CarGurus, Inc. and its affiliates or subsidiaries (“CarGurus, we, us, our”) believe in being transparent with respect to the personal information that we process. This Privacy Notice governs how we may process data that is reasonably capable of being linked to an individual (“you”), such as name, address, telephone number, email address, as well as certain data associated with your browser or device (“personal information”) collected through the CarGurus.com website, mobile and other applications owned and operated by us (“digital property(ies)”). Please read this Privacy Notice carefully as it describes the purposes to which we may process your personal information. Depending on where you live and how you use our digital properties, additional state specific information is included below that may apply to you.
Please, click here to visit the CarGurus Privacy Rights page to exercise your rights under applicable privacy law.
Last Updated: January 5, 2024
- Categories of Personal Information We May Collect
- How We Collect Personal Information
- Other Ways Personal Information is Collected
- How We Use Your Personal Information
- With Whom We Share Your Personal Information and Why
- Technologies We Use to Automatically Collect Personal Information
- Your Privacy Rights and Choices
- Publicly Posted Information
- Storing and Retaining Your Personal Information
- Deidentified or Aggregate Information
- Security - Steps we take to protect your personal information
- International Transfer
- Changes to this Privacy Notice
I. Categories of Personal Information We May Collect
We may collect the following categories of personal information:Registration information
When you create an account or subscribe to one of our services, we may collect information, such as your first and last name, country of residence, email address, username, and password.Transaction information
This information is processed when you engage with certain services on our digital properties, and may include your postal address, telephone number and payment information.User Activity Information
This may include information about your use, and the use by any person(s) you authorize through your account, of our digital properties, such as the content you view or post, how often you use our services, and your preferences. This can also include information you post in public forums on our digital properties, such as your forum posts or blog comments, it could also include certain information provided using our messaging chat or other similar services where we are permitted by applicable law to collect this information.Third-Party Information
This includes insights about the use of our digital properties whether hosted by us, or on third-party platforms or devices.Location information
This may include location information provided by a mobile or other device interacting with our digital properties (including through beacon technologies), or associated with your IP address, where we are permitted by law to process this information.Sensitive Information
In order to support the services we provide, we may process the following types of personal information, which are generally considered sensitive under certain privacy laws:
- Social Insurance Number, driver’s license number, and passport number;
- Credit/debit card number plus expiration date and security code (CVV), and financial account number and routing number;
- Username and password; and
- Precise geolocation data.
We may process this information for the purposes set out above. See IV. How We Use Your Personal Information , consistent with our obligations under applicable law.Technical Data
Usage, viewing, technical, and device data when you visit our digital properties whether hosted by CarGurus or third-party sites or platforms, or open emails we send, including your browser or device type, unique device identifier, and IP address.
II. How We Collect Personal Information
The following describes the different ways we might collect your personal information, whether from you directly or automatically when interacting with our digital properties.
a. Personal Information You Share DirectlyWhen Requesting to be Contacted by a Car Seller
If you request to be contacted by a car seller, both CarGurus and the seller may collect personal information provided by you through the text and chat functionalities that we provide and on the contact forms on our site, which may include your name, email address, postal code, and telephone number, so that the seller can contact you to consider a car purchase or request that you submit a dealer review.When Using Our Site to Buy or Sell a Vehicle
If you are an individual user (and not acting on behalf of a car dealer) and you want to use our services to buy or sell a vehicle, we and/or our business partners may collect information provided by you in connection with that transaction, for example to create your vehicle listing, to verify vehicle ownership, to confirm funds availability, to process payment, to populate purchase and sale documents, and to provide user support. We may collect this information from entry forms on our site or third-party sites we integrate with, or from a picture of your ID that you upload. This information may include your name, address, email address, telephone number, driver’s license number, photo, gender, date of birth, the last four digits of your social insurance number, bank name, and bank account and routing numbers.When Registering with CarGurus; Subscribing
If you register with us or subscribe to receive specific information or services on our site, we will also collect registration information, such as name, email address, mailing address, telephone number, username and password.
Registering with us also gives you the ability to personalize your CarGurus site experience. The benefits of registering will increase over time as we get to know you better and introduce new features. We encourage you to register so that you can experience everything that CarGurus has to offer!
b. Automatic Collection of Personal Information
In addition to the personal information we may collect from you directly, we also collect data from your browser or device using tracking technologies (See VI. Technologies We Use to Automatically Collect Personal Information) that is considered personal information when you engage with our digital properties. We automatically collect certain browser or device technical data in order to deliver our services to you, and to help make sure our digital properties are functioning properly. This typically includes data about your browser or device's IP address, user agent string, your internet service provider or mobile carrier and the type of handheld or mobile device you use.
