Legal

Privacy Policy

Last updated: April 10, 2026

Contents

  1. Overview
  2. Data We Collect
  3. How We Use Data
  4. Third-Party Services
  5. Data Retention
  6. CCPA Rights (California Residents)
  7. Dealership Customers
  8. Cookie Policy
  9. Security
  10. Children's Privacy
  11. Changes to This Policy
  12. Contact Us

1. Overview

DealerAutoPilot ("we," "us," or "our") provides an AI-powered Business Development Center (BDC) platform for automotive dealerships. This Privacy Policy explains how we collect, use, store, and protect personal information in connection with our services.

This policy applies to:

  • Dealer accounts — businesses that purchase and configure the DealerAutoPilot platform
  • End customers — vehicle buyers and service customers who interact with the AI assistant (Eve) via chat, voice, or SMS
  • Visitors — anyone browsing dealerautopilot.polsia.app

By using DealerAutoPilot, you agree to the practices described in this policy. If you do not agree, discontinue use of the service.

2. Data We Collect

From Dealers (Account Holders)

  • Business information: Dealership name, address, business hours, department structure
  • Account credentials: Email address, encrypted password
  • Configuration data: AI personality settings, inventory data, department routing rules
  • Billing information: Payment processing is handled entirely by Stripe; we do not store credit card numbers
  • Usage data: Number of AI interactions, call volumes, response times, feature usage

From End Customers (Dealership Visitors)

When a vehicle buyer or service customer interacts with Eve (our AI assistant), we may collect:

  • Contact information: Name, phone number, email address (when provided during conversation)
  • Vehicle preferences: Make, model, year, trim, budget, financing preferences
  • Conversation transcripts: Full text of chat, voice, and SMS exchanges with Eve
  • Appointment details: Requested date, time, department, and purpose of visit
  • Phone number: Automatically captured from inbound calls and SMS messages
  • Lead data: Interest level, trade-in information, and other qualifying details shared during conversation

Automatically Collected Data

  • IP address and general geographic region
  • Browser type and device information
  • Page views and navigation patterns on our website
  • Session timestamps and interaction durations
Call Recording & Florida Two-Party Consent Disclosure DealerAutoPilot handles inbound and outbound phone calls through an AI voice assistant (Eve). Calls may be recorded for quality assurance, transcription, and lead management purposes.

Florida is a two-party (all-party) consent state under Florida Statute § 934.03. This means all parties to a telephone conversation must consent to recording. DealerAutoPilot delivers an automated consent notice at the start of every AI-handled call informing callers that the call may be recorded or monitored. By continuing the call after this notice, the caller consents to recording.

Dealer clients are responsible for ensuring their call recording practices comply with applicable federal and state wiretapping laws for their jurisdiction. Audio recordings are processed for transcription and are not retained beyond 30 days unless the dealer has enabled extended recording retention. Transcripts are stored per our data retention schedule.

3. How We Use Data

We use collected information to:

  • Operate and deliver the DealerAutoPilot service to dealerships
  • Power the AI assistant (Eve) with context about vehicles, schedules, and customer preferences
  • Route leads and conversation summaries to the appropriate dealership department
  • Send appointment confirmations and follow-up notifications
  • Generate analytics and performance reports for dealerships
  • Improve AI response quality and accuracy
  • Comply with legal obligations and resolve disputes
  • Prevent fraud and ensure platform security

We do not sell personal information to third parties. We do not use end-customer data for cross-dealership marketing or advertising profiling.

4. Third-Party Services

DealerAutoPilot integrates with the following third-party providers to deliver its service. Each has its own privacy practices:

AI & Language Processing

  • OpenAI — Powers the AI conversation engine (Eve). Conversation content is processed by OpenAI's API. See OpenAI Privacy Policy.
  • Vapi — Provides AI voice call infrastructure. Voice data is processed via Vapi. See Vapi Privacy Policy.

Communications Infrastructure

  • Twilio — Handles phone call routing, SMS delivery, and speech-to-text transcription. See Twilio Privacy Policy.

Payments

  • Stripe — Processes all subscription and payment transactions. DealerAutoPilot does not store payment card data. See Stripe Privacy Policy.

Hosting & Infrastructure

  • Render — Cloud application hosting. Application data is stored on Render's infrastructure.
  • Neon — PostgreSQL database hosting. Customer data is stored in encrypted Neon databases.

Analytics

  • Polsia Analytics — Privacy-friendly usage analytics (no personal data, page-view counts only).

We contractually require third-party providers to protect data in accordance with applicable privacy laws. We do not authorize these providers to use your data for their own marketing purposes.

5. Data Retention

We retain data for the following periods:

  • Active dealer accounts: For the duration of the subscription plus 90 days after cancellation
  • Conversation transcripts: 12 months from the date of the conversation, or as required by dealership configuration
  • Lead and appointment data: 24 months from collection, unless the dealership requests earlier deletion
  • Call records: 12 months from the call date
  • Billing records: 7 years as required by tax and financial regulations
  • Analytics data: Aggregated, non-personal analytics may be retained indefinitely

Dealers can configure shorter retention windows for their dealership's customer data in the dashboard settings. Upon account closure, personal data is permanently deleted within 90 days, except where retention is required by law.

