Legal

Privacy Policy

Last updated: December 2025

Introduction

Dealer Software Solutions, LLC ("Company," "we," "us," or "our") operates LoyaltyLink, a real-time customer re-engagement platform for automotive dealerships. This Privacy Policy explains how we handle data when you use our platform.

Key Principle: LoyaltyLink stores only Vehicle Identification Numbers (VINs). We do not store, process, or have access to customer personal information such as names, addresses, phone numbers, or email addresses.

Information We Process

Campaign Data (VINs Only)

When dealerships create campaigns, they upload CSV files containing VINs. We extract and store only the VINs — no customer data is accepted or processed.

  • VINs are stored in Redis SET data structures for O(1) lookups
  • VINs are associated with campaign metadata (name, dates)
  • VINs in audit logs are SHA-256 hashed

Webhook Data

We receive repair order and service appointment webhooks from CDK Global via Fortellis. This data is processed in real-time and not permanently stored.

Account Information

For dealership accounts, we collect: dealership name, contact email, and user credentials for platform access.

Data Lifecycle

All campaign data follows a strict lifecycle:

  • Creation: VINs loaded when campaign is created
  • Active Period: VINs available for matching during campaign dates
  • Expiration: VINs automatically deleted when campaign ends
  • Permanent Deletion: Data is permanently irretrievable after expiration

Infrastructure

All data is processed and stored on US-based infrastructure:

  • Render (US East) - Application hosting
  • DigitalOcean (NYC3) - Redis/Valkey
  • Supabase (US East) - PostgreSQL database

Security Measures

  • TLS 1.3 encryption for all data in transit
  • Encrypted storage at rest
  • Row-level security (RLS) for multi-tenant isolation
  • No cross-dealership data access

Contact Us

For privacy-related questions: [email protected]