Legal

Privacy Policy

Last updated: November 2025

Introduction

Dealer Software Solutions, LLC ("Company," "we," "us," or "our") operates LoyaltyLink, a real-time customer re-engagement alert system for automotive dealerships. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the service.

Information We Collect

Campaign Data

When dealerships create campaigns, we collect and process:

  • Vehicle Identification Numbers (VINs): VINs are extracted from uploaded CSV files for campaign matching purposes. We store only VINs — no customer names, addresses, contact information, or other personal data from campaign uploads.
  • Campaign Metadata: Campaign names, descriptions, start dates, and end dates.

Important: LoyaltyLink does NOT store customer personal information (names, addresses, phone numbers, email addresses, or customer segments) from uploaded campaign files. Only VINs are extracted and stored.

Webhook Data

When repair orders or service appointments are created in your DMS, we receive webhook data from CDK/Fortellis, which may include:

  • Repair order numbers and details
  • Vehicle information (VIN, make, model, year)
  • Service advisor information
  • Appointment timestamps

This is transactional data that already exists in your dealership management system. We store this data to fulfill our service obligations and for analytics purposes.

User Account Information

When you create an account, we collect:

  • Name and email address
  • Dealership affiliation
  • Notification preferences

Contact Form Information

When you contact us through our website, we collect the information you provide, including your name, email, phone number, dealership name, and message content.

How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our service
  • Match incoming repair orders against active campaigns
  • Send notification emails to service advisors when matches occur
  • Provide campaign analytics and reporting
  • Respond to your inquiries and support requests
  • Improve and optimize our service
  • Comply with legal obligations

Data Retention and Deletion

Campaign VINs

Campaign VINs are stored in our cache system only during the active campaign period. When a campaign expires (reaches its end date) or is manually deleted:

  • All VINs are automatically removed from our cache
  • VINs become permanently irretrievable
  • No manual cleanup is required

Match Records and Analytics

For compliance and analytics purposes, we retain:

  • Campaign match records (with hashed VINs, not plain text)
  • Email delivery metrics
  • Aggregated analytics data

These records are retained for compliance purposes (including CAN-SPAM requirements) and to provide dealerships with campaign performance analytics.

Data Security

We implement appropriate technical and organizational security measures, including:

  • Encryption in Transit: TLS 1.3 for all API endpoints and data transfers
  • Encryption at Rest: Encrypted database storage and Redis volumes
  • Access Controls: Row-level security, multi-tenant isolation, and role-based access
  • Input Validation: SQL injection prevention, XSS protection, and data sanitization
  • Monitoring: Comprehensive audit logging and error tracking

Data Location

All data is stored and processed exclusively within the United States:

  • Web Application: US East region
  • Cache Storage: NYC3 datacenter
  • Database: US East region

We do not replicate or transfer data to servers outside the United States.

Information Sharing

We do not sell, trade, or otherwise transfer your information to outside parties except:

  • Service Providers: We may share information with third-party vendors who assist in operating our service (e.g., email delivery services, cloud infrastructure providers). These providers are bound by contractual obligations to keep information confidential.
  • Legal Requirements: We may disclose information when required by law or to protect our rights, safety, or property.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, user information may be transferred to the acquiring entity.

Your Rights

Depending on your location, you may have the following rights:

  • Access to your personal information
  • Correction of inaccurate data
  • Deletion of your data
  • Objection to certain processing activities
  • Data portability

To exercise these rights, please contact us at [email protected].

California Privacy Rights (CCPA)

If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA).

Note: VINs are vehicle identifiers and are generally not considered "personal information" under CCPA. LoyaltyLink does not store customer names, addresses, or contact information from campaign uploads.

We do not sell personal information to third parties.

Email Communications

LoyaltyLink sends notification emails to service advisors when campaign matches occur. These operational emails:

  • Include clear subject lines with campaign name and repair order number
  • Identify the sending dealership
  • Include a physical address in the footer
  • Provide the ability to manage notification preferences

Users can manage their notification preferences through their account settings.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new privacy policy on this page and updating the "Last updated" date. You are advised to review this privacy policy periodically for any changes.

Contact Us

If you have any questions about this Privacy Policy, please contact us: