Information We Collect

We collect several categories of personal and non-personal information depending on how you interact with our Services.

1.1 Account & Registration Information

When you create an account or register for the Services, we may collect:

• Full name, job title, and professional role (e.g., dealer principal, finance manager, sales associate)
• Business name, dealership name, and physical address
• Email address and phone number
• Username, password (stored in hashed form), and security questions
• Billing name and address
• Dealer license numbers and relevant business identification numbers

1.2 Payment & Financial Information

If you purchase a subscription, service, or add-on, we or our payment processors collect:

• Credit or debit card type and last four digits
• Billing address and billing contact
• Transaction history and subscription tier

1.3 Vehicle & Inventory Data

As part of our dealer management tools, we process data you or your team enter, including:

• Vehicle identification numbers (VINs), make, model, year, trim, mileage, and condition
• Asking price, invoice price, and reconditioning cost
• Inventory status, lot location, days-on-lot metrics, and photos
• Vehicle history reports and carfax data imported by the user

1.4 Customer & Lead Data

Dealers using our CRM or lead management features may upload or enter consumer information, including:

• Consumer name, email address, phone number, and mailing address
• Vehicle interest, budget range, and financing preferences
• Communication history, call logs, and notes
• Purchase history and deal stage information
• Trade-in information provided by consumers

1.5 Usage & Interaction Data

• Pages visited, features accessed, and buttons clicked
• Search queries entered within the platform
• Session duration, time-stamps, and frequency of use
• Error logs and performance data
• Feature preferences and customization settings

1.6 Communications Data

• Messages sent through in-app chat, support tickets, or contact forms
• Emails exchanged with our support or sales teams
• Responses to surveys, polls, or feedback requests
• Content of reviews or testimonials submitted voluntarily

1.7 Technical & Device Data

• IP address and approximate geographic location derived from IP
• Browser type, browser version, operating system
• Device identifiers (IDFA, Android Advertising ID, device ID)
• Screen resolution, language preferences, and time zone
• Referring URLs and exit pages
• Network type (Wi-Fi, cellular) and carrier

How We Collect Information

2.1 Directly From You

We collect information you provide directly by creating an account, filling out forms, uploading files, communicating with us, or entering data into the platform.

2.2 Automatically Through Technology

We use cookies, web beacons, pixel tags, log files, local storage, and similar tracking technologies to automatically collect data when you use our Site or App. See Section 6 for full details.

2.3 From Third-Party Integrations

If you connect your DealerSwift account to third-party services (e.g., DMS providers, marketing platforms, vehicle valuation tools, manufacturer portals), we may receive data from those services as authorized by you.

2.4 From Business Partners and Data Providers

We may receive information from our business partners, advertising networks, analytics providers, and publicly available sources, including:

• Dealership verification data from state DMV databases and industry registries
• Market data and pricing intelligence from automotive data aggregators
• Marketing data to supplement our records for outreach purposes

2.5 Through the Mobile App

The DealerSwift Mobile App may collect additional data as described in Section 7 below, including location data, camera usage, push notification tokens, and device sensor data.

How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Operating the Services

• Creating and managing your account and dealership profile
• Processing subscriptions, billing, and renewals
• Enabling inventory management, CRM, and reporting features
• Facilitating communication between dealers and leads
• Supporting integrations with third-party tools you've authorized

3.2 Customer Support & Communications

• Responding to your inquiries, support tickets, and feedback
• Sending transactional communications (receipts, alerts, system notices)
• Notifying you of service outages, maintenance windows, or security events

3.3 Improving and Developing the Services

• Analyzing usage patterns to improve features and user experience
• Conducting A/B testing and usability research
• Developing new tools, modules, and service offerings
• Training internal machine learning or AI models on aggregated, anonymized data

3.4 Marketing and Promotional Activities

• Sending newsletters, product updates, and promotional offers (with opt-out available)
• Personalizing marketing content based on your usage and preferences
• Targeting relevant ads on third-party platforms using hashed identifiers

3.5 Safety, Security, and Legal Compliance

• Detecting, preventing, and investigating fraud, abuse, or unauthorized access
• Enforcing our Terms of Service and other agreements
• Complying with applicable laws, regulations, and legal processes
• Responding to subpoenas, court orders, or government requests
• Protecting the rights, property, or safety of DealerSwift, our users, or the public

3.6 Aggregated & Anonymized Analytics

We may generate aggregated, de-identified, or anonymized datasets from your information. Such data does not identify you or any individual and may be used or shared freely for benchmarking, industry research, product improvement, and marketing insights.

