DealerStack is a business-to-business (B2B) platform. We collect and process data on behalf of dealership businesses and their authorized staff. We do not sell personal data to third parties.
1. Who We Are
DealerStack ("we", "us", "our") is a dealership management platform operated by DealerStack Inc. Our platform is available at autodealerstack.com. For privacy inquiries, contact us at shahroze@autodealerstack.com.
2. Information We Collect
We collect the following categories of information when you register for or use DealerStack:
- Account information: Name, email address, dealership name, business address, and province/state/country.
- Authentication data: If you sign in with Google OAuth, we receive your Google profile name, email address, and profile photo. If you use email/password login, we store a securely hashed version of your password (bcrypt, cost factor 12). We never store your plain-text password.
- Inventory and business data: Vehicle listings, appraisals, CRM leads, and other records you create within the platform. This data belongs to your dealership.
- Usage data: Server logs including IP address, browser type, and pages accessed. This data is used for security monitoring and platform diagnostics only.
- Payment-related data: DealerStack does not directly process payment card information. If billing is introduced in the future, it will be handled by a PCI-compliant third-party processor.
3. How We Use Your Information
- To create and manage your dealership account.
- To provide platform features including inventory management, market pricing, appraisals, and CRM tools.
- To send transactional emails (account welcome, appraisal notifications). We do not send unsolicited marketing emails.
- To monitor platform security and prevent abuse.
- To improve the platform based on aggregated, anonymized usage patterns.
4. Data Storage and Security
Your data is stored in a PostgreSQL database hosted on Railway (Canada/US infrastructure). File uploads (vehicle photos) are stored in Cloudflare R2 object storage. We use industry-standard security practices including:
- Encrypted connections (TLS/HTTPS) for all data in transit.
- Password hashing using an industry-standard algorithm (no plain-text passwords stored).
- Session tokens stored server-side with a signed secret.
- Dealer data is logically isolated — each dealership can only access its own records.
5. Third-Party Services
DealerStack integrates with third-party services to operate the platform. We do not publicly disclose the specific vendors we use. The categories of services are:
- OAuth sign-in provider: Enables Google-based login. No personal data beyond your email and name is shared.
- Vehicle market data provider: Used to retrieve comparable vehicle pricing. Vehicle attributes (make, model, year, VIN) are transmitted. No personal user data is shared.
- VIN decoding service: Used to decode vehicle identification numbers. No personal data is transmitted.
- AI service provider: Used to generate appraisal insights. Vehicle details (year, make, model, mileage, condition, market pricing) are transmitted. No customer personally identifiable information is included.
- Transactional email provider: Used to deliver emails you expect to receive (e.g. account welcome, appraisal notifications). Your email address is shared solely to deliver those messages.
- Cloud file storage provider: Used to store vehicle photos.
- Cloud hosting provider: Our infrastructure provider. Application data resides on their servers.
6. Data Sharing
We do not sell, rent, or trade your personal information to third parties. We share data only as necessary to operate the platform (as described in Section 5) or as required by law.
If DealerStack is acquired or merges with another company, your data may be transferred as part of that transaction. We will notify affected users before any such transfer takes effect.
7. Data Retention
We retain your account and business data for as long as your account is active. If you request account deletion, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal or regulatory purposes.
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your personal data.
- Withdraw consent where processing is based on consent.
To exercise these rights, email us at shahroze@autodealerstack.com. We will respond within 30 days.
If you are located in Canada, this policy is intended to comply with PIPEDA (Personal Information Protection and Electronic Documents Act). If you are located in a US state with applicable privacy laws (such as California's CCPA), we will honour equivalent rights upon request.
9. Cookies and Sessions
DealerStack uses a single session cookie to keep you logged in. This cookie is strictly necessary for the platform to function and is not used for advertising or tracking. We do not use third-party advertising cookies.
10. Children's Privacy
DealerStack is a business platform intended for adults operating or employed by licensed dealerships. We do not knowingly collect information from individuals under the age of 18.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users by email of any material changes. Continued use of the platform after changes constitutes acceptance of the revised policy.
12. Contact
For any privacy-related questions or requests, contact us at:
shahroze@autodealerstack.com