Last updated: 2026-06-06 · Effective: 2026-06-15
“Lili’s Registration,” “we,” “us,” or “our” means the operator of lilisregistration.com and the registration-service operated under that domain. We are a private business — not a state Department of Motor Vehicles or any government agency.
For privacy questions, including requests to access, delete, correct, or port your data, contact privacy@lilisregistration.com or our postal address listed in the footer of our emails.
Following the CCPA §1798.140 categories (other state laws use comparable taxonomies):
We do not knowingly collect personal information from children under 16. Our service is intended for adult vehicle and vessel owners.
We collect the categories above directly from you, from your authorized dealer representative when you transact through a dealer account, from our licensed registration-service partners (status updates on submitted orders), and from public records and state DMV systems where you have authorized us to retrieve them (e.g. plate lookups via your prior consent).
The federal Driver Privacy Protection Act (18 U.S.C. §§ 2721–2725) restricts disclosure of “motor vehicle records” obtained from a state DMV. When we obtain or process motor vehicle records on your behalf, we do so only for the “permissible uses” enumerated in 18 U.S.C. §2721(b), specifically to process the registration, title, or non-operation transaction you have requested. We do not use, sell, or share DPPA-covered records for any other purpose.
In the following limited categories:
We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. We honor the Global Privacy Control signal as a valid opt-out of any future sharing for such purposes.
We retain personal information only as long as necessary for the purposes described above, or as required by law:
| Category | Retention |
|---|---|
| Account profile | Active life of account + 30 days after deletion request |
| Order records (status, amounts, state) | 7 years (tax + audit) |
| Driver license / ID / sensitive ID images | 90 days after order completion, then auto-deleted |
| Title images, smog certs, registration cards | Per state DMV retention rule, typically 3–4 years |
| Payment records (Stripe-side) | 7 years (Stripe + IRS requirements) |
| Server logs (IP, request, error) | 90 days |
| Marketing email opt-in records | Active opt-in + 3 years after withdrawal (compliance evidence) |
Automated deletion is enforced by our document-retention cron; manual deletion is available on request via privacy@lilisregistration.com.
Depending on where you live, you may have the right to:
To exercise these rights: visit Account > Settings (export and delete are self-service), or email privacy@lilisregistration.com. We verify identity before completing access or deletion requests; for security-sensitive requests we may require email-link confirmation or recent account re-authentication. We respond within 45 days (extendable once for another 45 days) per CCPA §1798.130; GDPR Article 12 timelines (1 month, extendable to 3) apply where you reside in the EEA/UK.
Appeal: if we decline a request, you may appeal by replying to our response email. We will respond to the appeal within 60 days. If unsatisfied, you may contact your state attorney general (in California, the California Privacy Protection Agency at cppa.ca.gov).
We use TLS 1.3 in transit; AES-256 encryption at rest on Supabase; row-level security policies on every database table; least-privilege service accounts; audit logging on administrative actions; and multi-factor authentication for administrator accounts. Payment card data never touches our servers — it goes directly from your browser to Stripe.
No system is perfectly secure. If we become aware of a breach of your personal information, we will notify you and applicable regulators as required by law (CCPA §1798.82, GDPR Art. 33–34, and state breach-notice statutes).
Our service runs on infrastructure located in the United States. If you are accessing the service from outside the United States, your information will be transferred to and processed in the U.S. Where required by law, we rely on the Standard Contractual Clauses (EU) or the UK International Data Transfer Agreement for cross-border transfers.
We use essential cookies to keep you signed in and remember your in-flight order. With your consent (via the banner shown on first visit), we may also use analytics or marketing cookies in the future; today no such cookies are loaded. You can change your choice at any time by clearing your browser data or by visiting our cookie preferences (when present in the footer).
We will post material changes to this Policy on this page and update the “Last updated” date at the top. For material changes that expand our use of your information, we will provide additional notice (in-product banner and/or email) and where required obtain your consent before the change takes effect.
Privacy questions or rights requests: privacy@lilisregistration.com
Postal: see the address in any of our emails.