Privacy Policy

Last updated: 22 March 2026

1. Who We Are

Llavis Auto ("we", "our", "us") is a UK-based car marketplace operated by Leadballoon Agency. We connect car buyers with trusted dealers through our platform at llavisauto.com.

For data protection enquiries, contact us at hello@llavisauto.com.

2. What Data We Collect

Buyers

  • Account data: Email address when you create an account via magic link
  • Saved preferences: Favourited vehicles, saved searches, search alerts
  • Chat conversations: Messages sent through our AI car advisor (auto.js)
  • Usage data: Pages visited, vehicles viewed, search queries
  • Device data: Browser type, IP address, device type (collected automatically)

Dealers

  • Business data: Company name, address, phone, email, FCA number, logo
  • Vehicle data: Listings, images, specifications, pricing
  • Financial data: Stripe payment information for Pro subscriptions
  • Communications: Messages between dealers, inquiry responses

Sellers

  • Vehicle details: Registration, mileage, condition, photos
  • Contact details: Name, email, phone number for dealer bids

3. How We Use Your Data

  • To operate the marketplace and connect buyers with dealers
  • To provide our AI car advisor service with relevant vehicle context
  • To send saved search alerts and price drop notifications
  • To generate AI-powered vehicle descriptions and valuations
  • To process dealer subscriptions and payments
  • To prevent fraud and ensure platform security
  • To improve our services through anonymised usage analysis

Legal basis: We process data based on contract performance (providing our services), legitimate interests (platform improvement, security), and consent (marketing communications, chat interactions).

4. AI & Automated Processing

Our platform uses AI (powered by Anthropic Claude) for:

  • Car Advisor (auto.js): Real-time chat conversations about vehicles. Messages are sent to Anthropic's API for processing and are not stored by Anthropic beyond the request.
  • Description generation: AI-written vehicle descriptions based on specifications
  • Vehicle valuations: AI-assisted price estimates using market data
  • Lead enrichment: AI analysis of inquiry quality for dealers

Chat conversations are stored locally in your browser (localStorage) and on our servers for the duration of your session. No automated decisions with legal effects are made solely by AI.

5. Third-Party Services

We share data with the following processors, all of which have appropriate data processing agreements:

  • Anthropic (Claude AI): Chat messages and vehicle data for AI responses. US-based, with EU data processing agreements.
  • Neon (PostgreSQL): Database hosting. EU region (eu-west-2).
  • Resend: Email delivery for alerts, notifications, and magic links. EU region (eu-west-1).
  • Cloudinary: Image hosting and optimisation for vehicle photos.
  • Vercel: Website hosting and content delivery.
  • Railway: Application hosting for dealer dashboard and worker services.
  • Stripe: Payment processing for dealer subscriptions. PCI DSS compliant.
  • Cloudflare: DNS and DDoS protection.

We do not sell your data to any third party. We do not use your data for advertising.

6. Cookies & Local Storage

  • Session cookie (la_session): Essential for authentication. Expires on browser close.
  • localStorage: Saved favourites (synced to account on login), chat history, search preferences. Persists until cleared.

We do not use tracking cookies, advertising pixels, or analytics services that track individuals across sites.

7. Data Retention

  • Buyer accounts: Retained until you request deletion
  • Chat history: Browser localStorage cleared when you clear browser data; server-side session data retained for 30 days
  • Dealer data: Retained for the duration of the dealer's account plus 12 months
  • Vehicle listings: Archived (not deleted) when removed; permanently deleted after 12 months
  • AI usage logs: Anonymised and retained for service improvement

8. Your Rights (UK GDPR)

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw consent: Where processing is based on consent

To exercise any right, email hello@llavisauto.com. We will respond within 30 days.

If you are unsatisfied with our response, you may contact the Information Commissioner's Office (ICO).

9. Security

We protect your data with:

  • HTTPS encryption on all connections
  • Encrypted database connections (TLS)
  • Magic link authentication (no passwords stored)
  • Role-based access controls
  • Regular security reviews

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email to account holders. The "last updated" date at the top reflects the most recent revision.