Ridepost Privacy

RidePost is a Chrome extension built for car dealership sales teams to prepare Facebook Marketplace listings from their own inventory website. This page explains exactly what data the extension touches, where it goes, and what we do not do with it.

1. Who this policy covers

RidePost is published by Ride Auto Group ("we", "us") and is currently deployed for the sales teams of dealerships affiliated with Ride Auto Group, including Orléans Kia. It is intended for authenticated sales representatives of those dealerships, not for the public.

2. What data RidePost handles

RidePost only handles the minimum data required to prepare and track Facebook Marketplace vehicle listings for the dealership.

Category What it is Where it lives
Vehicle data Year, make, model, trim, price, mileage, VIN, stock number, photos — read from the dealership's own public inventory pages. Local Chrome storage and the dealership's Supabase project.
Posting history Which vehicles a rep marked as posted, when, the price at the time, sold flag, and re-post count. Local Chrome storage and the dealership's Supabase project.
Rep identity The rep's display name and rep code (e.g. "Vimal" / "vimal") chosen by the dealership admin. The dealership's Supabase project. Cached locally in chrome.storage so the rep stays signed in.
Authentication SHA-256 hash of the rep's 4–6 digit PIN. Plain-text PINs are never stored or transmitted. The dealership's Supabase project, in the reps table.
Settings Optional Gemini API key for AI hero photos, last-rep-used preference, last sold-check timestamp. Local Chrome storage on the rep's device.
AI hero cache One generated image per vehicle, kept in IndexedDB to avoid re-billing Gemini for the same vehicle. Local browser only. Cleared on extension uninstall.

RidePost does not collect: health information, financial or payment information, personal communications, location data, browsing history, or any data from websites other than the ones listed in §3.

3. Network requests RidePost makes

The extension makes outbound requests only to the hosts explicitly declared in its manifest:

  • orleanskia.com (and other approved dealer sites) — to read the dealership's own public vehicle pages so the rep can post them.
  • media.edealer.ca — to fetch the dealer's vehicle photos from its CDN.
  • facebook.com/marketplace — only when the rep is on a Marketplace tab and clicks a RidePost button. The extension fills form fields and uploads photos on the rep's own Facebook session.
  • generativelanguage.googleapis.com — optional. Only when the rep explicitly clicks "AI Hero Shot". One vehicle photo is sent to Google Gemini to render a background.
  • *.supabase.co — to sync rep accounts, vehicle posts, and sold flags across the dealership's team using the dealership's own Supabase project.

4. How the data is used

  • To pre-fill the Facebook Marketplace listing form for the signed-in rep.
  • To track which vehicles each rep has posted, so their dashboard can show their stats and stale listings.
  • To run a once-daily automatic check that flags vehicles which have been removed from the dealer's inventory (likely sold) or had a price change.
  • To share sold flags across the team — when one rep's machine detects a vehicle was sold, other reps who posted the same VIN see the alert without having to re-check manually.
  • To gate each rep's posting history behind their own PIN so reps cannot read or modify each other's data.

5. What we do not do

RidePost contains no analytics, no ad networks, and no third-party tracking SDKs. The extension never sells or transfers user data outside of the dealership's own Supabase project and the explicit Gemini call for hero shots.
  • We do not sell or transfer user data to third parties for any purpose outside the approved use cases under the Chrome Web Store Limited Use Policy.
  • We do not use or transfer user data for any purpose unrelated to RidePost's single purpose (preparing Marketplace listings from dealer inventory).
  • We do not use or transfer user data to determine creditworthiness or for lending purposes.
  • We do not read browser history, bookmarks, saved passwords, autofill, or content from any tab outside the explicitly declared host permissions.
  • We do not load any remote JavaScript or WebAssembly. All executable code ships inside the extension package.

6. Data retention and deletion

  • Local data (queue, history cache, settings, AI hero cache) is removed when the user uninstalls RidePost from Chrome.
  • Supabase data (rep accounts, vehicle posts, sold flags) is owned and controlled by the dealership operating its own Supabase project. The dealership admin can delete a rep's row, edit their PIN, or wipe the entire posting history at any time from the Supabase dashboard.
  • Gemini hero images are governed by Google's API privacy practices. RidePost stores the resulting image locally in IndexedDB and never re-shares it.

7. Permissions explained

  • storage — cache vehicle queue, history, rep session, settings.
  • scripting — interact with the Marketplace form when the rep clicks Fill / Upload Photos.
  • downloads — let the rep save vehicle photos locally as a fallback when in-page upload fails.
  • notifications — alert the rep when their daily sold-check finds a sold vehicle or a price change.
  • alarms — schedule the once-a-day automatic sold-check.
  • tabs — open the Marketplace tab when the rep clicks "Open Facebook" on the dashboard.

8. Children

RidePost is a B2B tool for adult sales staff. It is not directed at, marketed to, or intended for use by children under 13.

9. Changes to this policy

If we materially change what data RidePost handles, we will update this page and bump the effective date at the top. The Chrome Web Store listing will always link to the most recent version.

10. Contact

Questions, data requests, or removal requests: email marketing@ridegroup.com.