, appointment details, photos or documents you upload

B. Information Collected Automatically

  • Device, browser, and app activity: device model, operating system, browser type and version, app version, language, time zone, session/activity logs
  • Identifiers: mobile device identifiers and app instance identifiers (may include advertising identifiers depending on your device settings), browser cookies, local storage identifiers, and other web identifiers
  • Diagnostics: crash logs, performance data, and error reports
  • Notification data: push notification tokens/identifiers (if you enable push notifications)
  • Web-specific: IP address, referrer, pages visited, clickstream, and cookie identifiers

C. Information From Service Providers

We may receive information from vendors that help us provide the Services (e.g., cloud hosting, analytics, crash reporting, customer support tools, messaging providers). This may include delivery status of messages and technical logs required to provide reliable service.

D. Sources of Information

  • Directly from you: when you create an account, schedule a service appointment, send messages through the App or Web, or communicate with us
  • Automatically from your device or browser: when you use the App or Web, through device identifiers, browser cookies, session logs, and diagnostics
  • From our service providers: vendors who support hosting, messaging delivery, analytics, and customer service operations

3. App and Web Permissions

The App or Web may request access to certain device or browser features. You can manage these permissions in your device settings or browser settings at any time. We only collect data from these features when you grant permission.

  • Camera: Used to scan QR codes for accessing the App/Web, linking your vehicle, or connecting to your dealership account. Images captured for QR scanning are processed locally and are not stored or transmitted unless required for the specific feature.
  • Push Notifications (App) / Browser Notifications (Web): Used to deliver appointment reminders, service status updates, and (if you opt in) marketing messages. You may enable or disable notifications in your device or browser settings.
  • Location (if applicable): If enabled, used to identify your nearest dealership location or provide location-relevant service information. We collect only approximate (coarse) location data, and only while the App is in active use (foreground) or while you permit location sharing via the Web. Location data is not collected unless you grant permission.

We do not request access to your contacts, microphone, or photo library unless you explicitly grant it for a specific feature, in which case we disclose that use at the point of request.

4. How We Use Information

We use information to:

  • Provide the Services: schedule and manage service appointments, enable communication with advisors/reps, and support customer service interactions
  • Verify and secure accounts: OTP verification, fraud prevention, authentication, and security monitoring
  • Send transactional communications: appointment confirmations, reminders, service status updates, account-related notifications (frequency varies by activity)
  • Send marketing communications (optional): promotional offers and service specials only if you opt in (up to 10 messages/month, unless otherwise disclosed at sign-up)
  • Improve and maintain the App and Web: analytics, troubleshooting, crash/performance monitoring, quality assurance
  • Comply with law and enforce policies: respond to lawful requests, protect rights and safety, enforce our Terms of Service

5. AI and Automated Processing

We use automated systems and machine learning models (collectively, “AI”) to provide and improve features of the Services, including generating recommendations, automating appointment routing, summarizing messages, and assisting agents with property- and service-related suggestions. AI systems may process personal information you provide (including message content, profile and appointment data, and usage metadata) to produce these outputs.

We do not use personal data to train models for external commercial reuse without your explicit consent; de-identified and aggregated data may be used to improve our models and Services. AI outputs are informational only and may be imperfect — important decisions (e.g., legal, contractual, financial, or compliance matters) should not rely solely on automated results. You may request human review of any AI-generated decision or recommendation by contacting hottomatoesai@gmail.com or using the in‑App or in‑Web “Request Human Review” option (if available).

6. Lawful Bases / Purpose Limitation (EU/UK)

If you are an EU/UK resident, our lawful bases for processing personal data include performance of a contract, legitimate interests, compliance with legal obligations, and consent where required. We process only the personal data reasonably necessary for the stated purposes.

7. How We Disclose Information

We may disclose information to the following categories of third parties:

  • Service providers (processors): vendors who provide cloud hosting, analytics, messaging delivery, customer support tools, and related operational services. These vendors operate under contracts requiring confidentiality and appropriate safeguards (including SCCs where applicable).
  • Legal and safety disclosures: we may disclose information to comply with applicable law, legal process, or governmental requests; to protect rights, safety, and security; and to investigate and prevent fraud or abuse.
  • Business transfers: in connection with a merger, acquisition, financing, reorganization, or sale of assets (subject to applicable law).