Legal Bases for Processing

Where applicable under privacy law (including GDPR and Canadian law), we process your personal data on the following legal bases:

Sharing Your Information

We do not sell your personal information to third parties. However, we may share your information in the following circumstances:

5.1 Service Providers and Subprocessors

We engage trusted third-party vendors to help operate the Services. These vendors are contractually bound to use your data only as directed by us and to maintain appropriate security. Categories of service providers include:

• Cloud hosting and infrastructure providers
• Payment processors and billing platforms
• Customer support and helpdesk software
• Email delivery and marketing automation tools
• Analytics and performance monitoring platforms
• SMS and push notification providers
• Identity verification and fraud detection services

5.2 Dealer-Authorized Integrations

When you connect DealerSwift to third-party applications (e.g., manufacturer portals, DMS systems, marketing platforms), we share the data necessary to enable those integrations. You control which integrations to enable.

5.3 Business Transfers

If DealerSwift is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change via email or a prominent notice on our Site.

5.4 Legal and Regulatory Disclosures

We may disclose information if we believe in good faith that disclosure is necessary to:

• Comply with applicable law, regulation, or legal process
• Respond to valid requests from public authorities
• Protect the rights or safety of DealerSwift, our users, or others
• Detect or prevent fraud or security threats

5.5 Aggregated or De-Identified Data

We may share aggregated or de-identified data that cannot reasonably be used to identify you with industry partners, researchers, or the public for purposes such as market reporting, benchmarking, and research.

5.6 With Your Consent

We may share your information with additional third parties when you have given us explicit consent to do so.

Cookies & Tracking Technologies

6.1 Types of Cookies We Use

6.2 Managing Cookies

You can manage cookie preferences through our cookie consent banner (displayed on first visit) or by adjusting your browser settings. Note that disabling certain cookies may impair the functionality of the Services.

6.3 Do Not Track

Our Site does not currently respond to browser-level "Do Not Track" signals. However, you may opt out of analytics tracking as described in Section 10.

6.4 Third-Party Trackers

Our Site may include pixels or tracking code from third parties such as Google, Meta (Facebook), LinkedIn, and others. These parties may set their own cookies subject to their own privacy policies, which we encourage you to review.

Mobile App & Device Data

The DealerSwift Mobile App (available on iOS and Android) may request access to certain device features. Here is what we may access and why:

You may grant or revoke these permissions at any time through your device's system settings. Revoking a permission disables the corresponding feature but does not affect your ability to use the core platform.

7.1 App Analytics

We may use mobile analytics SDKs (e.g., Firebase, Amplitude) within the App to track crashes, session durations, screen flows, and feature engagement. These analytics are used to improve the App experience.

7.2 Push Notifications

If you opt in to push notifications, we store your device push token and use it solely for delivering notifications related to the DealerSwift App. You may opt out at any time in your device notification settings.

Data Retention

We retain your personal data for as long as necessary to fulfill the purposes described in this Policy, or as required by law. Specific retention periods include:

• Account Data: Retained for the duration of your active account plus 3 years after account closure, to support dispute resolution, tax compliance, and audit requirements.
• Transaction and Billing Records: Retained for a minimum of 7 years in compliance with financial record-keeping regulations.
• Customer/Lead Data Uploaded by Dealers: Retained until deleted by the dealer or until account closure, subject to applicable law.
• Usage Logs and Analytics: Retained in identifiable form for up to 24 months, then anonymized for longer-term storage.
• Support and Communications Records: Retained for up to 3 years from the date of the last interaction.
• Marketing Consent Records: Retained for 5 years to demonstrate compliance with consent requirements.

Upon expiration of the applicable retention period, data is securely deleted or anonymized. You may also request earlier deletion as described in Section 10.

Data Security

We take the security of your data seriously and implement a comprehensive set of technical, administrative, and physical safeguards, including:

9.1 Technical Safeguards

• Encryption of data in transit using TLS 1.2 or higher
• Encryption of sensitive data at rest using AES-256 or equivalent
• Multi-factor authentication (MFA) options for all accounts
• Role-based access controls (RBAC) limiting data access to authorized personnel
• Intrusion detection and prevention systems (IDS/IPS)
• Regular vulnerability scanning and penetration testing
• Automated security patching and dependency monitoring

9.2 Administrative Safeguards

• Employee security training and background checks
• Data access policies and confidentiality agreements
• Incident response procedures with defined notification timelines
• Vendor security assessments for all subprocessors

9.3 Physical Safeguards

• Data hosted in SOC 2 Type II certified data centers
• Physical access controls and environmental protections at hosting facilities

9.4 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users and applicable regulatory authorities within the timeframes required by applicable law (generally within 72 hours of discovery under GDPR, and as required under applicable state and provincial laws).

Your Rights & Choices

Depending on your location and applicable law, you may have the following rights with respect to your personal data:

10.1 Access

You may request a copy of the personal data we hold about you, including information about how it is used and with whom it is shared.

10.2 Correction / Rectification

You may request that we correct inaccurate or incomplete personal data. You can also update most account information directly within your dashboard.

