top of page

Privacy Policy

Lube & Dash LLC
Effective Date: July 18, 2025 | Last Updated: July 18, 2025

​

1. Introduction & Scope

Lube & Dash (“we,” “us,” “our”) values your privacy. This Privacy Policy describes what personal information we collect, how we use and share it, your rights, and how we protect it. This Policy applies to data collected via www.lubendash.com, our booking/scheduling system, phone, email, and in-person/mobile service interactions.

 

2. Definitions (short)

  • “Personal Information” — any information that identifies or could reasonably identify an individual.
     

  • “Reasonable verification” — documented steps to confirm identity (photo ID, receipt, email verification, or other reasonable proof).
     

  • “Third-party providers” — vendors such as Wix, payment processors, schedulers, maps.
     

3. Information We Collect (categories)

  • Contact: name, email, phone.
     

  • Service details: vehicle make/model/year, license plate, service preferences, maintenance notes.
     

  • Location: service address for mobile visits (GPS or address).
     

  • Payment: tokenized payment identifiers via third-party processors (we do not store full card numbers).
     

  • Technical: IP address, device/browser, cookie and analytics data.
     

  • Minors: We do not knowingly collect data from children <13. We do not service minors under 18 without parental consent where required.
     

4. Lawful Bases & Purpose

We collect and process Personal Information to:

  • Provide, schedule and complete services; issue invoices and receipts; process payments.
     

  • Communicate service updates, recommended maintenance, recalls or safety notices.
     

  • Maintain records for legal, tax, and warranty purposes.
     

  • Improve services, perform analytics, and comply with legal obligations.
     

5. How We Share & Third-Party Diligence

  • We do not sell or rent personal information.
     

  • We share personal information only with necessary third parties: hosting (Wix), payment processors, scheduler/communication providers, and legal/regulatory bodies when required.
     

  • Vendor diligence: we require written contracts that impose confidentiality, security controls (encryption in transit and at rest where practical), prompt breach notification, and limitation of use clauses. We document vendor security certifications (e.g., SOC2 where available) and retain evidence of due diligence.
     

6. Cookies & Tracking / Consent

  • We use essential cookies for site functionality. Non-essential cookies (analytics, marketing) are used only with affirmative consent.
     

  • Implement a cookie banner on first visit with granular opt-in/opt-out controls and an always-available cookie settings link.
     

  • Users can also control cookies through their browser.
     

7. Data Retention (explicit)

We retain personal information only as long as necessary for the purpose collected and in compliance with law. Standard retention periods:

  • Service records, invoices, and payment tokens — 5 years after last service.
     

  • Contact & marketing preferences — 5 years after last interaction or until you revoke consent.
     

  • Technical logs — 90 days unless needed for an ongoing claim/incident.
    We delete or anonymize data at the end of the retention period unless required otherwise by law.
     

8. Security Measures & Breach Response

  • We use administrative, technical, and physical safeguards including TLS for data in transit, logical access controls, password policies, and periodic security reviews. Where feasible, data is encrypted at rest.
     

  • Breach response: we will investigate swiftly, notify affected individuals and regulators as required by law, and provide remediation steps. We document incident response and retain logs.
     

9. Rights & How to Exercise Them

California residents (CCPA/CPRA) and other users may request:

  • Access to categories & specific data collected.
     

  • Correction or deletion of data (when not required by law to retain).
     

  • Data portability in a machine-readable format.
     

  • Opt-out of sale/sharing (we do not sell; if that changes we will provide opt-out).
    Requests require reasonable verification and will be handled within 45 days (extension possible with notice). Submit requests to:
    Email: [insert email] | Phone: [insert phone] | Mail: [insert address]
     

10. Minors (13–17) & Parental Consent

  • We do not knowingly collect data from children under 13. For ages 13–17, we will obtain verifiable parental consent before collecting or maintaining information. Verification procedure: parent/guardian confirmation via ID/photo and email/phone confirmation. We document consent and retain proof.
     

11. International Transfers & GDPR (if applicable)

If you are in the EU/EEA, the legal bases include contractual necessity and legitimate interests. For international transfers, we rely on appropriate safeguards (standard contractual clauses, adequacy determinations). EU residents have rights to lodge complaints with supervisory authorities.

12. Changes

We will post updates here with the “Last Updated” date. For material changes, we will attempt to notify you by email.

13. Contact

Privacy officer: Rudy
Email: Rudy@lubendash.com

Hours: Mon–Fri 9am–5pm PT 

Info@lubendash.com

bottom of page