← Avarus
Ekstrom Holdings LLC
Privacy Policy
Last Updated: May 17, 2026
This Privacy Policy explains how Ekstrom Holdings LLC ("Company," "we," "us," or "our") collects, uses, and discloses information when you use the Avarus service and Chrome extension (the "Service"). By using the Service, you agree to this Policy. If you do not agree, do not use the Service.
This Policy does not cover the practices of third-party platforms such as AutoTrader or Facebook (Meta), which have their own privacy policies and are responsible for their own data practices.
1. Who This Policy Applies To
This Policy applies to automotive dealerships, individual salespeople, and any other users who create an account with the Service. It applies to data collected through our website, our Chrome browser extension, and our cloud backend.
2. Information We Collect
2.1 Information You Provide
- Account information: your email address, registered via Firebase Authentication. We do not collect your legal name unless you provide it for support.
- Payment information: billing details are collected and processed entirely by Stripe. We store only your Stripe customer ID. We never see or store your full card number, CVV, or bank account details.
- Communications: messages you send us for support or feedback.
2.2 Information Collected Automatically by Our Backend
- Usage counts: a monthly count of AI description requests per user account, used to enforce fair-use limits and prevent abuse.
- Subscription status: your license status (active, inactive, or trial) and trial expiry date, stored in Firestore.
- Settings: your posting preferences (speed mode, mileage unit, description tone, category, etc.), stored in Firestore under your user ID.
- Server logs: Firebase and Google Cloud Platform automatically log request metadata including IP addresses, timestamps, and error codes. These are used for security monitoring and debugging.
2.3 Information Processed Locally on Your Device (Not Sent to Our Servers)
The following data is processed entirely within your browser using chrome.storage.local and is never transmitted to our servers:
- Vehicle listing data: specs, price, mileage, VIN, condition, colors, and other fields read from AutoTrader listings you interact with.
- Vehicle photos: photos are downloaded from AutoTrader as temporary binary data (base64) and stored locally to be uploaded to Facebook Marketplace. They are not uploaded to or retained on our servers.
- Post history and audit log: a local log of vehicles you have posted and audited, including VIN, price, mileage, and timestamps. This data stays on your device. You can clear it at any time from the extension's Options tab.
- Authentication tokens: your Firebase ID token and refresh token are stored locally to keep you signed in. They are transmitted only to Firebase for authentication and to our Firebase Functions for authorization.
- Chrome notifications: the extension may display Chrome desktop notifications to alert you when the inventory audit detects a price change or a listing removed from AutoTrader. Notification content is generated locally from your audit data and is never transmitted to our servers.
2.4 Information Sent to Third-Party AI Services
When you use the AI description feature, vehicle data is sent to Anthropic's Claude API to generate a listing description. See Section 4 for details.
The vehicle data sent to Anthropic includes: year, make, model, trim, price, mileage, condition, exterior color, interior color, transmission, drivetrain, fuel type, and a list of features. This data is not linked to your identity in the API call. Anthropic's API does not retain this data beyond the API call under our usage agreement.
3. How We Use Information
- To provide, operate, and maintain the Service, including authenticating your account and storing your settings.
- To process payments and manage your subscription.
- To enforce fair-use limits on AI description generation.
- To communicate with you about your account, support requests, and Service updates.
- To improve and develop the Service, including debugging and error analysis.
- To detect, prevent, and address fraud, abuse, or security issues.
- To comply with legal obligations and enforce our Terms of Service.
We do not use your data for advertising, and we do not sell your personal information.
4. Third-Party Services We Use
- Firebase (Google LLC): Authentication, Firestore database, and Cloud Functions. Hosts our backend. Privacy policy.
- Anthropic, PBC: AI description generation via the Claude API. Vehicle listing data (specs and features — no personal information) is sent per request and is not retained by Anthropic beyond the API call under our agreement. Privacy policy.
- Stripe, Inc.: Payment processing and subscription management. Stripe collects and stores your payment method details. Privacy policy.
When you use the Service, your actions on AutoTrader and Facebook Marketplace occur through your own accounts and are governed by those platforms' terms and privacy policies. We are not responsible for their data practices.
5. Legal Bases (Where Applicable)
Where laws such as the GDPR apply, we process information on the basis of: (a) performance of our contract with you; (b) our legitimate interests in operating and securing the Service; (c) your consent where required; and (d) compliance with legal obligations.
6. How We Share Information
We do not sell your personal information. We share information only as follows:
- Service providers: Stripe, Firebase/Google, and Anthropic as described above, each bound by their own privacy commitments and data-processing obligations.
- Legal and safety: when required by law, subpoena, court order, or to protect the rights, property, or safety of the Company, our users, or the public.
- Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality obligations. We will notify you of any such transfer.
7. Data Retention
We retain account information (email, license status, settings, usage counts) for as long as your account is active and for a reasonable period afterward to comply with legal, tax, and operational requirements. After that period, we delete or anonymize it.
Post history, vehicle data, and photos stored in chrome.storage.local on your device are never sent to our servers and are deleted when you remove the extension or clear the extension's storage.
8. Security
All data in transit between the extension and our backend is encrypted via HTTPS/TLS. API keys (Anthropic, Stripe) are stored in Firebase Secret Manager and are never included in the extension code or exposed to end users. Firebase security rules restrict each user's Firestore data to their own account only.
No method of transmission or storage is completely secure. We cannot guarantee absolute security. You are responsible for keeping your account credentials and Facebook session confidential.
9. Your Choices and Rights
- Access, correction, deletion: you may request to access, correct, or delete your account data by emailing support@avarus.app. We will respond within 30 days.
- Cancellation: you may cancel your subscription at any time. Cancellation stops future charges; it does not refund the current billing period.
- Local data: you can clear all locally stored data at any time by removing and reinstalling the extension, or via Chrome's extension storage settings.
- State-specific rights: residents of California, Texas, Colorado, Virginia, and other states with privacy laws may have additional rights, including the right to know, delete, correct, and opt out of certain processing. Contact us to exercise those rights.
10. Children
The Service is intended for businesses and individuals 18 and older. We do not knowingly collect information from children under 13. If you believe a child has provided us information, contact us and we will delete it promptly.
11. International Users
The Service is operated from the United States. If you access it from outside the U.S., your information will be transferred to and processed in the U.S., which may have different data protection laws than your country. By using the Service, you consent to this transfer.
12. Changes to This Policy
We may update this Policy from time to time. Material changes will be communicated by email or in-app notice at least 14 days before taking effect. The "Last Updated" date at the top of this page reflects the most recent revision. Continued use of the Service after changes take effect constitutes acceptance.
13. Contact
Ekstrom Holdings LLC
c/o Northwest Registered Agent, LLC
5900 Balcones Drive, Suite 100
Austin, TX 78731
Phone: (469) 382-2097
Email: support@avarus.app