SDVerse

Privacy Policy

Home » Privacy Policy

Effective Date: February 1, 2026
Last Updated: February 1, 2026

This Privacy Policy (“Policy”) describes how SDVerse LLC (“SDVerse,” “we,” “us,” or “our”), a Delaware limited liability company with its principal place of business at 25925 Telegraph Road, Suite 101, Southfield, MI 48033, United States, collects, uses, discloses, and protects your personal information when you visit or interact with our website at https://www.sdverse.auto/ (the “Site”) or use any of the services, functionality, or offerings made available through the Site, including our marketplace platform and account features (collectively with the Site, the “Services”).

By accessing or using the Services, you acknowledge that you have read and understood this Policy. For users in the European Economic Area (EEA) and United Kingdom (UK), your use of the Services does not constitute consent to processing; we rely on the legal bases described in Section 3 below. If you do not agree with this Policy or do not wish to provide the mandatory personal information described in Section 1.A, you should not use the Services.

1. PERSONAL INFORMATION WE COLLECT

We collect various types of information to operate, maintain, and improve the Services.

A. Information You Provide Directly

When you submit a form, create an account, request access, or interact with the Services, we may collect:

  • Name
  • Email address
  • Phone number (optional)
  • Company name
  • Job title
  • Any information you provide through forms, chat, or requests

If a company administrator creates an account for you, we may receive your name and email address from your employer or associated organization.

Provision of Personal Information: For account creation and service requests, providing your name and email address is mandatory to perform the contract and provide the Services. Providing your company name and job title is also required for business account verification and service delivery. Your phone number is optional. If you do not provide mandatory information, we will be unable to create your account or fulfill your request.

B. Device and Usage Information

When you visit or use the Services, we automatically collect:

  • IP address
  • Browser type and version
  • Operating system
  • Time zone
  • Referring/exit pages
  • Pages viewed and interaction data
  • Cookie identifiers
  • Log file information
  • Web beacons, tags, and pixel information

This information is collected through cookies, log files, web server logs, and similar tracking technologies. For detailed information about our use of cookies and your choices, please see Section 1.C below.

C. Cookies and Tracking Technologies

Cookies are used to:

  • Keep your session active
  • Improve site functionality
  • Analyze traffic and usage
  • Remember preferences (where applicable)

All users, including those located in the European Economic Area (EEA) or United Kingdom (UK), will be presented with a Consent Management Platform (Usercentrics) upon first visiting the Site. The CMP allows you to accept or reject non-essential cookies, including analytics and performance cookies.

Cookie Categories:

  • Strictly Necessary Cookies: Required for the Site to function (e.g., session management, security). These cannot be disabled.
  • Performance/Analytics Cookies: Used to understand how visitors interact with the Site (e.g., Google Analytics). Requires consent for EU/UK users.
  • Functional Cookies: Remember your preferences and settings. Requires consent for EU/UK users.

You may withdraw your cookie consent at any time by clicking the cookie settings icon available on our Site or by clearing your browser cookies. To access cookie settings, look for the cookie preference icon typically located in the footer of our Site or in your account settings. Withdrawing consent will not affect the lawfulness of processing based on consent before withdrawal.

2. HOW WE USE PERSONAL INFORMATION AND PROCESSING DETAILS

We use personal information for the purposes below. For individuals in the EEA/UK, we also identify the applicable lawful basis under GDPR/UK GDPR.

