Legal

Privacy Policy

Last updated: May 14, 2026 — Effective Date: May 14, 2026

Contents

  1. Overview
  2. Data We Collect
  3. How We Use Data
  4. Data Sharing & Third-Party Services
  5. TCPA & SMS Compliance Disclosures
  6. AI-Specific Disclosures
  7. Data Retention
  8. CCPA & State Privacy Rights
  9. Dealership Customers & Data Controllers
  10. Cookie Policy
  11. Security & Breach Notification
  12. Children's Privacy (COPPA)
  13. Changes to This Policy
  14. Contact Us

1. Overview

DealerAutoPilot LLC ("DealerAutoPilot," "we," "us," or "our") is a Florida limited liability company that provides an AI-powered Business Development Center (BDC) platform for automotive dealerships. This Privacy Policy explains how we collect, use, store, disclose, and protect personal information in connection with our services.

This policy applies to:

  • Dealer accounts — businesses that subscribe to and configure the DealerAutoPilot platform
  • End customers — vehicle buyers and service customers who interact with the AI assistant (Eve) via chat, voice, SMS, or email
  • Visitors — anyone browsing dealerautopilot.polsia.app

By using DealerAutoPilot, you agree to the practices described in this policy. If you do not agree, discontinue use of the service.

Key Facts at a Glance We do not sell personal data to third parties. Customers interacting with our platform are speaking with an AI assistant (Eve), not a human agent. Calls and chat sessions may be recorded. You have the right to request deletion of your data at any time.

2. Data We Collect

From Dealers (Account Holders)

  • Business information: Dealership name, address, business hours, department structure
  • Account credentials: Email address, encrypted password
  • Configuration data: AI personality settings, inventory data, department routing rules, language preferences
  • Billing information: Payment processing is handled entirely by Stripe; we do not store credit card numbers or full payment card data
  • Usage data: Number of AI interactions, call volumes, response times, feature usage, subscription tier

From End Customers (Dealership Visitors)

When a vehicle buyer or service customer interacts with Eve (our AI assistant), we may collect:

  • Contact information: Name, phone number, email address (when provided during conversation)
  • Vehicle preferences: Make, model, year, trim, budget, financing preferences, trade-in details
  • Conversation content: Full text transcripts of chat, voice, and SMS exchanges with Eve
  • Appointment details: Requested date, time, department, and purpose of visit
  • Phone number: Automatically captured from inbound calls and SMS messages via Twilio
  • SMS content and metadata: Message body, timestamps, opt-in/opt-out status, and message delivery status
  • Lead data: Interest level, trade-in information, and qualifying details shared during conversation
  • Language preference: Automatically detected from conversation; used to route responses in the customer's preferred language

Automatically Collected Data

  • IP address and general geographic region (hashed for analytics; raw IP not stored beyond session)
  • Browser type and device information
  • Page views and navigation patterns on our website
  • Session timestamps and interaction durations

3. How We Use Data

We use collected information to:

  • Operate and deliver the DealerAutoPilot service to dealerships and their customers
  • Power Eve, the AI assistant, with context about vehicles, schedules, and customer preferences
  • Perform real-time inventory searches and provide payment calculations
  • Route leads and conversation summaries to the appropriate dealership department
  • Schedule, confirm, and follow up on appointments
  • Send follow-up communications on behalf of dealerships (with appropriate consent)
  • Detect and serve customers in their preferred language
  • Generate analytics and performance reports for dealerships
  • Improve AI response quality, accuracy, and reliability (not across dealership data without opt-in — see Section 9)
  • Manage dealer subscriptions and process billing via Stripe
  • Comply with legal obligations and resolve disputes
  • Prevent fraud and ensure platform security

We do not sell personal information to third parties. We do not use end-customer data for cross-dealership marketing, advertising profiling, or any purpose unrelated to delivering the service.

4. Data Sharing & Third-Party Services

We share personal information only as described below. We do not sell personal data to data brokers, advertisers, or any third party for their independent commercial use.

With the Dealership

End-customer data (names, phone numbers, conversation transcripts, vehicle interests, appointment details) is shared with the dealership that the customer contacted. The dealership is the primary data controller for those customer interactions. DealerAutoPilot acts as a data processor on the dealership's behalf.

