Privacy Policy

1. Introduction

Bracebridge Labs LLC, a North Carolina limited liability company doing business as Second Lap (“Company,” “we,” “us,” or “our”), is committed to protecting the privacy and security of your personal information.

This Privacy Policy describes how we collect, use, disclose, retain, and protect personal information when you interact with the Second Lap platform, including our websites, applications, and messaging services (collectively, the “Service”). This Privacy Policy applies to all individuals who use or interact with the Service, including automotive dealership personnel (“Dealership Users”) and customers of automotive dealerships who receive communications through the Service (“End Users”).

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

We collect contact information, including your mobile phone number, name, email address, and mailing address, as provided to the dealership through service intake forms, website forms, or in-person interactions. We collect the content of text messages (SMS/MMS), WhatsApp messages, and other communications you send to or receive from a participating dealership through the Service. We also collect vehicle information, including vehicle identification number (VIN), make, model, year, mileage, and service history as provided by you or obtained through your dealership interaction. Service records, including information about your vehicle service appointments, repair orders, and service history maintained by the dealership, are also collected as part of the Service.

2.2 Information Collected Automatically

We automatically collect messaging metadata, including timestamps, delivery status, message identifiers, and routing information necessary to send and receive messages. We collect device information, including mobile carrier information and phone number type (mobile, landline, VoIP), used for message delivery. We also collect usage data such as opt-in and opt-out status, message delivery confirmations, and response timestamps.

2.3 Information from Third Parties

We receive vehicle service records, appointment data, and customer records from dealership management systems (“DMS”) that participating dealerships maintain and share with us to operate the Service. When requested by the dealership, we also obtain vehicle valuation data, market pricing, and vehicle history information from third-party data providers for the purpose of providing trade-in estimates and vehicle assessments.

2.4 Information We Do Not Collect

We do not collect financial account numbers, Social Security numbers, or government-issued identification numbers from End Users. We do not collect precise geolocation data. We do not collect biometric data.

3. How We Use Your Information

3.1 Service Operations

We use the information we collect to send and receive text messages, WhatsApp messages, and other communications on behalf of participating dealerships. We use it to manage service appointment reminders, confirmations, and status updates; to provide vehicle trade-in estimates and valuation information when requested; to facilitate customer care conversations between you and the dealership; and to process opt-in and opt-out requests.

3.2 Service Improvement and Security

We use information to maintain, monitor, and improve the reliability and performance of the Service; to detect, prevent, and respond to fraud, abuse, security incidents, and technical issues; and to conduct internal analytics using aggregated and de-identified data only.

3.3 Legal and Compliance

We use information to comply with applicable laws, regulations, and legal processes; to enforce our Terms & Conditions and protect our legal rights; to respond to lawful requests from law enforcement and government authorities; and to maintain records required for regulatory compliance.

3.4 How We Do Not Use Your Information

We do not sell your personal information. We have never sold personal information and have no intention of doing so.

We do not share your information with third parties for their own marketing purposes.

We do not send unsolicited marketing messages. All communications through the Service are transactional or conversational and directly related to your dealership interactions.

We do not use your personal information to train general-purpose AI models. AI features within the Service operate solely to facilitate your communications with the dealership.

4. How We Share Your Information

We share personal information only in the following limited circumstances.

4.1 With Participating Dealerships

We share your communications and related information with the dealership with which you are interacting. The dealership maintains the direct customer relationship with you and determines the purposes for which your information is used in connection with their services.

4.2 With Service Providers

We engage trusted third-party service providers who perform functions on our behalf. These include communications infrastructure providers for message delivery and routing, cloud hosting providers for secure data storage and processing, vehicle data providers for valuation and market data, security providers for threat detection and prevention, and AI processing providers for natural language processing used in customer communications.

All service providers are contractually required to use personal information only for the purposes for which it was disclosed to them and to maintain appropriate security safeguards.

4.3 For Legal Reasons

We may disclose personal information if we believe in good faith that disclosure is necessary to comply with applicable laws, regulations, subpoenas, court orders, or legal process; to enforce our Terms & Conditions or other agreements; to protect the rights, property, or safety of Bracebridge Labs LLC, our users, or the public; or to detect, prevent, or address fraud, security, or technical issues.