6. CCPA Rights (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you specific rights regarding your personal information.

Your Rights

  • Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purposes for collection, and the categories of third parties with whom we share it.
  • Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions (such as legal compliance requirements).
  • Right to Opt-Out: You have the right to opt out of the "sale" of your personal information. DealerAutoPilot does not sell personal information; however, you may still submit an opt-out request for documentation purposes.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any CCPA rights.
  • Right to Correct: You have the right to request correction of inaccurate personal information.

How to Submit a Request

To exercise your CCPA rights, submit a request via any of the following:

  • Email: support@dealerautopilotai.com — Subject line: "CCPA Request — [Your Name]"
  • Written request to: DealerAutoPilot Privacy, Florida (mailing address available upon request)

We will respond to verified requests within 45 days. We may need to verify your identity before processing a deletion or access request. We will not charge a fee for processing your request unless it is excessive or repetitive.

Authorized Agents California residents may designate an authorized agent to submit requests on their behalf. The agent must provide written authorization from you, and we may still require you to verify your identity directly.

7. Dealership Customers — Data Deletion Requests

End customers (vehicle buyers interacting with Eve) may request deletion of their conversation data, lead records, and contact information.

How End Customers Request Deletion

End customers should contact the dealership directly, as the dealership is the primary data controller for customer interactions. Dealerships have the ability to delete customer records from their dashboard.

Alternatively, end customers may contact DealerAutoPilot directly at support@dealerautopilotai.com with:

  • The dealership name where the interaction occurred
  • Your phone number or email address used during the interaction
  • The approximate date of the interaction

We will process deletion requests within 30 days and confirm completion via email.

Dealers as Data Controllers

Dealerships that use DealerAutoPilot are responsible for their own compliance with applicable privacy laws regarding the customer data collected through the platform. DealerAutoPilot provides tools to support compliance but does not act as a legal compliance advisor.

White-Label Partners & Data Sharing

DealerAutoPilot offers a white-label resale program that allows authorized partners ("Reseller Partners") to offer DealerAutoPilot's platform under their own branding to their dealer clients. In white-label deployments:

  • The Reseller Partner becomes the primary point of contact for dealer clients and may have access to dealer account configuration and usage data for their assigned accounts.
  • End-customer data (vehicle buyers interacting with Eve) is shared with the dealership account holder, and by extension with any Reseller Partner managing that account.
  • Reseller Partners are contractually bound by data processing agreements that prohibit unauthorized use of customer data.
  • DealerAutoPilot remains the data processor; the dealership and/or Reseller Partner acts as the data controller for customer interactions.

If you believe your data is being misused by a Reseller Partner operating under DealerAutoPilot branding, contact us at support@dealerautopilotai.com.

8. Cookie Policy

DealerAutoPilot uses a minimal set of cookies and local storage:

  • Authentication token: Stored in localStorage to keep dealers logged in to their dashboard. Expires after 7 days of inactivity.
  • Session identifier: A temporary session ID for the chat widget to maintain conversation continuity within a single browser session.
  • Analytics visitor ID: A random anonymous identifier (stored in localStorage) used for privacy-friendly page-view counting. Contains no personal information.

We do not use advertising cookies, tracking pixels, or cross-site tracking technologies. No third-party advertising networks have access to your browsing behavior on our platform.

You can clear cookies and local storage at any time through your browser settings. Clearing authentication data will log you out of your dealer account.

9. Security

We implement industry-standard security measures to protect your data:

  • All data transmitted over HTTPS/TLS encryption
  • Passwords stored as salted cryptographic hashes (never in plaintext)
  • Database access restricted to application servers; no public network access
  • API keys and credentials stored as encrypted environment variables
  • Regular security reviews and dependency updates

Despite these measures, no system is 100% secure. In the event of a data breach that affects your personal information, we will notify affected parties as required by applicable law, typically within 72 hours of discovery.

10. Children's Privacy

DealerAutoPilot is designed for use by automotive dealerships and adult consumers. We do not knowingly collect personal information from individuals under the age of 16. If you believe a child has provided us with personal information, contact us at support@dealerautopilotai.com and we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Notify active dealer accounts by email at least 14 days before changes take effect

Continued use of DealerAutoPilot after the effective date of any changes constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions, requests, or concerns:

Privacy Inquiries

Primary Contact: support@dealerautopilotai.com

Subject line: "Privacy Request — [Your Name]"

We aim to respond to all privacy inquiries within 5 business days. CCPA requests are handled within 45 days. Florida two-party consent or call recording questions are treated as priority and responded to within 2 business days.

For general support or platform questions, email support@dealerautopilotai.com.