Categories of Personal Information Disclosed for Business Purposes (Past 12 months)

  • Identifiers (name, phone number, email): disclosed to messaging providers, cloud hosting vendors, and customer support tools
  • Customer records: disclosed to customer support tools and cloud hosting vendors
  • Internet/electronic activity (app usage data, device logs): disclosed to analytics and crash reporting providers
  • Communications content (messages with advisors): disclosed to messaging and customer support providers

8. Mobile App, Web, and Messaging

Mobile and Web information will not be shared with third parties/affiliates for marketing/promotional purposes. Text messaging originator opt-in data and consent will not be shared with any third parties. Information sharing to subcontractors in support services, such as customer service and messaging delivery, is permitted; subcontractors are prohibited from using shared data for any purpose other than providing support services.

9. Your Choices and Controls

A. SMS/Text Messages

  • Opt-in: You may be offered separate opt-ins for Transactional and Marketing texts.
  • Opt-out: Reply STOP to unsubscribe from text messages. You may also opt out by replying QUIT, END, CANCEL, UNSUBSCRIBE, REVOKE, or OPT OUT. After you opt out, you may receive a single confirmation text within 5 minutes. We will honor SMS opt-out requests immediately and confirm opt-out within 48 hours. Where immediate processing is not technically possible, we will disable marketing messages within 48 hours and transactional messages as soon as feasible.
  • Help: Reply HELP for help or contact hottomatoesai@gmail.com.
  • In-app and in-Web controls: Where available, you can manage messaging preferences in the App or Web (e.g., toggles for marketing and/or transactional messaging).
  • Marketing message hours: Marketing text messages are sent only between 8:00 AM and 9:00 PM in your local time zone.

B. Push Notifications / Browser Notifications

You can enable or disable push notifications in your device settings or browser notification settings.

C. Cookies and Tracking on the Web

On the Web, we use cookies, pixels, and similar technologies to provide and improve the Services, remember preferences, and perform analytics. You may manage cookie preferences via the Web cookie banner or your browser settings. We may also use secondary domains such as contact@hottomatoes.com for coordination which will be disclosed via our web opt-outs. For information about GPC signals and web opt-outs, see Section 12.

D. Email

You may opt out of marketing emails (if any) via unsubscribe links or by contacting us at hottomatoesai@gmail.com.

E. Account Deletion & Data Subject Requests

You may delete your account at any time through the App or Web by navigating to your profile page and selecting the account deletion option at the bottom of the page. You may also request account deletion or other privacy rights (access, portability, correction, restriction, objection) by:

  • Emailing hottomatoesai@gmail.com with the subject line “Account Deletion Request” or “Privacy Request”
  • Calling +1 (801) 413-4702
  • Using the in‑App or in‑Web “Privacy Request” option (if available)

We will acknowledge your request within 10 business days and respond within 45 calendar days. If we need additional time, we will notify you and may extend the response period by an additional 45 days. We may require information to verify your identity. We will not require you to create an account to submit a verifiable request. You may designate an authorized agent; we may require proof of authorization.

Upon receiving a verified deletion request, we will delete or de‑identify your personal information within 30 days, except for data we are required to retain for legal, tax, warranty, or fraud‑prevention reasons. Such retained data will be isolated and protected until deletion is permitted and will be deleted in accordance with our retention schedule. We will send you a confirmation when your account deletion is complete.

To opt out of having your non-public User Content used to improve or train our models, contact privacy@hottomatoes.com. Opt-outs will apply prospectively and will not remove data already used in irreversible model updates.

10. Data Retention

We retain information for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy and to comply with legal obligations. Specific retention periods include:

  • Account and contact information: retained for the duration of your account and for up to 3 years after account deletion or last activity to comply with legal obligations, resolve disputes, and prevent fraud.
  • Service appointment records: retained for 7 years for warranty, legal, and tax compliance purposes.
  • Messaging content: retained for 3 years after the message date for customer service and dispute resolution purposes.
  • SMS opt-in/opt-out records: retained for 5 years to document consent compliance.
  • Device, browser, and app activity logs: retained for 12 months for analytics and troubleshooting purposes.
  • Crash logs and diagnostics: retained for 12 months.

