| IT Concern |
Our Answer |
| How is customer PII protected? |
Customer PII is stored in isolated, encrypted databases per dealership. No cross-dealer access. Database isolation enforced at the account level. We follow SOC 2-level practices including encryption at rest (AES-256-GCM) and TLS 1.2+ in transit. |
| How are calls and recordings handled? |
Calls are processed via Twilio, which is SOC 2 Type II and PCI-DSS compliant. Call recordings are stored securely with retention configurable per dealer (30 to 180 days). Recording access is restricted to the dealer account owner and authorized staff. |
| TCPA compliance |
Our AI assistant Eve announces the AI disclosure, legal consent notice, and opt-out instructions at the start of every call — baked in, not optional. TCPA safeguards are enforced server-side across all outbound interactions. |
| Do you sell or share customer data? |
Never. Each dealer's customer data is theirs exclusively. We do not sell, share, or use it for any purpose outside of providing the contracted services. DealerAutoPilot acts as a data processor — not a data broker. |
| What happens at contract end? |
Full data export provided on contract termination. All personal data deleted within 30 days of termination (or customized retention window per agreement). Written certification of deletion available on request. |
| IT Concern |
Our Answer |
| Uptime and availability |
DealerAutoPilot is hosted on Render (US regions) with Twilio for telephony. Combined uptime target: 99.95%+. Eve answers calls 24/7/365, including holidays and after-hours — no sick days, no scheduling gaps. |
| Failover and call routing |
Twilio failover routing is configurable: if DealerAutoPilot is unreachable, inbound calls can fallback to a configured dealer number so no call is ever missed. |
| Scalability — concurrent call limits? |
No concurrent call limits. Each call is an independent session. The architecture handles 500+ calls/day per dealer without degradation. Scaling is automatic via cloud infrastructure. |
| Where is data hosted? |
US-based infrastructure only. DealerAutoPilot runs on Render US regions. Twilio routes calls through the nearest US edge. No EU or offshore processing by default. |
| What happens during a platform incident? |
Health monitoring detects platform issues in real time. Dealers receive dashboard alerts. Escalation path goes to designated admin contacts. Mean time to acknowledgment: under 15 minutes during business hours. |
| IT Concern |
Our Answer |
| DMS / CRM integration |
API-first architecture. Push leads, appointments, and customer data to any DMS (CDK, Reynolds, Dealertrack) or CRM (VinSolutions, DealerSocket, elead) via REST API or webhooks. Data flows into your existing system — we don't replace it. |
| Phone number porting |
Port existing numbers to Twilio or set up call forwarding from your current carrier. Zero downtime during porting. Most ports complete within 5–10 business days. |
| Integration time and complexity |
Under 1 hour for initial setup. No on-premises hardware. No VPN required. API access with documented endpoints at /api/docs. Webhook configuration in the dealer dashboard. |
| API rate limits and security |
API access is per-dealer with individual API keys. Keys are shown once at creation and stored as SHA-256 hashes. Rate limits are enforced per plan tier (Sales AI: 1,000/day, Growth: 5,000/day, Premier: unlimited). |
| SSO / Directory integration |
Standard email/password authentication with JWT tokens. SSO via SAML or OIDC is available on Premier plan upon request. |
| IT Concern |
Our Answer |
| Can we control what Eve says? |
Fully. Eve's behavior is customizable per dealership — define what she can and cannot say, pricing boundaries, escalation rules, and department routing. Changes take effect immediately from the dashboard. |
| Conversation logs and audit trails |
Full conversation logs (calls, texts, chats) are available in the dealer dashboard in real time. Call recordings and transcripts are retained per your configured retention policy. Export any lead's interaction history on demand. |
| Warm transfer and escalation |
Built in. Eve can warm-transfer to any department or staff member, collecting callback information if the transfer target is unavailable. All transfers log the destination, duration, and outcome. |
| Is our data used to train AI models? |
No. DealerAutoPilot uses OpenAI for conversation handling. Your dealership's conversations are not used to train AI models. Data processing agreements with OpenAI prohibit model training use. |
| AI model availability |
GPT-4o-mini is the default conversation model. Premier plans may request access to alternative models. Model selection is managed per dealership from the AI Persona settings panel. |
| IT Concern |
Our Answer |
| BAA for GLBA / financial data |
Yes. DealerAutoPilot can execute a Business Associate Agreement for dealers subject to the Gramm-Leach-Bliley Act (GLBA) or other financial data regulations. Contact info@dealerautopilotai.com to initiate. |
| PCI-DSS scope |
Eve does not process credit card numbers — PCI concern does not apply to the AI layer. Payment processing is handled by Stripe, a PCI-DSS Level 1 certified provider, in a separate, isolated environment. |
| TCPA and state-specific requirements |
TCPA consent and AI disclosure are federal-level compliant and built into every call session. State-specific calling and messaging requirements are configurable per location in the dealer dashboard. |
| Vendor security questionnaires |
Welcome. Standard security questionnaire responses provided within 5 business days. Contact info@dealerautopilotai.com with your questionnaire or SIG (Standardized Information Gathering) template. |
| GDPR and international data |
GDPR applies only where EEA/UK data subjects are served. A Data Processing Agreement (DPA) is available at /legal/dpa. Standard Contractual Clauses can be executed upon request. |
Sub-Processors
Key vendors: OpenAI (AI), Twilio (telephony), Stripe (payments), Render (hosting), Neon (database), ElevenLabs (voice synthesis). Full sub-processor list at
/legal/dpa. No sub-processor changes without 30 days' notice to dealer accounts.
Compare to a BDC employee working 40 hours/week at $3,500/mo in total cost. Eve works 168 hours/week — every hour, every day. Subscription plus interaction overages. No hardware, no IT maintenance, no training costs. Published pricing — the only competitor that doesn't hide costs.
Subscription Tiers
| Tier |
Sales AI |
Service AI |
Growth |
Premier |
| Founding Rate |
$699/mo |
$999/mo |
$1,799/mo |
$2,999/mo |
| Standard Price |
$899/mo |
$1,299/mo |
$2,199/mo |
$3,499/mo |
| Included Interactions |
1,000/mo · $0.70 ea |
1,000/mo · $1.00 ea |
3,000/mo · $0.60 ea |
7,500/mo · $0.40 ea |
| API Access |
— |
— |
✓ Full REST API |
✓ Full REST API |
| Data Retention Config |
— |
— |
✓ |
✓ (extended) |
Interaction Top-Up Packs
| Pack |
Starter |
Growth |
Scale |
| Interactions Included |
250 |
750 |
2,000 |
| Price |
$225 |
$525 |
$1,200 |
Full pricing details at /pricing. All prices in USD.