10.3 Deletion / Erasure

You may request deletion of your personal data. We will honor such requests subject to legal obligations that require us to retain certain records. Deletion requests may be submitted through your account settings or by contacting us.

10.4 Data Portability

You may request your data in a structured, machine-readable format (e.g., CSV or JSON) to transfer to another provider.

10.5 Restriction of Processing

In certain circumstances, you may request that we limit how we process your data (e.g., while a dispute is being resolved).

10.6 Objection

You may object to processing of your personal data based on our legitimate interests, including direct marketing. We will honor objections to direct marketing immediately.

10.7 Withdraw Consent

Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

10.8 Marketing Opt-Out

You may opt out of marketing emails at any time by clicking the "Unsubscribe" link in any marketing email or by updating your notification preferences in your account settings. Note that even if you opt out, we may still send you transactional communications necessary for your account.

10.9 How to Exercise Your Rights

To submit a rights request, contact us at [email protected] or through the contact information in Section 17. We will respond within 30 days (or as required by applicable law). We may need to verify your identity before processing certain requests.

Children's Privacy

The Services are designed for use by business professionals and are not directed at children under the age of 18 (or the applicable age of majority in your jurisdiction). We do not knowingly collect personal information from minors.

If we become aware that we have inadvertently collected personal data from a minor, we will take immediate steps to delete that information. If you believe a minor has provided us with personal data, please contact us at [email protected].

Third-Party Links & Integrations

Our Services may contain links to third-party websites, applications, or services. This Privacy Policy does not apply to those third-party services. We are not responsible for the privacy practices of any third party and encourage you to review the privacy policies of any external services you visit or use in connection with DealerSwift.

When you authorize a third-party integration (e.g., a DMS provider, manufacturer portal, or marketing platform), you may be sharing data with that third party under their own privacy policies. DealerSwift is not responsible for how those parties use your data once it leaves our platform.

International Data Transfers

DealerSwift Solutions is based in the United States. If you are accessing our Services from outside the United States (including Canada, the European Economic Area, or other jurisdictions), please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

Where required by applicable law, we implement appropriate safeguards for international data transfers, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with subprocessors that include adequate transfer mechanisms
• Reliance on adequacy decisions where applicable

By using our Services, you consent to the transfer of your data to the United States and other countries where we or our service providers maintain facilities, subject to the safeguards described above.

California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

14.1 Categories of Personal Information Collected

In the past 12 months, we have collected the following CCPA-defined categories of personal information: identifiers; commercial information; internet or other electronic network activity; geolocation data; professional or employment-related information; and inferences drawn to create a profile about preferences.

14.2 Business Purposes for Collection

We collect and use personal information for the business purposes described in Section 3 of this Policy.

14.3 No Sale or Sharing for Cross-Context Behavioral Advertising

We do not sell your personal information. We may share personal information with third-party advertising partners for cross-context behavioral advertising as defined under CPRA. You have the right to opt out of such sharing by contacting us at [email protected] or clicking "Do Not Share My Personal Information" if displayed on our Site.

14.4 Your California Rights

• Right to Know: Request disclosure of the categories and specific pieces of personal information collected about you, and how it is used and shared.
• Right to Delete: Request deletion of personal information we have collected, subject to exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out: Opt out of the sale or sharing of personal information.
• Right to Limit Use of Sensitive Personal Information: Restrict our use of sensitive personal information to necessary purposes.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

14.5 Submitting California Rights Requests

California residents may submit rights requests to [email protected] or via the contact information in Section 17. We will respond within 45 days. We may extend this period by an additional 45 days with notice.

14.6 Authorized Agents

California residents may designate an authorized agent to submit requests on their behalf. We will require the agent to provide proof of written authorization and verify your identity directly.

Canadian Privacy (PIPEDA)

For users located in Canada, DealerSwift processes personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws.

• We collect, use, and disclose personal information only with your knowledge and consent, or as otherwise permitted by law.
• You have the right to access your personal information and to challenge its accuracy.
• We limit collection to what is necessary for the identified purposes.
• Personal information is safeguarded with security appropriate to its sensitivity.
• You may direct questions or complaints about our privacy practices to our Privacy Officer at [email protected].

If you are a resident of Quebec, additional rights under Law 25 (Act 25) may apply, including rights relating to automated decision-making and data portability.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Services we offer. When we make material changes, we will:

• Update the "Last Revised" date at the top of this Policy
• Post a prominent notice on our Site or App
• Send an email notification to registered account holders (for significant changes)

Your continued use of the Services after the effective date of any updated Policy constitutes your acceptance of the changes. If you do not agree to the updated Policy, you must discontinue use of the Services and may request account closure.

We encourage you to review this Policy periodically. Prior versions are available upon request.