With Third-Party Service Providers

AI & Language Processing

  • OpenAI — Powers the AI conversation engine (Eve). Conversation content is sent to OpenAI's API for processing. See OpenAI Privacy Policy.
  • Vapi — Provides AI voice call infrastructure. Voice audio and transcriptions are processed via Vapi. See Vapi Privacy Policy.

Communications Infrastructure

  • Twilio — Handles phone call routing, SMS delivery, and speech-to-text transcription. Phone numbers, call metadata, and SMS content pass through Twilio's infrastructure. See Twilio Privacy Policy.

Payments

  • Stripe — Processes all subscription and payment transactions for dealer accounts. DealerAutoPilot does not store payment card data. See Stripe Privacy Policy.

Hosting & Infrastructure

  • Render — Cloud application hosting. Application and API servers run on Render's infrastructure.
  • Neon — PostgreSQL database hosting. Customer and dealer data is stored in encrypted Neon databases.

Analytics

  • Polsia Analytics — Privacy-friendly usage analytics (aggregated page-view counts; no personal data transmitted).

For Legal Compliance

We may disclose personal information to law enforcement, regulatory authorities, or courts when required by applicable law, subpoena, court order, or to protect the rights, property, or safety of DealerAutoPilot, our users, or the public. We will notify affected parties where legally permitted before such disclosures.

Business Transfers

In the event of a merger, acquisition, or sale of substantially all assets, personal data may be transferred to the acquiring entity. We will notify affected parties via email or prominent site notice before data is subject to a materially different privacy policy.

We contractually require all third-party providers to protect data in accordance with applicable privacy laws and prohibit them from using your data for their own marketing or commercial purposes beyond what is necessary to provide their services to us.

5. TCPA & SMS Compliance Disclosures

DealerAutoPilot's AI assistant (Eve) communicates with dealership customers via automated phone calls and SMS/text messages. The following disclosures apply to those communications.

Call Recording & AI Monitoring Disclosure Calls handled by DealerAutoPilot's AI assistant may be recorded, transcribed, and monitored for quality assurance, lead management, and service improvement. You will be notified of recording at the start of every AI-handled call. By continuing the call after this notice, you consent to recording.

Florida Two-Party Consent Notice: Florida Statute § 934.03 requires all-party consent for recorded telephone conversations. DealerAutoPilot delivers an automated consent disclosure at the outset of every AI call to meet this requirement. Dealers serving customers in other two-party consent states are responsible for ensuring compliance with those states' laws.

SMS Appointment Data — What We Collect and Store

When a customer books an appointment through DealerAutoPilot's AI receptionist (Eve), the following SMS-related data is collected and stored:

  • Phone number: Collected during the appointment booking call when the customer provides it to confirm their appointment. Used to send appointment-related SMS messages.
  • Message content: The text content of all appointment-related SMS messages sent (confirmation, reminder, and follow-up messages).
  • Delivery status: Whether each SMS message was delivered, failed, or pending, tracked via Twilio's delivery receipts.
  • Timestamps: Date and time each message was sent, delivered, or failed.
  • Opt-in/opt-out records: Records of when a customer consented to receive SMS messages (via the booking call) and when they opted out (via STOP or other keyword). Opt-out records are retained permanently.
  • Appointment details: Date, time, department, and dealership associated with the appointment that prompted the SMS.

Third-Party SMS Processing — Twilio

Appointment-related SMS messages are delivered via Twilio, a third-party communications platform. Phone numbers and message content are processed through Twilio's infrastructure to enable delivery. Under our agreement with Twilio, phone numbers and message data are processed as a data processor — Twilio does not use this data for its own marketing or commercial purposes. See Twilio's Privacy Policy for details on how Twilio handles your data.

SMS Data Retention

SMS records are retained permanently for legal compliance and dispute resolution purposes. Opt-out records are retained indefinitely to ensure that opted-out numbers are never re-contacted via SMS. Appointment confirmation and reminder records are retained as part of the customer's communication history with the dealership.

SMS Opt-In Disclosures

By providing your mobile phone number to a dealership using DealerAutoPilot, or by sending an SMS message to a DealerAutoPilot-powered number, you may receive automated text messages from or on behalf of that dealership, including:

  • Responses to your inquiry (vehicle availability, pricing, scheduling)
  • Appointment confirmations and reminders
  • Follow-up messages regarding vehicles of interest (if the dealership has enabled outbound SMS)
  • Promotional offers or service specials (only if you have provided express written consent)

Message Frequency

Message frequency varies by dealership and the nature of your inquiry. You may receive up to 5–10 messages per conversation thread, depending on your interaction with the AI assistant. Recurring promotional messages are only sent with your express written consent.