Category of Personal Information Purpose(s) of Processing GDPR/UK GDPR Lawful Basis Recipients / Categories of Recipients Retention
Contact Information (name, email address, phone number (optional), company, job title) Provide and operate the Services; create and manage accounts; respond to requests and inquiries; send service-related and transactional communications; provide customer support Contract (to provide the Services / administer accounts); Legitimate Interests (customer relationship management, service administration) Hosting / infrastructure providers; platform and technical service providers; support contractors (as needed) For the life of the account/relationship, then retained for up to 3 years following account closure or end of relationship (or longer if required to comply with law, resolve disputes, or enforce agreements). Inquiry-only records retained up to 2 years from date of inquiry
Device and Usage Information (IP address, browser type, operating system, pages viewed, interaction data, time zone, referring URLs) Operate, maintain, and secure the Services; monitor performance; diagnose issues; improve functionality; prevent fraud and unauthorized access Legitimate Interests (security, fraud prevention, service improvement) Hosting / infrastructure providers; platform and technical service providers; security and support contractors (as needed) Log-level data generally retained up to 90 days (unless needed for security investigations, in which case retained until resolution of the investigation); aggregated or de-identified analytics may be retained indefinitely as they no longer constitute personal data
Cookie Identifiers and Analytics Data (cookie IDs, online identifiers, analytics events) Run the site and Services; remember preferences; measure and analyze usage; improve performance Consent (for non-essential cookies/analytics where required); Legitimate Interests (strictly necessary cookies for core functionality) Consent management provider; analytics providers (only where enabled/consented as applicable) Session cookies expire at end of session; persistent cookies persist per settings (typically 1–2 years from last interaction); analytics data retained per configuration (e.g., up to 26 months from collection)
Information Provided by an Employer / Administrator (where access is provisioned through an organization) Provision and administer enterprise access; manage organizational accounts and authorized users Contract (if organization is customer); Legitimate Interests (B2B account administration) Hosting / infrastructure providers; platform and technical service providers For the enterprise relationship, then up to 3 years, subject to legal/contractual requirements

Notes:

  • “Hosting / infrastructure providers” includes providers such as AWS; “platform and technical service providers” includes providers such as Spryker (where applicable).
  • We do not use personal information to make decisions based solely on automated processing that produce legal or similarly significant effects, unless expressly stated in an applicable Statement of Work or written agreement.

We use the personal information we collect for the purposes described above and as detailed in the table. Specifically:

  • Provide, operate, and maintain the Services
  • Create and manage user accounts
  • Process requests and respond to inquiries
  • Communicate with users (including security, onboarding, and transactional emails)
  • Improve the performance, functionality, and security of the Services
  • Analyze how users interact with the Services
  • Comply with legal or regulatory requirements
  • Prevent fraud, unauthorized access, and misuse

We use Device Information to:

  • Monitor site performance
  • Diagnose technical issues
  • Improve navigation and usability
  • Evaluate analytics trends (e.g., via Google Analytics, if consented)

3. LEGAL BASES FOR PROCESSING (EEA/UK USERS)

If you are located in the EEA or UK, SDVerse processes your personal data under one or more of the following legal bases (as mapped in the table in Section 2 above):

A. Performance of a Contract

To provide access to the marketplace, maintain accounts, send essential service emails, and fulfill service requests.

B. Legitimate Interests

To secure the platform, prevent fraud, understand service usage, and improve functionality. Our legitimate interests include: (i) ensuring the security and integrity of our Services; (ii) preventing fraudulent transactions and unauthorized access; (iii) understanding how users interact with our Services to improve user experience; and (iv) maintaining and enhancing Service functionality.

We have conducted a balancing test and determined that these interests are not overridden by your interests, rights, or freedoms, particularly given the reasonable expectations of users of a B2B marketplace platform and the security measures we implement. You have the right to object to processing based on legitimate interests as described in Section 8 below.

C. Consent

For:

  • Non-essential cookies
  • Analytics
  • Any marketing communications (if used)

You may withdraw your consent at any time by using the cookie settings on our Site (for cookies), by contacting us using the information in Section 13 below (for marketing communications), or through the unsubscribe mechanism in any marketing email. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

D. Legal Obligations

To comply with tax, accounting, and regulatory requirements.

4. SHARING OF PERSONAL INFORMATION

We may share personal information with:

A. Service Providers and Contractors

Including:

  • Amazon Web Services (hosting, infrastructure, and email delivery through SES)
  • Spryker (platform provider)
  • Google Analytics (analytics and performance insights)
  • Technical and operational contractors supporting our Services

All service providers are contractually obligated to protect personal information, process it only for authorized purposes, and comply with applicable data protection laws. Where required by GDPR, we have entered into data processing agreements (DPAs) that include the Standard Contractual Clauses approved by the European Commission and, where applicable, the UK International Data Transfer Addendum.

B. Corporate Transactions

We may disclose information during:

  • Mergers
  • Acquisitions
  • Divestitures
  • Restructuring
  • Bankruptcy

C. Legal and Regulatory Requirements

We may disclose information when necessary to:

  • Respond to subpoenas or legal processes
  • Comply with law enforcement requests
  • Protect legal rights or defend claims
  • Prevent fraud, security incidents, or system misuse

We do not sell personal information as defined under the California Consumer Privacy Act (CCPA) or make it available to third parties for their own marketing purposes. For California residents, please see Section 14 below for additional disclosures regarding “sale,” “sharing,” and your rights under CCPA/CPRA.

