CharmDeal

Privacy Policy

Last updated: May 16, 2026

This Privacy Policy describes how FRAI DEVS LLC, a New York limited liability company (“CharmDeal,” “we,” “us,” or “our”), collects, uses, and shares information about you when you use CharmDeal — including our website, mobile applications, and related services (collectively, the “Service”). If you do not agree with this policy, do not use the Service. Questions can be sent to [email protected].

1. Information We Collect

Account information

When you create an account, we collect your email address and (depending on your sign-in method) your name and profile image. Authentication is handled by Clerk; the credentials themselves are never stored on our servers in plain text.

Payment information

Credit purchases are processed by Stripe (web), Apple App Store and RevenueCat (iOS), and Google Play Billing (Android). We never see or store your full card number. We retain only metadata about completed transactions — plan, amount, currency, timestamp, and a transaction identifier — to grant credits, support refund requests, and respond to billing inquiries.

Content you submit

When you ask CharmDeal to analyze something — for example, a vehicle listing URL, a VIN, a dealer name, or a contract — we process that content to produce a result. We retain a copy of submitted content, the resulting AI analysis, and any conversation messages associated with it so that you can access your history, watchlist, and previously-analyzed deals across devices. You can delete individual conversations and analyses from your account at any time, and you can request full account deletion via [email protected].

Device and usage data

On the CharmDeal mobile app, we collect technical and usage data through a first-party-configured analytics provider and our own logs, including device type, OS version, app version, screen views, in-app events, crash reports, IP address, and approximate (city-level) location derived from IP. This data is used to operate and debug the Service, understand usage, and prioritize improvements. The mobile app includes an in-app toggle to disable this analytics collection at any time.

On the CharmDeal website, we use only strictly-necessary cookies and storage required for sign-in (Clerk), checkout (Stripe), and cross-site request forgery protection. We do not load any advertising pixel, conversion-tracking script, or third-party analytics on the website.

Push notifications

If you enable push notifications, we deliver them through a third-party push notification provider. That provider stores a push token associated with your device and your CharmDeal user identifier so we can send notifications to the correct user.

2. How We Use Information

  • To provide, operate, and maintain the Service and grant access to features you have purchased.
  • To process credit purchases and respond to support, refund, and billing inquiries.
  • To produce AI analyses based on the content you submit.
  • To improve product quality through debugging, analytics, and product research.
  • To detect, prevent, and address fraud, abuse, and security incidents.
  • To comply with applicable legal obligations.

AI processing

CharmDeal uses a third-party AI inference service, OpenRouter, Inc. (United States), to generate analyses. Content you submit (including messages, vehicle details, VINs, contract text, and uploaded photos) is transmitted to OpenRouter solely to fulfil your request. OpenRouter routes each request to an upstream large language model operating on US-based infrastructure. We send every request with a no-retention flag that restricts routing to providers that do not retain your prompts or responses after the request completes. We do not authorize OpenRouter or any upstream provider to use your content to train AI models, and we do not use your conversations, analyses, or submitted content to train AI models. A current list of upstream AI providers is available on request from [email protected].

Behind the scenes, the AI assistant may also reference public data sources to answer your question, including the National Highway Traffic Safety Administration (NHTSA) recall database (where VINs or make/model/year may be sent), public web pages, and third-party web search providers. Search aggregation and web-content retrieval are performed by software we operate ourselves on our own private infrastructure; the only external recipients are the public data sources and search providers described above.

3. Sharing of Information

We do not sell, rent, or trade your personal information to any third party. We do not share your data with car dealers, advertisers, data brokers, ad networks, or marketing partners for advertising or for any other purpose. We do not operate advertising pixels, conversion-tracking APIs, or cross-context behavioral advertising integrations. This non-sharing applies regardless of whether you live in California (CCPA/CPRA), Texas (TDPSA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), the European Union, the United Kingdom, or anywhere else.

We share information only with:

  • Operational service providers that support the Service in the following categories: authentication, payment processing, application hosting and infrastructure, database hosting, caching, product analytics, push notifications, and transactional email. A current sub-processor list is available on request from [email protected]. Each provider operates under its own privacy policy.
  • AI inference and data lookup providers, as described in Section 2 above.
  • Legal and safety reasons, where we believe disclosure is required by law, regulation, legal process, or to protect the rights, property, or safety of CharmDeal, our users, or others.
  • Corporate transactions, such as in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.

4. Data Retention

We retain account, content, and usage data for as long as your account is active. If you delete your account, we delete or anonymize associated personal data within 30 days, except where retention is required to comply with legal obligations (such as tax and accounting records), resolve disputes, or enforce our agreements. Aggregated, de-identified data that cannot reasonably be linked back to you may be retained indefinitely.

5. Your Rights and Choices

Depending on where you live, you may have rights to access, correct, delete, or export your personal data, or to object to or restrict certain processing. To exercise these rights, email [email protected] from the address associated with your account. We will respond within the time required by applicable law.

You can also control choices in-app, including deleting individual conversations from your history, managing notification preferences, and signing out.

New York residents

FRAI DEVS LLC is a New York-based business and complies with the New York Stop Hacks and Improve Electronic Data Security (“SHIELD”) Act with respect to the “private information” of New York residents (as defined in N.Y. General Business Law § 899-aa). If your private information is acquired by an unauthorized person as a result of a breach of our security, we will notify you in the most expedient time possible and without unreasonable delay, consistent with the requirements of New York law.

6. Children’s Privacy

CharmDeal is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us and we will take appropriate steps to delete it.

7. International Users

CharmDeal is operated from the United States. AI inference for the Service is performed in the United States, as described in Section 2. If you use the Service from outside the United States, your information will be transferred to, stored, and processed in the United States and other countries where our service providers operate, which may have different data-protection rules than your home country.

8. Security

Consistent with our obligations under the New York SHIELD Act and other applicable laws, we maintain a data security program with reasonable administrative, technical, and physical safeguards designed to protect personal information:

  • Administrative — designating personnel responsible for security, identifying foreseeable risks, and reviewing the sufficiency of safeguards.
  • Technical — encryption in transit (TLS), encryption at rest where supported by our service providers, access controls, system monitoring, and timely patching.
  • Physical — selecting infrastructure providers (such as Amazon Web Services and Cloudflare) that maintain audited physical-access controls.

No method of transmission or storage is completely secure. If you believe your account has been compromised, contact [email protected] immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top and, where appropriate, notify you in-app or by email.

10. Contact Us

FRAI DEVS LLC
418 Broadway, STE R
Albany, NY 12207
United States
Email: [email protected]