How to Opt Out of Automated Communications

You can opt out of automated SMS messages at any time by replying with any of the following keywords:

  • STOP
  • UNSUBSCRIBE
  • CANCEL
  • END
  • QUIT

Upon receiving an opt-out keyword, DealerAutoPilot's platform will immediately suppress all further automated SMS messages to that number for the relevant dealership. You will receive a single confirmation message acknowledging your opt-out. No further messages will be sent except as required by law.

To opt out of automated calls, you may:

  • Say "stop calling me," "do not call," or a similar phrase during the AI interaction
  • Contact the dealership directly and request removal from their contact list
  • Email support@dealerautopilotai.com with your phone number and the dealership name

No Charge for Opt-Out

Message and data rates may apply for SMS messages depending on your carrier plan. There is no charge from DealerAutoPilot to send or receive opt-out confirmations. For help, reply HELP to any message or contact support@dealerautopilotai.com.

Automated Calling & Texting Consent Language

By submitting a contact form, initiating a chat session, or calling a DealerAutoPilot-powered phone number, you acknowledge that:

  • You may receive automated and/or AI-generated calls or texts from the dealership
  • Consent is not a condition of purchasing a vehicle or service
  • You can revoke consent at any time by following the opt-out instructions above
Florida Telephone Solicitation Act (Fla. Stat. § 501.059) DealerAutoPilot operates as a Florida LLC. Florida's FTSA imposes additional requirements on telephonic sales calls, including prior express written consent for automated marketing calls. Florida dealerships using outbound automated calling or texting features are responsible for compliance with both TCPA and FTSA requirements.

No Sharing of Mobile Opt-In Data

No mobile information (including phone numbers, SMS opt-in status, and consent records) will be shared with third parties or affiliates for marketing or promotional purposes. All categories of data described in this Privacy Policy will never be sold or shared for third-party marketing. Mobile opt-in data and consent are used solely to facilitate communications between automotive dealerships and their customers through the DealerAutoPilot platform.

HELP and STOP Instructions

Text HELP for assistance. Text STOP to opt out of all future messages. You may also reply UNSUBSCRIBE, CANCEL, END, or QUIT to opt out. For further assistance, contact support@dealerautopilotai.com.

Carrier Disclaimer

Carriers are not liable for delayed or undelivered messages. Message delivery is subject to carrier network availability.

6. AI-Specific Disclosures

You Are Interacting with an AI, Not a Human

DealerAutoPilot's platform is powered by an AI assistant named Eve. When you call, text, chat, or email a dealership using DealerAutoPilot, you are communicating with an AI system — not a live human representative. Eve is designed to handle inquiries, provide vehicle information, schedule appointments, and assist with service questions.

Eve will identify itself as an AI assistant at the start of calls and in chat sessions. If you prefer to speak with a human representative, you may request a transfer to dealership staff at any time during the interaction.

How AI Decisions Are Made

Eve uses large language model (LLM) technology, provided by OpenAI, to generate responses. Its responses are based on:

  • The dealership's inventory, pricing, and configuration data
  • The content of your current conversation
  • General knowledge embedded in the underlying AI model

DealerAutoPilot does not use automated AI decision-making that produces legal or similarly significant effects on consumers (such as credit decisions, loan approvals, or insurance eligibility). Payment estimates and financing figures provided by Eve are estimates only and are not binding offers of credit. All financial decisions require human review by the dealership's finance department.

Call Recording & Transcript Storage

AI voice calls are processed and transcribed in real time. Transcripts are stored in the dealership's account dashboard and are accessible to authorized dealership staff. Audio recordings of calls are retained for up to 30 days by default unless the dealership has configured extended retention. Call transcripts are retained per the data retention schedule in Section 7.

Transcripts may be used by DealerAutoPilot to verify service delivery, investigate complaints, and improve AI response quality — but only in aggregate and de-identified form, and never to train AI models on identifiable customer data without explicit opt-in.

Multi-Language Processing

Eve automatically detects the language used by the customer and responds in that language. Currently supported languages include English and Spanish, with additional languages rolling out over time. Language detection is performed by the underlying AI model. No separate language-specific personal data profile is created. Detected language preference may be stored with the conversation record to improve response consistency.