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, personal information may be transferred as part of that transaction. We will notify affected users of any change in ownership or control of personal information.

5. Data Security

We take the security of your personal information seriously and implement administrative, technical, and physical safeguards designed to protect it against unauthorized access, use, alteration, or destruction.

Personally identifiable information, including name, email, phone number, and address, is encrypted at the application layer using industry-standard encryption before storage. All data in transit is encrypted using TLS 1.2 or higher.

Access to personal information is restricted through role-based access controls to authorized personnel who require it to perform their job functions. Multi-factor authentication is required for administrative access.

Our systems are hosted on enterprise-grade cloud infrastructure with continuous security monitoring, intrusion detection, and automated threat response capabilities.

All access to and modifications of personal information are logged in immutable audit trails for compliance and security monitoring purposes.

We conduct regular security reviews, vulnerability assessments, and penetration testing of our systems.

We maintain a documented incident response plan. In the event of a data breach affecting your personal information, we will notify you and applicable regulatory authorities in accordance with applicable law.

While we use commercially reasonable means to protect your personal information, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

6. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy.

Active service data, including communications, appointment records, and related information, is retained for the duration of the dealership’s use of the Service and the active customer relationship. Message content and metadata are retained for a period necessary to support service operations, resolve disputes, and comply with legal obligations, after which they are securely deleted or de-identified. Security and compliance audit logs are retained in accordance with our regulatory obligations. Certain information may be retained for longer periods as required by applicable laws, regulations, or legal proceedings.

Upon termination of a dealership’s use of the Service, we will delete or de-identify End User personal information within a commercially reasonable timeframe, unless retention is required by law.

7. Your Rights and Choices

7.1 SMS Opt-Out

You may opt out of receiving SMS messages at any time by replying STOP to any message. You will receive a single confirmation message, and no further messages will be sent unless you re-subscribe by replying START or YES.

7.2 Help and Support

Reply HELP to any message for assistance, or contact us at support@bracebridgelabs.com.

7.3 Access and Correction

You may request access to the personal information we hold about you, or request correction of inaccurate information, by contacting us at support@bracebridgelabs.com. We will respond to verifiable requests within thirty (30) days.

7.4 Deletion

You may request deletion of your personal information by contacting us at support@bracebridgelabs.com. We will comply with your request to the extent permitted by law, taking into account any legal obligations that may require us to retain certain information. Deletion requests will be processed within thirty (30) days.

7.5 State Privacy Rights

Depending on your state of residence, you may have additional privacy rights under applicable state law, including the California Consumer Privacy Act, the North Carolina Consumer Privacy Act, the Texas Data Privacy and Security Act, the Virginia Consumer Data Protection Act, and similar legislation. These rights may include the right to know what personal information we collect, use, and disclose; the right to delete personal information we hold about you; the right to opt out of the sale or sharing of personal information (we do not sell or share personal information); the right to non-discrimination for exercising your privacy rights; the right to correct inaccurate personal information; and the right to data portability.

To exercise any of these rights, contact us at support@bracebridgelabs.com. We will verify your identity before processing your request. You will not be discriminated against for exercising your privacy rights.

8. Children’s Privacy

The Service is not directed to individuals under the age of sixteen (16). We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe we have collected information from a child under 16, please contact us at support@bracebridgelabs.com.

9. Do Not Track Signals

The Service does not currently respond to “Do Not Track” signals transmitted by web browsers. The Service operates primarily through SMS messaging and does not use cookies or web tracking technologies for End User communications.

10. Third-Party Links

Messages sent through the Service may occasionally contain links to third-party websites or services. We are not responsible for the privacy practices of any third-party website. We encourage you to review the privacy policies of any third-party sites you visit.

11. International Users

The Service is operated from and intended for use within the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the “Last Updated” date at the top of this document. We encourage you to review this Privacy Policy periodically. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Bracebridge Labs LLC
Email: support@bracebridgelabs.com
Web: www.bracebridgelabs.com

For SMS-related inquiries, reply HELP to any message or text HELP to the dealership number from which you received a message.

© 2026 Bracebridge Labs LLC. All rights reserved.