DealerCX

Privacy Policy

Effective Date: May 8, 2026 Last Updated: May 8, 2026

DealerCX LLC ("DealerCX", "we", "us", or "our") respects your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you (the "User" or "you") access or use our services, including our software platform, websites, mobile and web applications, APIs, and any related services (collectively, the "Services").

By accessing or using the Services, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Who We Are

DealerCX LLC is a Delaware limited liability company operating the DealerCX platform, an AI-native customer relationship and dealership management system for automotive retailers. Our principal place of business is in Cypress, Texas. Contact information appears at the end of this policy.

2. Information We Collect

We collect the following categories of information.

2.1 Information You Provide Directly

  • Account information: name, email, phone number, business name, dealership identifiers, role, and credentials when you register for an account.
  • Communications: content of messages you send to us (support requests, feedback, sales inquiries).
  • Billing information: payment method, billing address, and tax identification (collected and processed by our payment processors; we do not store full card numbers).

2.2 Information from Connected Third-Party Services

When you authorize DealerCX to connect to a third-party service such as Intuit QuickBooks Online, we receive information from that service through its API. The specific data we may receive includes:

  • Company information (legal name, EIN, fiscal year settings)
  • Chart of accounts
  • Customer and vendor records
  • Transactions including invoices, bills, payments, expenses, and journal entries
  • Financial reports (Profit & Loss, Balance Sheet, Cash Flow, AR Aging, AP Aging)
  • User and permission information

We access this data only with your explicit authorization through the third-party service's OAuth flow, and only the scopes you have approved. You may revoke this access at any time through the third-party service or by disconnecting the integration in your DealerCX account.

We treat data received from connected third-party services in accordance with the relevant third-party service's terms, including, where applicable, Intuit's Developer Code of Conduct and Data Stewardship Principles.

2.3 Information Collected Automatically

  • Usage information: pages visited, features used, click patterns, session duration, and other interaction data
  • Device information: IP address, browser type, operating system, device type, screen resolution
  • Cookies and similar technologies: session cookies, authentication tokens, analytics cookies
  • Log data: server logs including request URLs, timestamps, and error data

2.4 Information We Do Not Collect

  • We do not knowingly collect personal information from children under 13.
  • We do not collect Sensitive Personal Information (as defined under applicable law) except where strictly necessary and with explicit consent.

3. How We Use Information

We use the information we collect for the following purposes:

  • To provide the Services, including authenticating users, displaying data, generating reports, processing transactions, and powering AI features
  • To support customers, respond to inquiries, and resolve issues
  • To improve the Services, including debugging, analytics, A/B testing, and product development
  • To communicate with you about your account, service updates, security notices, and (with your consent) product news
  • To bill and collect payments for the Services
  • To enforce our Terms of Use and comply with our legal obligations
  • To prevent fraud and abuse, protect the integrity and security of the Services, and protect the rights of DealerCX and others

We do not sell personal information to third parties, and we do not use information from connected third-party services such as QuickBooks Online for advertising or for any purpose other than to provide and improve the Services.

4. AI and Automated Processing

Some features of our Services use artificial intelligence and machine learning to provide functionality such as automated insights, summaries, recommendations, and assistance. Where we use third-party AI providers (including Anthropic and others), we transmit only the information necessary to perform the requested function and contractually require those providers to handle data in accordance with our privacy and security standards.

We do not use your data, or data received from connected third-party services, to train general-purpose AI models. Where AI features process customer data, processing is performed on a per-tenant basis and is not used to improve models for other customers.

5. How We Share Information

We may share information in the following circumstances:

  • Service providers: with vendors who perform services on our behalf (cloud hosting, analytics, customer support, payment processing, AI providers, email delivery), under contracts that require them to protect the information.
  • With your direction: where you authorize us to share information with third parties (for example, integrations you enable).
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.
  • Legal requirements: when required by law, subpoena, court order, or to protect the rights, property, or safety of DealerCX, our users, or others.
  • Aggregated or de-identified data: we may share information that has been aggregated or de-identified such that it cannot reasonably be used to identify you.

We do not share your data, or data received from connected third-party services, for the third party's own marketing purposes.

6. Data Retention

We retain information for as long as needed to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements.

  • Account data is retained for the duration of your account plus a reasonable period thereafter.
  • Data from connected third-party services is retained only as long as the integration is active. Upon disconnection, we delete or anonymize the data within thirty (30) days, except where retention is required by law or for legitimate business purposes (such as audit logs).
  • Backups and logs may persist for additional limited periods consistent with our backup and security retention policies.

You may request deletion of your data as described below.

7. Data Security

We use commercially reasonable administrative, technical, and physical safeguards to protect information, including:

  • Encryption in transit (TLS) and at rest
  • Multi-factor authentication for administrative access
  • Role-based access controls and principle of least privilege
  • Logging and monitoring of access to sensitive data
  • Regular security review of our systems and vendors

No security control is perfect. While we work to protect your information, we cannot guarantee absolute security. You are responsible for safeguarding your account credentials and notifying us promptly of any unauthorized use.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights with respect to your personal information:

  • Access: request a copy of the personal information we hold about you
  • Correction: request correction of inaccurate or incomplete information
  • Deletion: request deletion of your personal information, subject to limited exceptions
  • Portability: request a copy of your information in a machine-readable format
  • Restriction or objection: request that we limit or stop certain processing
  • Withdrawal of consent: where processing is based on consent, withdraw that consent at any time

To exercise these rights, contact us at the address below. We will respond within the timeframes required by applicable law.

Disconnecting QuickBooks Online or Other Integrations

You may disconnect any third-party integration at any time, either through DealerCX (Settings → Integrations) or through the third-party service. Upon disconnection, we will cease accessing data from the integration and will delete or anonymize stored data within the timeframes described in Section 6.

9. California Residents (CCPA / CPRA)

If you are a California resident, you have the rights described above and additional rights under the California Consumer Privacy Act (as amended by the California Privacy Rights Act). We do not sell or share personal information for cross-context behavioral advertising. To exercise your rights, contact us at the address below. You may designate an authorized agent to make a request on your behalf, subject to verification.

10. European Economic Area, United Kingdom, and Switzerland

If you access the Services from the European Economic Area, the United Kingdom, or Switzerland, our processing of your personal data is subject to the General Data Protection Regulation (GDPR) and equivalent laws. Our legal bases for processing include performance of a contract, our legitimate interests in operating and improving the Services, your consent (where required), and compliance with legal obligations.

You have the right to lodge a complaint with a supervisory authority if you believe we have violated your rights.

11. International Transfers

We are based in the United States. If you access the Services from outside the United States, your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate. We rely on appropriate safeguards (such as Standard Contractual Clauses) where required.

12. Children's Privacy

The Services are intended for use by businesses and authorized users, not children. We do not knowingly collect personal information from children under 13 (or under 16 in jurisdictions requiring a higher age threshold). If you believe a child has provided us with personal information, contact us and we will delete it.

13. Third-Party Links

The Services may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before sharing information with them.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will provide notice through the Services or by other reasonable means before the changes take effect. The "Last Updated" date at the top reflects the most recent revision. Continued use of the Services after a change means you accept the updated policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our practices, contact us at:

DealerCX LLC 15201 Mason Rd, Suite 1000-164 Cypress, TX 77433 Email: privacy@dealercx.com Website: https://www.dealercx.com

This Privacy Policy is provided for the user's reference. Capitalized terms used but not defined in this Privacy Policy have the meaning given in the Terms of Use.