AI Limitations & No Reliance

AI-generated responses may be inaccurate, incomplete, or outdated. DealerAutoPilot and the dealership are not liable for actions taken in reliance on AI-generated information without independent verification. Always confirm vehicle availability, pricing, and appointment availability with dealership staff before making purchasing decisions.

7. Data Retention

We retain data for the following periods:

  • Active dealer accounts: For the duration of the subscription plus 30 days after cancellation, consistent with our Terms of Service
  • Call audio recordings: 30 days from the call date (default); extendable at dealer configuration
  • Conversation transcripts: 12 months from the date of the conversation, or as configured by the dealership
  • Lead and appointment data: 24 months from collection, unless the dealership requests earlier deletion
  • SMS message records: 12 months from message date, including opt-in/opt-out timestamps (retained for TCPA compliance documentation)
  • Billing records: 7 years as required by tax and financial regulations
  • Analytics data: Aggregated, non-personal analytics may be retained indefinitely

Dealers can configure shorter retention windows for their dealership's customer data in the dashboard settings. Upon account closure, personal data is permanently deleted within 30 days, except where retention is required by applicable law.

8. CCPA & State Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you specific rights regarding your personal information. Similar rights may apply to residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and other states with enacted privacy legislation.

Your Rights

  • Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purposes for collection, and the categories of third parties with whom we share it.
  • Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions (such as legal compliance, fraud prevention, and ongoing service delivery requirements).
  • Right to Opt-Out of Sale: DealerAutoPilot does not sell personal information. However, you may still submit an opt-out request for documentation purposes.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any CCPA rights — no denial of service, different pricing, or reduced quality.
  • Right to Correct: You have the right to request correction of inaccurate personal information we hold about you.
  • Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes beyond those necessary to provide the service.

How to Submit a Request

To exercise your privacy rights, submit a request via any of the following:

  • Email: support@dealerautopilotai.com — Subject line: "Privacy Request — [Your Name] — [Right Requested]"
  • Written request to: DealerAutoPilot Privacy, Florida (mailing address available upon request)

We will respond to verified requests within 45 days (California) or within the timeframe required by your state's law. We may extend this period by an additional 45 days with notice. We may need to verify your identity before processing a deletion or access request. We will not charge a fee for processing your request unless it is excessive or repetitive.

Authorized Agents California residents may designate an authorized agent to submit requests on their behalf. The agent must provide written authorization from you, and we may still require you to verify your identity directly with us.

9. Dealership Customers & Data Controllers

Dealers as Data Controllers

When a vehicle buyer interacts with Eve on behalf of a dealership, that dealership is the data controller for the customer interaction. DealerAutoPilot is the data processor. Dealerships that use DealerAutoPilot are responsible for their own compliance with applicable privacy and consumer protection laws regarding the customer data collected through the platform. DealerAutoPilot provides tools to support compliance but does not serve as a legal compliance advisor.

How End Customers Request Data Deletion

End customers (vehicle buyers interacting with Eve) may request deletion of their conversation data, lead records, and contact information. To do so:

  • Contact the dealership directly — dealerships can delete customer records from their dashboard
  • Or contact DealerAutoPilot at support@dealerautopilotai.com with: the dealership name, your phone number or email address used during the interaction, and the approximate date of the interaction

We will process deletion requests within 30 days and confirm completion via email.

Dealer's Obligations to Their Customers

Dealerships using DealerAutoPilot are responsible for ensuring their customers receive appropriate notice regarding the use of AI and call recording. Specifically, dealers must:

  • Inform customers that calls may be recorded: While DealerAutoPilot's platform delivers an automated recording disclosure at the start of every AI-handled call, dealers are independently responsible for ensuring their customers are aware that all communications — calls, chats, texts, and emails — through the DealerAutoPilot platform are recorded and stored.
  • Disclose the use of AI: Dealers must not represent Eve, the AI assistant, as a human agent. DealerAutoPilot's system automatically identifies Eve as an AI at the start of interactions; dealers must not circumvent or override this disclosure.
  • Obtain proper consent for outbound communications: Before using DealerAutoPilot to send automated calls, SMS messages, or promotional emails, dealers must obtain legally required consent from recipients. See our TCPA Compliance page for detailed requirements.
  • Honor opt-out requests: Dealers must maintain and honor customer requests to stop receiving automated communications. DealerAutoPilot's platform provides opt-out mechanisms; dealers must not instruct customers to disregard these mechanisms.
Dealer Compliance Responsibility DealerAutoPilot provides the technical infrastructure and compliance tools, but dealers are legally responsible for how they configure and use the platform. If a dealer provides inaccurate pricing, fees, or inventory data, or fails to comply with applicable consumer protection or communication laws, the dealer — not DealerAutoPilot — bears legal responsibility for any resulting violations.