When retention periods expire, we delete or de-identify the information, unless extended retention is required for legal obligations, active disputes, or ongoing investigations.

11. Security

We implement administrative, technical, and physical safeguards including TLS encryption in transit, AES-256 encryption at rest for sensitive fields, role-based access controls, least-privilege policies, logging and monitoring, regular vulnerability scanning, and an incident response plan. Access to personal data is limited to personnel with a legitimate need. We will notify affected users of a qualifying data breach in accordance with applicable law.

12. International Transfers

Data may be processed and stored in the United States and in other countries. Where required by law, we rely on EU Standard Contractual Clauses (SCCs), adequacy decisions, or other lawful transfer mechanisms to protect personal data.

13. Children’s Privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete it promptly. If users aged 13–17 may access the Services, parental consent mechanisms may be required under applicable law.

14. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA/CPRA”), subject to applicable exceptions.

A. Categories of Personal Information Collected (Past 12 Months)

  • Identifiers: Name, phone number, email address — Sources: Directly from you — Purpose: Provide Services, verify accounts, communicate
  • Commercial information: Appointment history, interaction details — Sources: Directly from you; generated through use — Purpose: Provide Services, improve App/Web
  • Internet/electronic activity: App/Web usage data, device/app logs, session data — Sources: Automatically collected — Purpose: Improve App/Web, troubleshoot, analytics
  • Geolocation: Approximate location (if enabled) — Sources: Automatically collected (with permission) — Purpose: Identify nearest location
  • Inferences: Service preferences, communication preferences — Sources: Generated from other categories — Purpose: Improve Services
  • Sensitive Personal Information: Account login credentials (phone + OTP) — Sources: Directly from you — Purpose: Verify and secure accounts

B. Sensitive Personal Information

We collect the following categories of Sensitive Personal Information: account login credentials (phone number combined with OTP verification code). We use this information solely to verify your identity and secure your account. We do not use Sensitive Personal Information for purposes beyond those authorized under CCPA/CPRA Section 1798.121(a) without your consent.

C. “Sale” and “Sharing” of Personal Information

We do not sell your personal information in exchange for monetary consideration. We do not share your personal information for cross-context behavioral advertising purposes. To submit a “Do Not Sell or Share” request, email privacy@hottomatoes.com or call +1 (858) 206-8700. We honor Global Privacy Control (GPC) signals as valid opt-out requests.

D. Your Rights

Subject to verification and exceptions, you may: request access to the categories and specific pieces of personal information we collected; request deletion; request correction; opt out of the sale or sharing of personal information; limit the use of Sensitive Personal Information; and exercise the right to non-discrimination for exercising privacy rights.

E. How to Submit a Request

Submit a CCPA/CPRA request by emailing privacy@hottomatoes.com with the subject “California Privacy Request”, calling +1 (858) 206-8700, or using the in‑App or in‑Web privacy request option. We will acknowledge your request within 10 business days and respond within 45 calendar days, subject to extension.

F. Categories of Personal Information Not Collected

We do not collect Social Security numbers, financial account numbers (except truncated payment identifiers if you provide them), health or medical information, biometric data, education information, or professional/employment information beyond profiles you provide.

15. Do Not Track / Global Privacy Control

We honor Global Privacy Control (GPC) signals as valid opt-out requests under California law. We do not currently respond to “Do Not Track” browser signals due to lack of an industry standard; we will update this Policy if standards change.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the Effective Date and, where appropriate, provide additional notice in the App or Web, by email, or via push/browser notification. We encourage you to review this Policy periodically. Material changes will be communicated via email or in‑App/in‑Web notice where feasible.

Questions or requestshottomatoesai@gmail.com
Supporthottomatoesai@gmail.com
Primary Phone+1 (858) 206-8700
Mailing Address13993 S. Old Saddle Rd, Draper UT 84020

A list of our primary service providers and processors is available upon request at hottomatoesai@gmail.com.