Security Policy

CarBlock LLC (Wyoming Limited Liability Company)

Effective Date: March 9, 2026

This Security Policy describes the measures CarBlock LLC ("CarBlock," "we," "our," or "us") takes to protect the integrity, confidentiality, and availability of your data and account on the CarBlock website, mobile application, and services (collectively, the "Platform").

By using the Platform, you agree to cooperate with these security practices. If you do not agree, you may not use the Platform.

1. Our Commitment to Security

CarBlock is committed to maintaining a safe and trusted marketplace for vehicle buyers, sellers, and licensed dealers.

Our security program is designed to:

  • Protect user account information and personal data
  • Secure financial transactions and payment data
  • Prevent unauthorized access to the Platform
  • Detect and respond to security incidents promptly
  • Maintain the integrity of vehicle listings and auction activity

Security is a shared responsibility between CarBlock and its users. We ask all users to follow the guidelines in this policy to help keep the Platform safe.

2. Account Security

You are responsible for maintaining the security of your CarBlock account.

To keep your account secure, you must:

  • Use a strong, unique password that is not used on other platforms
  • Never share your login credentials with anyone
  • Log out of your account when using shared or public devices
  • Keep your registered email address current and accessible
  • Notify CarBlock immediately if you suspect unauthorized access

CarBlock will never ask for your password via email, phone, or chat.

CarBlock may suspend or terminate accounts where suspicious activity is detected to protect the safety of the Platform and its users.

3. Authentication and Access Controls

CarBlock implements technical access controls to protect user accounts and Platform data.

These controls include:

  • Secure authentication powered by Supabase with encrypted session tokens
  • Automatic session expiry after periods of inactivity
  • Role-based access controls distinguishing dealer and private seller accounts
  • Rate limiting on login attempts to prevent brute-force attacks
  • Secure password hashing using industry-standard algorithms

CarBlock may introduce additional authentication options such as two-factor authentication (2FA) in the future to further protect user accounts.

4. Data Encryption

CarBlock uses encryption to protect data in transit and at rest.

Our encryption practices include:

  • TLS (Transport Layer Security) encryption for all data transmitted between your device and the Platform
  • Encrypted storage of sensitive account and user data
  • Encrypted handling of authentication tokens and session data
  • Secure transmission of payment information through PCI-compliant third-party processors

CarBlock does not store full payment card details. All payment data is handled directly by our third-party payment processors.

5. Payment Security

All financial transactions on the Platform are processed through trusted third-party payment providers.

Our payment security standards include:

  • Use of PCI DSS-compliant payment processors
  • No storage of full credit card or banking details on CarBlock servers
  • Encrypted payment sessions during checkout and transaction processing
  • Fraud detection and monitoring by payment service providers

CarBlock does not have access to your full payment card details at any point during a transaction.

If you notice an unauthorized transaction associated with your CarBlock account, contact us immediately at support@carblock.com.

6. Dealer Verification and Identity Security

CarBlock takes additional steps to verify the identity of licensed dealers accessing the Platform.

Dealer security measures may include:

  • Verification of dealer license numbers prior to account activation
  • Review of dealership name and business address against registration records
  • Manual review of accounts flagged for suspicious activity
  • Restriction of dealer privileges pending verification completion

CarBlock reserves the right to suspend dealer accounts where identity verification cannot be completed or where fraudulent credentials are detected.

7. Platform Integrity and Fraud Prevention

CarBlock actively monitors the Platform to protect the integrity of vehicle listings, auctions, and transactions.

Our fraud prevention measures include:

  • Automated detection of suspicious bidding patterns
  • Monitoring for duplicate or fraudulent vehicle listings
  • Review of flagged accounts and transactions
  • Cooperation with law enforcement where fraudulent activity is identified
  • Removal of listings associated with stolen or unlawfully obtained vehicles

Users who engage in fraudulent activity may have their accounts permanently terminated and may be reported to relevant authorities.