III. Other Ways Personal Information is Collected
a. Applications and Widgets for Social Media
We may display applications or widgets from social media providers that allow interaction or content sharing by their users. These widgets, such as the Facebook® "Share" or "Like" button, are visible to you on the page that you visit. This may allow the social media networks in which you participate to collect information about you, even when you do not explicitly activate the network's application or widget while on our digital property. Please visit the applicable social media network's privacy notice to better understand their data collection practices and the choices they make available to you.
In addition to social media networks, our digital properties also contain references and links to third-party sites that may offer information of interest. This Privacy Notice does not apply to those sites, and we recommend reviewing those sites' privacy notices individually.
b. Information Collected from Other Sources
We may process personal information from third-party sources to update or supplement the information that you provide or that we collect. For instance, we may collect vehicle registration information from public databases to support a service you have engaged us for. Other sources of information include third-party advertising partners, data providers or aggregators, and search information providers.
We use this information to help us maintain the accuracy of the information we collect, personalize your experience with the site, target our communications and advertisements so that we can inform you of products and services or other offers that may be of interest to you, provide private purchase and sale transaction services, prevent fraud, and for internal business analysis or other business purposes. To learn more about our advertising activities, we encourage you to review our Interest-Based Ads Policy , and our section on Targeted Advertising below.
IV. How We Use Your Personal Information
We may process your personal information in order to:
- send information to car sellers to complete transactions per your instruction;
- complete your transaction(s) with us;
- process and collect your payments;
- send you promotional marketing material about us and our services;
- customize, analyze, adjust and improve the site;
- prevent fraud and other prohibited or illegal activities;
- comply with requests from law enforcement or relevant data protection agencies;
- provide technical and customer support;
- seek your opinion or feedback on our services or industry questions;
- facilitate access to our applications to which you have subscribed;
- enforce our legal rights or comply with legal requirements;
- provide improved website and product experience and communications; or,
- comply with a legal or regulatory obligation.
V. With Whom We Share Your Personal Information and Why
Mainly to provide our services, we may share your personal information with the following entities:Affiliates
We may share information about you, including personal information, with our corporate affiliates for specific business purposes.Car Sellers and Manufacturers/Requests
Upon your instruction, we may share your personal information with car sellers and manufacturers who use that information for purposes of marketing their own products or services to you directly.Lead generation
When you submit your e-mail address and/or phone number to a particular seller through the site, you agree to being contacted by the seller, including by phone at the number provided, text message, email, automatic telephone dialing system and/or an artificial or pre-recorded voice.Vendors
We may provide third-party vendors (such as market research firms, marketing partners, advertising agencies, and payment processing partners) access to your personal information to perform services on our behalf. We contractually require our vendors to protect and limit the use of such personal information solely for the purposes of providing the specified services on our behalf.Other Providers of Products and Services
Upon your direction, we may disclose your personal information to other third-party providers of products and services (for example financing providers). We contractually require such providers to protect your personal information and to limit the use of such information for the purposes you agreed to when submitting such personal information on our site. By submitting personal information on our site in connection with receiving products and/or services from these providers, you acknowledge that your request to have your personal information transmitted to such providers means it will be subject to their privacy notices, and that you should contact them directly for more information concerning their personal information processing activities.Legal Authorities
We cooperate with legal authorities and may in some instances be required to disclose personal information in response to requests from law enforcement authorities, or in response to a subpoena or other legal process. We also share information about you if we believe we should in order to: (i) prevent a violation of the law; (ii) protect or defend our interests and our legal rights or property; (iii) protect the rights, interests, safety and security of users of the site or members of the public; (iv) protect against fraud or for risk management purposes; or (v) comply with other applicable law or legal process. We also may share your information in connection with a corporate transaction, such as a divestiture, merger, consolidation, or asset sale, and in the unlikely event of bankruptcy.
See VIII. Your Privacy Rights and Choices below to learn about how you can exercise your privacy rights with CarGurus.
