Steer logo
    STEERAuto Advisors

    Privacy Policy

    Last updated: April 21, 2026

    1. Introduction

    Steer ("Steer," "we," "our," or "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit steer.autos (the "Site"), use our car-buying and trade-in advisory services (the "Services"), or communicate with us by email, phone, or text message (SMS/MMS).

    This Policy is designed to comply with applicable privacy laws, including the EU and UK General Data Protection Regulation ("GDPR"), the California Consumer Privacy Act as amended by the CPRA ("CCPA/CPRA"), the Telephone Consumer Protection Act ("TCPA"), and CTIA messaging guidelines applicable to our SMS program operated via Twilio.

    2. Data Controller

    For the purposes of GDPR, Steer is the "data controller" of personal data we collect about you. You can contact us using the details in the "Contact Us" section below. If you are located in the EU/UK and wish to reach our representative, email privacy@steer.autos.

    3. Information We Collect

    3.1 Information You Provide

    • Identity and contact data: name, email address, mailing address, ZIP/postal code, and mobile phone number.
    • Vehicle data: current vehicle details (make, model, year, mileage, condition, VIN) and desired vehicle preferences.
    • Transaction data: budget, payment preference (cash, financing, leasing), trade-in details, and dealer interactions.
    • Financing data: information you submit for financing or lease pre-qualification (handled by our lending partners).
    • Communications: messages you send us via forms, email, chat, phone calls, or SMS.
    • Account data: credentials and preferences if you create an account or dealer portal login.

    3.2 Information Collected Automatically

    • Device and usage data: IP address, device identifiers, browser type, operating system, language, referring URLs, pages viewed, and timestamps.
    • Cookies and similar technologies: see "Cookies and Tracking" below.
    • Approximate location derived from IP address.

    3.3 Information from Third Parties

    • Dealers, lenders, and trade-in valuation providers.
    • Analytics, advertising, and anti-fraud providers.
    • Public sources (e.g., vehicle history data linked to a VIN).

    4. How We Use Your Information (Purposes & GDPR Legal Bases)

    We process personal data on the following legal bases under GDPR:

    • Performance of a contract — to provide the Services you request, including obtaining dealer quotes, coordinating trade-ins, and supporting purchases or leases.
    • Legitimate interests — to operate, secure, improve, and market our Services, prevent fraud and abuse, and conduct analytics, where these interests are not overridden by your rights.
    • Consent — to send marketing emails, SMS/text messages, place non-essential cookies, and process any sensitive data. You can withdraw consent at any time.
    • Legal obligation — to comply with tax, accounting, consumer-protection, and other applicable laws.

    5. SMS / Text Messaging Program (Twilio)

    Steer operates SMS/MMS messaging through Twilio Inc., our messaging service provider. By providing your mobile number and opting in (for example, by checking an SMS consent box, replying START, or submitting a form that clearly discloses SMS), you agree to receive text messages from Steer related to your inquiry, quotes, appointments, account, and — if separately opted in — marketing.

    • Message types: transactional updates (quotes, trade-in status, appointment confirmations, account alerts) and, with separate consent, promotional offers.
    • Frequency: message frequency varies based on your interaction with Steer.
    • Cost: message and data rates may apply. Steer does not charge for messages, but your mobile carrier may.
    • Opt-out: reply STOP to any message to unsubscribe. You will receive a final confirmation message.
    • Help: reply HELP for assistance, or contact support@steer.autos.
    • Carriers: supported on major U.S. carriers. Carriers are not liable for delayed or undelivered messages.
    • No sharing for marketing: mobile information and SMS opt-in consent will not be shared with third parties or affiliates for their marketing or promotional purposes. Information sharing with subprocessors (such as Twilio) is solely to deliver the messaging service you requested.

    Twilio acts as a "processor" (GDPR) / "service provider" (CCPA) and processes message content, phone numbers, and delivery metadata on our behalf. See Twilio's Privacy Notice for details.

    6. How We Share Information

    We share personal data only as needed and as described below:

    • Dealers and lenders you ask us to engage on your behalf for quotes, financing, leasing, or trade-ins.
    • Service providers (processors) who help us operate the Services, including hosting (Lovable Cloud / Supabase), email (Resend), SMS (Twilio), analytics, customer support, and security tools — bound by contract to protect your data.
    • Professional advisors (lawyers, accountants, auditors).
    • Authorities when required by law, subpoena, or to protect rights, safety, and property.
    • Business transfers in connection with a merger, acquisition, financing, or sale of assets.

    We do not sell your personal information for money, and we do not share your phone number or SMS consent with third parties for their own marketing.

    7. International Data Transfers

    Steer is based in the United States. If you access the Services from the EU, UK, or other regions with laws governing data collection and use, your information may be transferred to and processed in countries that may not provide the same level of protection as your home jurisdiction. Where required, we rely on the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, or other valid transfer mechanisms.

    8. Data Retention

    We retain personal data only as long as necessary for the purposes described in this Policy, to comply with legal obligations (e.g., tax and consumer-protection laws), resolve disputes, and enforce our agreements. SMS records and consent logs are retained for the period required by applicable law and carrier rules. When no longer needed, data is deleted or anonymized.

    9. Cookies and Tracking

    We use cookies and similar technologies for essential site functions, analytics, and (with your consent where required) advertising. You can manage preferences through your browser or, where available, our cookie banner. See our Cookie Policy for details.

    10. Data Security

    We implement appropriate technical and organizational measures — including encryption in transit, access controls, and least-privilege practices — to protect your personal information. No method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

    11. Your GDPR Rights (EU/UK Residents)

    If GDPR applies to you, you have the right to:

    • Access the personal data we hold about you and obtain a copy.
    • Request rectification of inaccurate or incomplete data.
    • Request erasure ("right to be forgotten") in certain circumstances.
    • Restrict or object to processing, including direct marketing.
    • Receive your data in a portable, machine-readable format.
    • Withdraw consent at any time, without affecting prior lawful processing.
    • Lodge a complaint with your local supervisory authority.

    To exercise any of these rights, email privacy@steer.autos. We will respond within the timeframes required by law (generally one month under GDPR).

    12. Your U.S. State Privacy Rights (CCPA/CPRA and Similar Laws)

    Residents of California, Colorado, Connecticut, Virginia, Utah, and other U.S. states with comprehensive privacy laws may have rights to know, access, correct, delete, and port their personal information, and to opt out of "sales" or "sharing" for cross-context behavioral advertising and certain profiling. Steer does not sell personal information for money. To exercise these rights, contact privacy@steer.autos. We will not discriminate against you for exercising your rights.

    13. Children's Privacy

    Our Services are intended for individuals 18 years of age or older. We do not knowingly collect personal information from children under 16 (or the equivalent minimum age in your jurisdiction). If you believe a child has provided us information, please contact us so we can delete it.

    14. Third-Party Links

    Our Site may link to third-party websites (such as dealers or lenders) that operate under their own privacy policies. We are not responsible for their practices and encourage you to review their notices.

    15. Changes to This Policy

    We may update this Privacy Policy from time to time. Material changes will be communicated by posting the updated Policy on this page and updating the "Last updated" date. Where required, we will obtain your consent.

    16. Contact Us

    If you have questions or requests regarding this Privacy Policy, contact: