Privacy

Privacy Policy

Effective April 19, 2026 · LouieAuto

LouieAuto provides AI dealership intelligence software to franchised and independent automobile dealers. This policy describes what data we collect when you use the LouieAuto platform ("Service"), how we use it, who it is shared with, and the rights you have over it.

This policy applies to dealer customers, their employees and authorized users, and visitors to louieauto.com. It does not apply to data your dealership collects from its own retail customers — that data belongs to your dealership and is governed by your own privacy disclosures.

1. What we collect

Account and contact data

Names, work email addresses, work phone numbers, and job titles of dealer-side users you authorize to access the Service.
Dealership name, addresses, store group structure, and franchise/non-franchise designation.
Billing contact name, billing email, and the last four digits of your payment method (full payment data is held by our PCI-compliant payment processor; we never see or store your full card number).

Operational data you load into the Service

Inventory records, deal records, lead records, customer records, F&I product records, lender activity, and other dealership operating data that you elect to import or that we ingest from a CRM/DMS you connect.
Call recordings, SMS transcripts, and email content when you use those communication features.
Documents you upload (stip packages, contracts, identification, proof of income, proof of residence) for AI-assisted review.

Service usage data

Page views, feature usage events, sign-in timestamps, IP address, browser type and version, and device type. We use a privacy-preserving analytics provider (Plausible) that does not use cookies or build cross-site profiles.
Audit logs of high-trust actions (deal commits, lender submissions, customer communications, configuration changes).

2. How we use it

To operate the Service — authenticate users, render dashboards, run AI analyses, send communications you initiate, store your data, and back it up.
To improve the Service — diagnose errors, measure feature adoption in aggregate, and refine our AI models. AI-model refinement uses synthetic and de-identified data only; we do not train shared models on your raw customer or deal data.
To support you — respond to your support requests, troubleshoot integrations, and proactively flag issues.
To comply with law — respond to lawful requests from law enforcement, regulators, and courts; meet our tax, audit, and accounting obligations.

3. What we do not do

Three commitments We do not sell, rent, license, or otherwise commercialize your dealership data, your customer data, or your lender data to any third party. We do not use your raw operational data to train shared AI models. We do not share your data with other dealerships, including dealerships in your same market.

4. Who we share data with

We share data only as needed to operate the Service for you, and only with vendors bound by written confidentiality and data-protection terms. Our material sub-processors today:

Anthropic (AI model provider) — executes customer-initiated AI analyses. Zero-retention API posture; inputs and outputs are not used to train Anthropic models. Dealer customers may switch to their own enterprise key (BYO-key).
Twilio (communications) — outbound SMS, voice, and call-summary features when enabled by the dealer.
Resend (email delivery) — transactional and dealer-initiated customer emails.
NHTSA VPIC / Recalls / NCAP APIs (public federal data) — VIN decode, recall, and safety-rating lookups. VINs you look up are submitted to NHTSA per their terms; no personal information is sent.
FRED (Federal Reserve Bank of St. Louis), EIA (U.S. Energy Information Administration), University of Michigan Consumer Sentiment, Manheim Used Vehicle Value Index — macro data feeds polled on a nightly refresh schedule for the /api/moat/public endpoint. These are one-way inbound pulls; no customer data is transmitted to these sources.
Cloud infrastructure providers for hosting, storage, and encrypted backup.
Payment processors for billing (PCI-compliant; we never see or store full card numbers).
Lender systems and DMS/CRM systems (ProMax, RouteOne, DealerTrack, CDK, Reynolds, Tekion, Dealertrack, VinSolutions, DriveCentric, vAuto, DealerSocket, and similar) — only when you authorize a specific connection or a specific submission.
Professional advisors (auditors, attorneys, accountants) under privilege or NDA.

A current list of material sub-processors and their geographies is available to dealer customers on request. We provide at least 30 days' notice before adding a new sub-processor that handles identifiable operational data.

4a. Cookies and similar technologies

Our marketing site (louieauto.com) uses Plausible Analytics, a privacy-preserving, cookie-free analytics provider. Plausible does not set cookies, does not fingerprint visitors, and does not build cross-site profiles. Aggregate page-view and referrer counts are the only signals collected. Because no cookies are set, no cookie banner is required under the EU ePrivacy Directive or California law.

Within the authenticated product, we use a single first-party session cookie to keep you signed in. The session cookie is HTTP-only, Secure, SameSite=Strict, and scoped to the application subdomain. It contains no personal data beyond a signed session identifier. No third-party advertising, analytics, or social cookies are set inside the product.

