Buying or leasing a car is one of the most data-intensive transactions most people ever go through. Between credit applications, trade-in appraisals, insurance verification, and financing paperwork, you hand over an extraordinary amount of personal information. And in 2026, the car itself is a data collection device. Here's how to protect your privacy through the entire process.
What Dealerships Collect About You
When you walk into a dealership, they start collecting data before you even sign anything. By the time you drive off the lot, the dealership typically has:
- Full legal name and date of birth
- Social Security number (for credit checks)
- Home address and phone number
- Employment information including employer name, income, and length of employment
- Bank account details for financing or down payments
- Driver's license number and a copy of the physical license
- Insurance information including policy number and carrier
- Credit history pulled from one or more credit bureaus
- Trade-in vehicle details including VIN, mileage, and condition
This data doesn't stay at the dealership. It flows to lenders, insurance companies, warranty providers, and potentially marketing partners.
Dealerships Are Classified as Financial Institutions
Because dealerships arrange financing and leasing, they're legally classified as "financial institutions" under the Gramm-Leach-Bliley Act (GLBA). This means they're subject to federal regulations governing how they handle your "nonpublic personal information" (NPI), including Social Security numbers and credit history. They're required to provide a privacy notice, but many consumers never read it.
Before You Visit the Dealership
Get Pre-Approved for Financing Independently
One of the biggest privacy risks at a dealership is the credit application process. Dealerships routinely submit your information to multiple lenders to find financing — sometimes sending your application to a dozen or more banks and credit unions without your explicit knowledge.
To avoid this:
- Get pre-approved through your own bank or credit union before visiting
- This limits your credit inquiry to a single pull that you control
- You'll also be in a stronger negotiating position with a pre-approval in hand
Freeze Your Credit First (If Not Financing Through the Dealer)
If you're paying cash or already have pre-approved financing, consider keeping your credit frozen. This prevents the dealership from pulling your credit without your explicit consent. You can temporarily lift the freeze if needed.
Create a Separate Email Address
Use a dedicated email address for all car-related communications. This keeps dealership marketing emails, service reminders, and promotional materials out of your primary inbox, and limits the data that gets shared with marketing partners.
At the Dealership: Protect Your Data
Read the Privacy Notice
Under the FTC's Privacy Rule, dealerships must provide a privacy notice explaining how your information will be used and shared. Ask for a copy before signing anything. Look for:
- Whether they share your data with non-affiliated third parties
- Whether they sell your information for marketing purposes
- What opt-out rights you have
- How long they retain your data after the transaction
Limit What You Provide
- Don't hand over your driver's license for copying during a test drive unless legally required in your state. Some dealerships copy it for their records and retain it indefinitely.
- Don't provide your SSN until you've agreed to terms and are ready to finalize financing. Some salespeople ask for it during early negotiations.
- Decline unnecessary data collection. If a form asks for information that isn't relevant to the transaction (like social media handles or employer email), leave it blank.
Ask About Data Sharing
Specifically ask the finance manager:
- How many lenders will receive your credit application?
- Will your information be shared with marketing partners?
- How long will they keep your personal data on file?
- Can you opt out of data sharing with non-affiliated third parties?
Your Right to Opt Out
Under the GLBA, you have the right to opt out of having your nonpublic personal information shared with non-affiliated third parties for marketing purposes. The dealership's privacy notice should explain how to exercise this right. Ask specifically about this before signing your paperwork.
After the Purchase: Your Connected Car
In 2026, the privacy risk doesn't end when you sign the paperwork. Modern vehicles are sophisticated data collection platforms. A typical connected car collects:
- Location data: GPS tracking of everywhere you drive, including frequency and duration
- Driving behavior: Speed, braking patterns, acceleration, and cornering
- Voice recordings: From in-car microphones and voice assistants
- Phone data: Contacts, call logs, and text messages synced via Bluetooth or CarPlay/Android Auto
- Biometric data: Some vehicles collect facial recognition and driver attention data
- Cabin camera footage: Interior cameras marketed for safety can record passengers
Car manufacturers have been caught sharing this data with insurance companies, data brokers, and advertisers. A 2024 Mozilla Foundation report found that modern cars are among the worst consumer products for privacy.
How to Limit Connected Car Data Collection
- Review the infotainment system's privacy settings and disable data sharing, location tracking, and telemetry where possible
- Don't sync your phone with the car's Bluetooth system if you can avoid it. If you do, delete your data before selling or returning the vehicle
- Opt out of manufacturer data sharing through the automaker's website or app. Most manufacturers have privacy preference centers.
- Decline connected services like Wi-Fi hotspots and remote vehicle management unless you actually need them
- Check your insurance: Some insurers offer discounts for sharing driving data, but this trades privacy for savings. Understand what you're giving up.
When You Sell or Return the Vehicle
Before selling, trading in, or returning a leased vehicle:
- Factory reset the infotainment system to erase stored contacts, addresses, garage codes, and paired devices
- Remove your accounts from any connected car apps (manufacturer apps, streaming services, etc.)
- Unpair all Bluetooth devices
- Delete your home address and saved locations from the navigation system
- Contact the dealership and request that your personal data be deleted from their records if you're no longer a customer
Protect Your Data After the Transaction
Even after the sale is complete, your information may be circulating through dealership marketing databases and data broker sites. To clean up:
- Monitor your credit report for unauthorized inquiries from the dealership or lenders
- Opt out of dealership marketing emails and unsubscribe from their communications
- Check data broker sites for any new information that may have appeared as a result of the transaction, such as your new address or vehicle details
PrivacyOn can help by continuously monitoring more than 100 data broker sites for your personal information and automatically submitting removal requests. Plans start at $8.33/month and include dark web monitoring, 24/7 automated surveillance, and family plans for up to 5 people.
Take Control of Your Automotive Privacy
Buying or leasing a car doesn't have to mean surrendering your privacy. By limiting what you share at the dealership, securing your connected car's data settings, and monitoring your personal information afterward, you can significantly reduce your exposure. Pair these practices with PrivacyOn's automated data broker monitoring for comprehensive protection.