1. Who We Are
OFFO ("we," "us," or "our") operates the website at offolab.com and the OFFO Chrome Extension. Our service helps EV shoppers evaluate used car deals and fit their driving routine to an electric vehicle.
2. Information We Collect
2a. Information you provide
- Routine questionnaire answers — driving habits, charging access, climate zone, daily mileage. Stored in your browser's local storage and, if you have an account, in our database.
- Account information — if you create an account, we collect your email address and a hashed password. Dealer accounts also include a business name.
- Payment information — if you purchase a paid report, payment is processed by Stripe. OFFO never sees or stores your card number. We receive a transaction ID and last-4 digits only.
- Contact & feedback — if you submit a contact form or feedback, we collect the content of your message and your email address if provided.
2b. Information collected automatically
- Usage events — anonymized events such as "routine started," "receipt viewed," or "panel dismissed" to understand how the product is used. These are not tied to your identity unless you are signed in.
- Session tokens — a random token stored in your browser to associate receipt requests with your session without requiring login.
- Standard server logs — IP address, browser type, referring URL, timestamps. Logs are retained for up to 30 days for security and debugging.
2c. Chrome Extension
The OFFO Chrome Extension runs only on cargurus.com listing pages. It reads the visible text of the listing page (make, model, year, price, mileage) to generate a deal receipt. This text is sent to our API at offolab.com. The extension does not read any other tabs, track browsing history, or collect personal information. Your driving routine (if saved) is stored in Chrome's local extension storage on your device — it is only sent to our server when you are actively on a listing page.
3. How We Use Your Information
- To generate and deliver your EV fit check results and deal receipts
- To personalize results using your driving routine and preferences
- To process payments and deliver paid reports
- To send transactional emails (receipt confirmation, password reset) — we do not send marketing emails without your explicit opt-in
- To improve the product using aggregated, anonymized usage patterns
- To investigate and prevent fraud, abuse, or security incidents
4. How We Share Your Information
We do not sell your personal information. We share data only with:
- Stripe — to process payments. Stripe's privacy policy is at stripe.com/privacy.
- OpenAI — listing text and your routine context are sent to OpenAI's API to generate deal analysis. We use the API in "zero data retention" mode where permitted. OpenAI's privacy policy is at openai.com/policies/privacy-policy.
- Supabase — our database and authentication provider. Data is hosted in the US. Supabase's privacy policy is at supabase.com/privacy.
- Netlify — our hosting provider. Server logs may be retained by Netlify per their data processing terms.
- Law enforcement — if required by a valid legal process, court order, or to protect rights, property, or safety.
5. Data Retention
- Anonymous session data and receipts: retained for 90 days, then automatically purged
- Account data: retained for as long as your account is active. Deleted within 30 days of account deletion
- Payment records: retained for 7 years as required by applicable tax law
- Server logs: retained for up to 30 days
6. Your Rights
You may:
- Request a copy of the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your account and associated data
- Opt out of non-essential analytics (contact us to disable event tracking for your session)
To exercise any of these rights, email us at privacy@offolab.com. We will respond within 30 days.
7. Cookies & Local Storage
We use browser local storage (not third-party tracking cookies) to save your routine answers and session token. We do not use advertising cookies or cross-site trackers. If you use our Chrome Extension, it uses Chrome's chrome.storage.local API — this data stays on your device.
8. Children's Privacy
OFFO is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you believe we have inadvertently done so, contact us and we will delete it promptly.
9. Security
We use industry-standard measures including TLS encryption in transit, hashed passwords, and row-level security on our database. No method of transmission over the internet is 100% secure — we cannot guarantee absolute security.
10. Changes to This Policy
We may update this policy. When we do, we'll update the effective date at the top. If changes are material, we'll notify signed-in users by email. Continued use of OFFO after changes constitutes acceptance.