No AI Training on Dealer Data Without Consent

DealerAutoPilot will not use Dealer Data (including customer conversations) to train, fine-tune, or improve any AI model without the dealership's explicit, affirmative opt-in consent. Such consent must be provided in writing and may be withdrawn at any time.

10. Cookie Policy

DealerAutoPilot uses a minimal set of cookies and local storage:

  • Authentication token: Stored in localStorage to keep dealers logged in to their dashboard. Expires after 7 days of inactivity.
  • Session identifier: A temporary session ID for the chat widget to maintain conversation continuity within a single browser session.
  • Analytics visitor ID: A random anonymous identifier (stored in localStorage) used for privacy-friendly page-view counting. Contains no personal information.

We do not use advertising cookies, tracking pixels, or cross-site tracking technologies. No third-party advertising networks have access to your browsing behavior on our platform.

You can clear cookies and local storage at any time through your browser settings. Clearing authentication data will log you out of your dealer account.

11. Security & Breach Notification

We implement industry-standard security measures to protect your data:

  • Encryption in transit: All data transmitted between your browser, our servers, and third-party providers uses HTTPS/TLS encryption
  • Encryption at rest: Database contents are encrypted at rest on Neon's infrastructure. Sensitive fields (including OAuth tokens and API keys) use AES-256-GCM encryption
  • Access controls: Database access is restricted to application servers; no public network access. API credentials are stored as encrypted environment variables, not in application code
  • Passwords: Dealer account passwords are stored as salted cryptographic hashes — never in plaintext
  • Dependency management: Regular security reviews and dependency updates to address known vulnerabilities
  • Environment isolation: AI sandbox processes run with allowlist-only environment variables; production database credentials are blocked from AI-accessible contexts

Breach Notification

In the event of a data breach that affects your personal information, we will notify affected parties as required by applicable law — typically within 72 hours of discovery for breaches requiring regulatory notification. Individual notification to affected users will be provided promptly by email. We will describe: what data was affected, what we are doing to address the breach, and steps you can take to protect yourself.

Despite these measures, no system is 100% secure. We cannot guarantee absolute security of your data.

12. Children's Privacy (COPPA)

DealerAutoPilot is designed for use by automotive dealerships and adult consumers. Our service is not directed at children under the age of 13. We do not knowingly collect personal information from individuals under 13 years of age.

In compliance with the Children's Online Privacy Protection Act (COPPA), if we become aware that we have inadvertently collected personal information from a child under 13, we will promptly delete that information. If you believe a child under 13 has provided us with personal information, contact us immediately at support@dealerautopilotai.com and we will act within 48 hours.

Dealerships are responsible for ensuring they do not use the platform to solicit or collect information from minors in violation of COPPA or applicable state child privacy laws.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last updated" and "Effective Date" at the top of this page
  • Notify active dealer accounts by email at least 14 days before changes take effect
  • For material changes that significantly affect how we use personal data, provide a more prominent notice and, where required by law, obtain renewed consent

Continued use of DealerAutoPilot after the effective date of any changes constitutes acceptance of the updated policy. If you do not agree to the changes, discontinue use of the service and contact us to request deletion of your data.

Prior versions of this Privacy Policy are available upon written request.

14. Contact Us

For privacy-related questions, requests, data deletion, or concerns:

Privacy Inquiries

Company: DealerAutoPilot LLC (Florida)

Email: support@dealerautopilotai.com

Subject line: "Privacy Request — [Your Name]"

We aim to respond to all privacy inquiries within 5 business days. CCPA/state privacy rights requests are handled within 45 days. TCPA opt-out requests are processed within 10 business days. Call recording questions and breach notifications are treated as priority.

For general support or platform questions: support@dealerautopilotai.com

For legal or compliance inquiries: info@dealerautopilotai.com

For partnership and sales inquiries: sales@dealerautopilotai.com