5. INTERNATIONAL TRANSFERS (EU/UK USERS)

SDVerse is based in the United States.

If you access the Services from the EEA or UK, your personal information will be transferred to and processed in the United States, which has not been subject to an adequacy decision by the European Commission or UK government.

We implement the following safeguards for international transfers to countries that have not received an adequacy decision, as required by GDPR Article 46 and UK GDPR:

  • Standard Contractual Clauses (SCCs) with AWS, Google, and Spryker
  • Technical and organizational security measures
  • Privacy and data protection commitments from our service providers

By using the Services, you acknowledge that your data will be transferred to the United States and potentially to other countries where our service providers operate. You have the right to obtain a copy of the safeguards we have implemented for international transfers by contacting us using the information in Section 13 below.

6. DATA SECURITY

We implement and maintain appropriate technical, organizational, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction, including:

  • Encryption at rest and in transit
  • AWS security architecture and IAM controls
  • Secure Spryker platform infrastructure
  • Access restrictions and monitoring
  • Industry-standard web security practices
  • Usercentrics cookie consent controls

Despite these measures, no system is 100% secure. While we implement industry-standard security measures to protect your data, we cannot guarantee absolute security.

7. DATA RETENTION

We retain personal information only as long as reasonably necessary for the following purposes, or as required by applicable law:

  • Service delivery
  • Account management
  • Security and fraud prevention
  • Legal and regulatory obligations

When retention is no longer required, we will securely delete or anonymize data in accordance with our data retention schedule, unless retention is required by applicable law or legitimate business purposes.

8. YOUR RIGHTS (INCLUDING EEA/UK DATA SUBJECT RIGHTS)

Depending on your location, you may have the following rights:

For EEA/UK Residents:

  • Right of Access – Request copies of your personal data
  • Right to Rectification – Request corrections
  • Right to Erasure – Request deletion under certain conditions
  • Right to Restrict Processing – Pause processing in specific scenarios
  • Right to Object – Object to certain types of processing
  • Right to Data Portability – Request transfer in a structured format
  • Right to Withdraw Consent – Withdraw cookie or marketing consent
  • Right to Lodge a Complaint – You have the right to lodge a complaint with your local supervisory authority. For EEA residents, you can find your data protection authority at https://edpb.europa.eu/about-edpb/board/members_en. For UK residents, contact the Information Commissioner’s Office (ICO) at https://ico.org.uk/.

To exercise any right, email us at info@sdverse.auto. We will respond to verified requests within the timeframes required by applicable law

For U.S. Residents (CA, CO, CT, UT, VA, and other states with applicable privacy laws)

Under applicable U.S. state privacy laws, you have the following rights:

  • Access
  • Correction
  • Deletion
  • Portability
  • Opt-Out of Sale/Sharing of Personal Information
  • Non-Discrimination
  • Authorized Agent Requests

To exercise these rights, please contact us at info@sdverse.auto. We will not discriminate against you for exercising any of these rights. Depending on your state of residence, you may also have the right to appeal our decision regarding your request.

9. THIRD-PARTY LINKS

Our Services may include links to other websites or platforms.

We are not responsible for the privacy practices of third-party websites.

We encourage you to review their policies.

10. CHILDREN UNDER 13

We do not knowingly collect or solicit personal information from children under age 13 without verifiable parental consent, as required by the Children’s Online Privacy Protection Act (COPPA).

If you believe we have collected such information, contact us immediately at info@sdverse.auto and we will take steps to delete it promptly, typically within 10 business days of verification.

11. DO NOT TRACK

We do not currently respond to Do Not Track signals from browsers. However, you may exercise your opt-out rights as described in Section 8 above, and you can manage cookies through our Usercentrics consent management platform and your browser settings.

12. CHANGES TO THIS POLICY

We may update this Policy from time to time.

If material changes are made that affect your rights or how we process your personal information, we will provide notice via email (if you have provided an email address) or a prominent banner on the Site at least 30 days before the changes take effect. Your continued use of our Services after the effective date constitutes acceptance of the updated Policy.

13. CONTACT US

If you have any questions about this Policy or wish to exercise your rights, contact us:

Email: info@sdverse.auto

Address:

SDVerse LLC
25925 Telegraph Road, Suite 101
Southfield, MI 48033
United States

Subscribe for exclusive insights