VI. Technologies We Use to Automatically Collect Personal Information
Along with companies we partner with, we employ pixel tags, cookies, java scripts, SDKs, local shared objects such as Flash (sometimes called “flash cookies”), and similar technology (“tracking technologies”) on our digital properties, and third-party digital properties we integrate with. These technologies may create unique advertising identifiers (e.g. cookie identifiers or mobile advertising identifiers) that reside on your browser or mobile device, and in some cases server-side. Tracking technologies may transmit data about your use of our digital properties, including which pages you interacted with, your vehicle search history, the advertisements shown to you or that you may have clicked on, other page view/click data, the date and time of your visit, all associated with your browser or mobile device's advertising identifier. These identifiers typically persist over time. You can set some cookie preferences through your device or browser settings but doing so may affect the functionality of the site.
To learn more about how we employ these technologies and the choices you have concerning our processing of your personal information for digital advertising purposes, see VIII. Your Privacy Rights and Choices below.
Consistent with IV. How We Use Your Personal Information above, the purposes for which we use tracking technologies include:
Make digital properties work in the way that it is expected. For example, we use a cookie that tells us whether you have already signed up for an account.
Authentication, Security, and Compliance
Track how our digital properties are used and remember preferences. For example, we monitor and store your browsing activity to customize your experience and better understand your vehicle shopping interests.
Allow notices of information or options that we think could improve the use of the site or app. For example, send out notifications of price drop in a vehicle that you previously showed interest in.
Intended to help us understand how visitors use our digital properties. For example, we use a cookie that tells us how our search suggestions correlate to your browsing while on the site or app.
We rely on your consent to collect, use, retain, and share your Personal Information. This Privacy Notice outlines your options, where available, to refuse or withdraw your consent. You agree to this Privacy Notice when you:
- seek to contact a third party through our digital propertie(s);
- apply for a product or service;
- use our websites and mobile app (‘‘digital properties”); and
- otherwise interact with us.
This Privacy Notice applies:
- when you begin a relationship with us;
- during the course of our relationship; and
- for a period of time after the end of our relationship.
VIII. Your Privacy Rights and Choices
You have certain rights to the personal information that we process about you as part of the services we provide. Below is a detailed description of those rights, including additional state-specific rights.Verification
Consistent with applicable law, please understand that, depending on the type of request you submit, and to protect the confidentiality of yours and others' personal information, we will only complete your request when your identity has been verified. We will seek to match the information in your request to the personal information we maintain about you. As part of our verification process, we may ask you to: submit additional information, use identity verification services to assist, or, if you have set up an account on our website, to sign into your account as part of our identity verification process.Right to an Authorized Agent
In certain states, consumers may designate an authorized agent to exercise their privacy rights. You may designate an authorized agent to submit requests on your behalf. However, we may require written proof of the agent's permission to do so and verify your identity directly.Right to Non-Discrimination
You also have the right to not receive retaliatory or discriminatory treatment in connection with a request to exercise your rights. However, the exercising of the rights described below may result in a different price, rate, or quality/level of product or service where that difference is reasonably related to the impact the right has on our relationship with you or is otherwise permitted by law.
a. Your Privacy Rights
You may have the right to exercise some or all the following rights:
|Access/Right to Know
Consistent with applicable law, you may have the right to confirm in a portable and (if technically feasible) readily usable form, after making a verifiable request whether we are processing your personal information and, in some cases, to obtain certain personalized details about the personal information we have collected about you, including:
Consistent with applicable law, you may have the right after making a verifiable request to correct inaccurate personal information, considering the nature of the data itself and the processing activities it supports.
Consistent with applicable law, you may have the right, after making a verifiable request to have your personal information that is maintained by CarGurus deleted.
The right to direct CarGurus to not “sell” your personal information for monetary or other valuable consideration, or “share” your personal information for targeted advertising or Cross-Context Behavioral Advertising (“CCBA”) purposes. You may opt out of such processing by navigating to the CarGurus My Privacy Rights form.
See Targeted Advertising for additional information about how we may process your personal information for marketing and advertising purposes.
To exercise your right to Know, Delete, Correct or Opt Out rights, please submit a request by visiting our My Privacy Rights page.
Or contact us with questions or requests regarding this Privacy Notice at:
55 Cambridge Parkway, 6th Floor
Cambridge, MA 02142
You may also opt out of any or all future marketing emails from us here or by clicking on the unsubscribe link we place at the footer of every email we send that is not in response to an action taken by the user. Please note that you cannot opt out of non-promotional emails, such as those about your account, transactions or servicing.Targeted Advertising
Also referred to as “interest based,” “online behavioral,” “personalized” advertising, as well as “Cross-Context Behavioral Advertising,” targeted advertising is the serving of digital advertisements based on predictions generated over time from your visits across different websites, devices, mobile applications, as well as our own. We encourage you to consult our detailed policy on Interest Based Advertising here.