CarBlock does not guarantee that all fraudulent activity will be detected or prevented, and users are encouraged to exercise due diligence when transacting on the Platform.

8. Infrastructure Security

The CarBlock Platform is built on secure, industry-standard cloud infrastructure.

Infrastructure security measures include:

  • Hosting on secure cloud infrastructure with redundancy and failover
  • Regular security patches and software updates
  • Network-level firewalls and intrusion detection systems
  • Database access restricted to authorized systems and personnel only
  • Regular backups of platform data to prevent data loss

CarBlock infrastructure is managed in accordance with current industry security best practices.

9. Vulnerability Disclosure

CarBlock encourages responsible disclosure of security vulnerabilities.

If you discover a potential security vulnerability on the Platform, please:

  • Report it to us promptly at support@carblock.com
  • Provide a clear description of the vulnerability and steps to reproduce it
  • Allow CarBlock reasonable time to investigate and address the issue before public disclosure
  • Avoid accessing, modifying, or deleting user data during your testing

CarBlock will acknowledge receipt of your report and keep you informed of our investigation progress where appropriate.

We ask that security researchers act in good faith and refrain from causing harm to the Platform or its users during any testing.

10. Incident Response

In the event of a security incident, CarBlock will take the following steps:

  • Identify and contain the incident as quickly as possible
  • Assess the scope and impact on users and Platform data
  • Notify affected users in accordance with applicable law
  • Cooperate with relevant authorities where required
  • Implement remediation measures to prevent recurrence

CarBlock will notify affected users of material data breaches within the timeframes required by applicable state and federal law.

11. User Responsibilities

Users play an important role in keeping the Platform secure. You agree to:

  • Keep your account credentials confidential and not share them with others
  • Use the Platform only for lawful purposes consistent with these terms
  • Report suspicious listings, users, or activity to CarBlock immediately
  • Not attempt to gain unauthorized access to any part of the Platform
  • Not use automated tools, bots, or scrapers on the Platform without permission
  • Not interfere with or disrupt the Platform's infrastructure or security systems

Violations of these responsibilities may result in immediate account suspension or termination and may be reported to law enforcement.

12. Third-Party Security

CarBlock integrates with third-party service providers to deliver Platform functionality. These providers are selected in part based on their security standards.

Third-party providers used by CarBlock may include:

  • Supabase — authentication, database, and session management
  • Stripe or equivalent — PCI-compliant payment processing
  • Montway Auto Transport — vehicle transportation coordination
  • Cloud hosting providers — secure infrastructure and data storage

CarBlock is not responsible for the security practices of third-party providers beyond our reasonable due diligence in selecting them.

We encourage you to review the security and privacy policies of any third-party services you interact with through the Platform.

13. Limitation of Liability for Security Incidents

While CarBlock takes reasonable steps to protect the Platform and its users, no security system is completely impenetrable.

CarBlock shall not be liable for:

  • Unauthorized access resulting from user negligence (e.g., sharing credentials)
  • Security breaches caused by third-party service providers
  • Data loss or exposure arising from circumstances beyond our reasonable control
  • Damages resulting from malicious activity by third parties targeting the Platform

CarBlock provides the Platform "as-is" and makes no warranty that the Platform will be free from security vulnerabilities at all times.

14. Changes to This Security Policy

CarBlock may update this Security Policy periodically to reflect improvements in our security practices or changes in applicable law.

When material changes are made, we will update the Effective Date at the top of this page.

Continued use of the Platform after any update constitutes your acceptance of the revised Security Policy.

15. Governing Law

This Security Policy is governed by the laws of the State of Wyoming, consistent with the Terms and Conditions of the CarBlock Platform.

16. Contact Information

To report a security concern, vulnerability, or incident:

CarBlock LLC

Wyoming, United States

support@carblock.com

© 2026 CarBlock LLC. All rights reserved.