Compliance
At Dealerware, data privacy and platform security are paramount. We ensure compliance with all relevant data protection laws in the regions where we operate, and our environment adheres to industry standards.
Data Protection Laws
Dealerware prioritizes data privacy and security, maintaining full compliance with data protection legislation in all countries of operation.
Certifications
Dealerware is SOC 2 Type 2 and PCI compliant service provider.
Industry Recognition
We are recognized as preferred service providers for several OEMs, reflecting our commitment to industry-leading practices.
No Prohibited Data Storage
Dealerware does not store raw magnetic stripe data, card validation codes, or PIN block data, ensuring compliance with stringent security protocols.
OEM & Partner Disclosures & Consent
Before collecting or processing any personal information in Dealerware, we will notify you or obtain any required consents or disclosures from you or your customers, as mandated by OEMs, partners, or service providers.
PCI Compliance
Dealerware adheres to the Payment Card Industry Data Security Standard (PCI DSS), which sets industry-mandated requirements for businesses that handle, process, or store credit card information. We partner with Level 1 PCI-DSS compliant payment processors who manage all customer credit card storage and processing. As a result, no individual at the dealership, Dealerware, or any other entity can access the full credit card number.
Data Encryption
Sensitive customer data is managed by PCI DSS-compliant providers using multiple encryption keys with split knowledge and dual control. This ensures that even if a database were compromised, the information would be unusable without the encryption key. This data store is not accessible via the internet. Users are required to authenticate each time they log into the Dealerware Platform.
Passwords are never stored directly in our database, and all communication between Dealerware and providers via the API and Control Center is secured using TLS (Transport Layer Security).
Passwords are never stored directly in our database, and all communication between Dealerware and providers via the API and Control Center is secured using TLS (Transport Layer Security).
Activity Monitoring & Testing
We actively monitor and review the activities of employees, customers, and vendors to detect and prevent suspicious or unauthorized actions. Automated vulnerability scans are conducted at least quarterly, and comprehensive penetration testing is performed annually by external experts.
