v1 document — under legal review. This is DealerPulse's current working version while we complete legal review with outside counsel. For questions, redlines, or to request a signed version, contact legal@dealerpulse.app.

Privacy Policy

Last updated: April 11, 2026

1. Who We Are

DealerPulse is a multi-tenant software-as-a-service platform built for automotive dealerships. We provide multi-channel messaging (Connect), an AI-powered chat assistant (Assist), analytics dashboards (Insight), and a unified identity portal. When we say “DealerPulse,” “we,” “us,” or “our” in this policy, we mean the DealerPulse platform and the team that operates it.

DealerPulse is operated by Bankston Motor Homes, based in Huntsville, Alabama, United States. For privacy-related inquiries, contact us at privacy@dealerpulse.app.

2. Data We Collect

2.1 Account Data

When a dealership subscribes to DealerPulse, we collect information about the organization and its authorized users: names, email addresses, phone numbers, job titles, and assigned roles. This data is necessary to provision accounts, manage access, and deliver the service.

2.2 Customer Personal Data (Processed on Behalf of Tenants)

Dealerships use DealerPulse to manage interactions with their own customers. In the course of that usage, our platform processes personal data that belongs to the dealership's customers, including:

  • Names, email addresses, phone numbers, and mailing addresses
  • Vehicle Identification Numbers (VINs) and vehicle interest data
  • Trade-in details (year, make, model, mileage, condition)
  • SMS and chat message content
  • Call recordings and transcriptions
  • Service appointment details
  • Lead source and marketing attribution data

For this category of data, the dealership (tenant) is the data controller and DealerPulse is the data processor. Our Data Processing Addendum governs this relationship.

2.3 Usage and Telemetry Data

We collect information about how users interact with DealerPulse: pages visited, features used, session duration, browser type, operating system, and IP address. We use this data to maintain service reliability, diagnose issues, and improve the product. We do not use third-party analytics trackers. Error monitoring is provided by Sentry, which receives stack traces and session metadata but not customer PII.

2.4 Payment Data

Subscription billing is handled by Stripe. DealerPulse does not store credit card numbers, bank account details, or other payment credentials on our servers. Stripe's privacy policy governs the processing of payment information. We retain only the Stripe customer ID and subscription status needed to manage your account.

3. How We Use Your Data

  • Service delivery: To provision and operate your DealerPulse account, route messages, power AI conversations, generate analytics, and deliver notifications.
  • Support: To respond to your requests and troubleshoot issues.
  • Product improvement: To understand usage patterns, fix bugs, and develop new features. We use aggregated, de-identified data for this purpose whenever possible.
  • Security and fraud prevention: To protect accounts, detect unauthorized access, and enforce our terms of service.
  • Legal compliance: To meet our obligations under applicable laws, regulations, and legal processes.

4. Legal Basis for Processing

If you are in the European Economic Area (EEA), the United Kingdom, or another jurisdiction that requires a legal basis for processing personal data, we rely on the following:

  • Performance of a contract: Processing your account data is necessary to deliver the service you subscribed to.
  • Legitimate interest: Usage telemetry, security monitoring, and product improvement serve our legitimate business interests without overriding your rights.
  • Consent: Where required by law, we obtain your consent before sending marketing communications. You can withdraw consent at any time.
  • Legal obligation: We process data when required to comply with applicable laws or regulations.

5. Who We Share Data With

We do not sell, rent, or trade your personal data. We share data only with sub-processors that are necessary to operate the service. Each sub-processor is bound by data processing agreements that require them to protect your data to the same standard we do.

Our current sub-processors:

Sub-ProcessorPurposeLocation
SupabaseDatabase, authentication, and file storageUnited States
RailwayApplication hosting and deploymentUnited States
StripePayment processing and subscription billingUnited States / Ireland
TwilioSMS messaging and voice servicesUnited States
OpenAIAI language model for the Assist chatbot (Claire)United States
DeepgramCall recording transcriptionUnited States
ResendTransactional email deliveryUnited States
SentryError monitoring and performance trackingUnited States

For a full description of sub-processor obligations, see our Data Processing Addendum.

We may also disclose data if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Portability: Request your data in a structured, machine-readable format.
  • Restriction: Request that we limit how we process your data in certain circumstances.
  • Objection: Object to processing based on legitimate interests.
  • Do not sell or share (CCPA/CPRA): California residents may direct us not to sell or share their personal information. We do not sell personal data.

To exercise any of these rights, email privacy@dealerpulse.app. We will respond within 30 days (or within the timeframe required by your local law). If your data is processed on behalf of a dealership tenant, we may direct your request to that tenant as the data controller.

7. Data Retention

We retain personal data only as long as necessary to fulfill the purposes described in this policy or as required by law. For detailed retention periods by data category, see our Data Retention Policy.

When a tenant's subscription ends, we retain their data for a 30-day grace period to allow for reactivation, after which data is permanently deleted unless a legal hold applies.

8. Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit: All data transmitted between your browser and DealerPulse is encrypted via TLS 1.2 or higher.
  • Encryption at rest: Database storage is encrypted using AES-256 encryption provided by our infrastructure partners.
  • Access controls: Role-based access control (RBAC) limits data access to authorized personnel. Multi-tenant data isolation is enforced at the database level through row-level security (RLS) policies.
  • Audit logging: All administrative actions and data access events are logged for security review.
  • Incident response: We maintain an incident response plan and will notify affected parties within 72 hours of confirming a data breach, as required by GDPR Article 33.

9. International Data Transfers

DealerPulse is hosted in the United States. If you access the service from outside the United States, your data will be transferred to and processed in the United States. For transfers from the EEA or UK, we rely on the European Commission's Standard Contractual Clauses (SCC 2021/914) as the legal mechanism for cross-border data transfers. Copies of our SCCs are available upon request.

10. Children's Privacy

DealerPulse is a business-to-business platform designed for use by automotive dealership professionals. We do not knowingly collect personal data from anyone under the age of 18. If we learn that we have collected data from a minor, we will delete it promptly. If you believe a minor's data has been submitted to our platform, contact us at privacy@dealerpulse.app.

11. Changes to This Policy

We may update this privacy policy from time to time. When we make material changes, we will notify you by email (using the address associated with your account) and by displaying a prominent banner in the Portal dashboard. The “Last updated” date at the top of this page reflects the most recent revision. Continued use of DealerPulse after changes take effect constitutes acceptance of the revised policy.

12. Contact

If you have questions about this privacy policy, your personal data, or our privacy practices, contact us at:

DealerPulse Privacy
Email: privacy@dealerpulse.app
General legal inquiries: legal@dealerpulse.app