We may work with advertising technology partners who allow us to personalize our ads based on your browsing behavior on our digital properties. Many of these companies are participants of the Digital Advertising Alliance (“DAA”) and/or members of the Network Advertising Initiative (“NAI”). In addition to your right under your state's privacy law to opt out from targeted advertising by us and our own advertising partners, you can learn more about targeted ads provided by these companies as well as others we are not partnered with, and how to opt out of receiving certain targeted ads from them by visiting:
- https://www.aboutads.info/choices - For targeted ads from DAA participants on websites;
- https://optout.networkadvertising.org/?c=1 - For targeted ads from NAI members on websites and to learn more about how to opt out from receiving targeted ads on your other connected devices.
Opting out only means that the selected participants should no longer deliver certain targeted ads to the specific browser or device on which you made your request, it does not mean you will no longer receive any targeted content and/or ads from other advertising technology companies or on your other browsers or devices that have not been opted out.
We also partner with Amazon to deliver advertisements. You can opt out of delivery of targeted advertising to you by Amazon here. Please note that even if you opt out, you will continue to receive advertisements, but they will not be tailored to your specific interests.
We may also display interest-based ads to you when you are using Facebook and other social media platforms or websites.
IX. Publicly Posted Information
Your member profile will be publicly viewable and identifiable via your username. CarGurus will not share your email address with any other members or display it publicly. Please consider carefully before making any information public as you are solely responsible for any information you make public. Once you have posted information, you may not be able to edit or delete it.
If you choose to participate in our member-to-member communications programs, you may be contacted by other members, using us as an intermediary. All members have the option to turn off the member-to-member communication features at any time.
Information that you make available to us and others via social media networks, forums, blogs, list serves, chat rooms or similar functionality is public information that we or others may share or use in accordance with the law.
X. Storing and Retaining Your Personal Information
Your personal information is stored on servers in the U.S. Also, some of our service providers may store information in servers hosted in countries different from where you reside. As such, your personal information may be subject to the laws of other countries, where the data protection and other laws may not be as comprehensive as your country of residence.
Consistent with our recordkeeping policies and practices, we may retain your personal information so long as it is necessary to fulfill the purposes outlined in this Privacy Notice, unless a longer retention period is required by law. Once we no longer have a legitimate business reason to retain your personal information, it is either destroyed, aggregated or deidentified, however we may retain inactive archival copies consistent with applicable law.
XI. Deidentified or Aggregate Information
We may at times receive or process personal information to create data sets that can no longer reasonably be used to infer information about, or otherwise be linked to, a particular individual or household. Where we maintain de-identified or aggregate information, we will maintain and use the data in de-identified or aggregate form and not attempt to re-identify the data.
XII. Security - Steps we take to protect your personal information
We have implemented administrative, technical, personnel, and physical security measures designed to protect the personal information stored in our systems against loss, theft and unauthorized use, disclosure or modification. We also employ processes (such as password hashing, login auditing, and idle session termination, as appropriate) designed to protect against unauthorized access to your personal information. While we endeavor to create secure and reliable digital properties for users, the confidentiality of any communication or material transmitted to/from a CarGurus digital property, and the security of your personal information, cannot be guaranteed. We encourage you to take steps to protect your personal information online.
XIII. International Transfer
We are based in the U.S. and the information we collect is governed by U.S. law. If you are accessing our digital properties from outside of the U.S., please be aware that information collected may be transferred to, processed, stored, and used in the U.S. and other jurisdictions. Data protection laws in the U.S. and other jurisdictions may be different from those of your country of residence. Your use of this digital property or provision of any information therefore constitutes your consent to the transfer to and from, processing, usage, sharing, and storage of information about you in the U.S. and other jurisdictions as set out in this Privacy Notice.
CarGurus digital properties are intended for a general audience and are not directed at children under (13) years of age.
XV. Changes to this Privacy Notice
We may occasionally update this Privacy Notice to reflect changes in our practices. When we post modifications to this Privacy Notice, we will revise the "Last Updated" date at the top of this page. The modified Privacy Notice will be effective immediately upon posting. Your continued use of our digital properties after the posting of the modified Privacy Notice constitutes your agreement to abide and be bound by it. We encourage you to periodically review this page for the latest information on our privacy practices. If you object to any modification, your sole recourse is to stop using the digital property.