5. FTC Safeguards Rule

LouieAuto handles consumer financial information on behalf of dealer customers and is subject to the Federal Trade Commission's Safeguards Rule (16 C.F.R. Part 314). Our security program includes:

A designated qualified individual responsible for security oversight.
Written risk assessments and access-control reviews.
Encryption of customer information in transit and at rest.
Multi-factor authentication for administrative access.
Logging, monitoring, and an incident-response plan.
Vendor due diligence and contractual security obligations.
Regular security training for personnel.

Documentation of our written information security program is available to dealer customers and prospective acquirers under NDA.

5a. Red Flags Rule

Because LouieAuto supports dealer identity-theft-prevention obligations under the FTC's Red Flags Rule (16 C.F.R. Part 681) — including the Stip Checker, Stip Mismatch Flagger, Fraud Detection, and Identity Verifier modules — we acknowledge our role as a service provider to covered financial institutions (auto dealers that extend credit).

We operate consistently with a written Identity Theft Prevention Program appropriate to our role.
Our fraud-detection and stip-checking outputs are decision-support advisories for dealer Red Flags compliance, not a substitute for the dealer's own program, red-flag response, or required documentation.
We will notify a dealer customer without undue delay if we detect evidence of an identity-theft red flag affecting that dealer's operations or a covered account.
On dealer request, we will make available records of service-provider activity relevant to the dealer's periodic Red Flags program review.

6. How long we keep data

We retain operational data for the duration of your subscription plus a wind-down period of up to 90 days, after which data is permanently deleted unless you request earlier deletion or unless retention is required by law. Backup copies are pruned on a 30-day rolling schedule. Audit logs of administrative actions may be retained longer for security and compliance purposes.

7. Your rights and choices

Access and export — request a copy of your dealership's data at any time.
Correction — request correction of inaccurate data through your account or by contacting us.
Deletion — request deletion of your data; we will delete within 30 days subject to legal retention requirements.
Portability — your data is yours; we will provide it in a standard machine-readable format on request.
Communication preferences — opt out of non-essential communications by emailing the address below.

7a. California residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act as amended by the California Privacy Rights Act gives you additional rights. LouieAuto's posture toward those rights:

Right to know — what personal information we have collected about you, where it came from, why we collected it, and who we share it with.
Right to delete — request deletion of personal information we collected from you, subject to retention required by law or legitimate business need.
Right to correct — request correction of inaccurate personal information.
Right to portability — receive your data in a common, machine-readable format.
Right to opt out of sale or sharing — this right is inapplicable to us because we do not sell or share personal information as those terms are defined in the CCPA. No signal or opt-out is required.
Right to limit use of sensitive personal information — we do not use sensitive personal information for purposes beyond providing the Service.
Right to non-discrimination — we will not deny, charge differently for, or degrade the Service because you exercised a CCPA right.

To exercise a CCPA right, email brian@louieauto.com with the subject line “CCPA Request”. We may ask you to verify your identity before we respond. Authorized agents may submit requests with proof of authorization. We respond within 45 days; complex requests may be extended once for an additional 45 days with notice to you.

Categories of personal information we have collected in the preceding 12 months (CCPA taxonomy): identifiers (name, email, phone, IP); commercial information (subscription records); internet/electronic activity (product usage); professional information (job title, employer). We do not collect biometric information, geolocation beyond IP-derived city, health data, or government identifiers from Service users.

8. Children

The Service is a business-to-business product not directed to children under 13. We do not knowingly collect personal information from children.

9. International use

The Service is operated from the United States. By using the Service, you consent to the transfer and processing of your information in the United States.

10. Business transfers

If LouieAuto or LouieTech is involved in a merger, acquisition, asset sale, or other business transfer, information held by the Service may be transferred as part of that transaction. We will notify affected dealer customers via the billing contact email address on file before any such transfer takes effect, and the successor entity will be required to honor the commitments in the privacy policy in effect at the time of transfer or provide 30 days’ notice of any material changes.

11. Changes to this policy

We will post material changes to this policy on this page and update the effective date at the top. For material changes, we will also notify dealer-customer billing contacts by email at least 30 days in advance.

12. Contact

For privacy questions, data requests, or to report a security concern, contact:

LouieTech (doing business as LouieAuto)
Privacy Officer
Email: brian@louieauto.com
Illinois, United States
Illinois registered entity · FTC Safeguards Rule compliant