Safeguards-ready today. Audit-ready path documented.
LouieAuto is FTC Safeguards Rule program built in — all nine required elements tracked, with TOTP MFA and role-based access. SOC 2 Type I certification in progress; engagement confirmed with auditor. Targeted completion Q3 2026 — Type II operating-period audit follows. This page is the public summary; full control matrix and readiness roadmap available in the diligence data room under NDA.
Compliance matrix.
| Framework | Scope | Status | Evidence |
|---|---|---|---|
| FTC Safeguards Rule (16 CFR Part 314) | Dealer nonpublic personal information | BUILT-IN | Control matrix + risk assessment in data room |
| SOC 2 Type I | Security, Availability, Confidentiality | IN PROGRESS | Controls implementation: complete. Auditor engagement: confirmed. Type I audit: scheduled Q3 2026. Operating period begins Q4 2026. Full control matrix in data room. Progress: Controls complete · Auditor engaged · Audit Q3 2026 |
| SOC 2 Type II | 6-month operating period post-Type I | PLANNED | Operating period: Q4 2026–Q1 2027. Report targeted Q1 2027. Readiness roadmap available under NDA. |
| GLBA (Gramm-Leach-Bliley) Privacy Rule | Dealer customer financial info | ALIGNED | Data flow and consent documentation in data room |
| PCI DSS | Not in scope | N/A | No card data stored; payment flows delegated to dealer's existing processor |
| CCPA / CPRA | California resident data | ALIGNED | Privacy policy, deletion workflow, data subject request handler documented |
FTC Safeguards — All 9 Elements
16 CFR Part 314 requires all nine elements of an Information Security Program. Louie has every one built in.
- ✓ No cloud upload — ever
- ✓ No SaaS subscription required
- ✓ No vendor breach risk — your server, your firewall
- ✓ AES-256 encryption at rest (LUKS)
When a dealer's IT counsel asks "where does our customer data go?" — the answer is: on your hardware. This is a fundamental architecture choice that legacy DMS and legacy DMS providers cannot match. You own the server, you own the data, you own the brain.
Threat model (STRIDE summary).
| Category | Primary threat | Control |
|---|---|---|
| Spoofing | Dealer staff impersonation | Session token + IP fingerprint; rotation on anomaly |
| Tampering | Modification of lender decisioning logic | Read-only system-prompt release; code-signed deployment pipeline |
| Repudiation | Dealer disputes Louie recommendation | Broker-access log; full request/response audit trail; NDA-compliant retention |
| Information disclosure | Customer PII leakage via LLM prompt logging | Provider-routing layer redacts PII before send; Anthropic/OpenAI zero-retention flags set; local Ollama fallback |
| Denial of service | Flood against /api or /copilot | Nginx rate-limiter + per-token throttle; graceful degradation to cached responses |
| Elevation of privilege | Broker token escalation | Per-broker scoped token; admin secrets gated by header + IP allowlist |
Data handling.
Data classes
- Dealer identifiers — rooftop name, DMS integration tokens. Encrypted at rest.
- Customer PII — name, phone, email, DOB for deal structure. Encrypted in transit (TLS 1.3); sensitive fields and exports encrypted (AES-256-GCM); redacted before LLM calls.
- Financial data — credit score tier, income range, deal structure. Never transmitted to third-party LLMs as raw values; bucketed before send.
- Operational telemetry — request latencies, error rates, module usage. No PII.
Retention & deletion
- Dealer-initiated deletion: honored within 5 business days.
- Customer deletion request: honored within 30 days (CCPA / CPRA aligned).
- Broker access logs: 24-month retention under NDA, then purge.
Cross-border transfer
- All data resides on US-region infrastructure.
- LLM inference: provider routing allows selecting US-region endpoints (Anthropic, Azure, GCP).
- Local Ollama inference available for dealers who require on-prem processing.
Incident response.
| Severity | Definition | Response SLA |
|---|---|---|
| P0 | Data exposure confirmed | 60 minutes to containment; 24 hours to dealer notification; 72 hours to regulator where required |
| P1 | Service outage affecting deal flow | 15 minutes to acknowledge; 4 hours to restore or provide workaround |
| P2 | Degraded feature or non-critical error | Business-hour response; 48 hours to resolve |
| P3 | Cosmetic or low-impact | Next release cycle |
Detailed runbook, contact tree, and post-mortem template are in the data room. Report vulnerabilities to brian@louieauto.com — PGP key published in /.well-known/security.txt.
Dependency & supply chain.
- SBOM generated per release (CycloneDX format).
- Dependencies pinned; npm audit + Snyk CI integration on readiness path.
- No known high-severity unpatched CVEs at date of publication.
- LLM provider routing isolates single-vendor failure — Anthropic, OpenAI, Azure, GCP, local Ollama all supported.
This page is a public summary. The full security pack (control matrix, gap analysis, penetration-test scope, SOC 2 readiness roadmap) is available under NDA.
Uptime SLA.
| Metric | Commitment | Measurement |
|---|---|---|
| Service availability | 99.9% per calendar month | nginx access logs + PM2 process monitor; status.louieauto.com |
| Scheduled maintenance | Off-peak only (2–4 AM local); 48-hr advance notice | Announced via status page and email to account contacts |
| P0 containment | 60 minutes | From first confirmed report to service restoration or workaround |
| P1 restore | 4 hours | Deal-flow-impacting outage resolved or workaround confirmed |
| P2 resolution | 48 business hours | Degraded feature or non-critical error |
Full SLA terms at louieauto.com/sla. Enterprise and Managed Services tier accounts receive SLA credits and dedicated escalation contacts. Group and Enterprise tier: 12-month minimum with formal SLA addendum.
Penetration testing & vulnerability disclosure.
Pen test cadence
- Annual penetration test scheduled. Scope: API surface (/api/*), authentication flows, session management, data access controls, injection vectors.
- Testing methodology: OWASP Testing Guide v4 + ASVS Level 2 controls.
- Reports and executive summary available under NDA to qualified acquirers and enterprise partners.
Vulnerability disclosure
- Responsible disclosure: report to brian@louieauto.com with subject line
SECURITY:. PGP key at /.well-known/security.txt. - Acknowledgement within 24 hours. Severity assessment and remediation timeline within 5 business days.
- Coordinated disclosure window: 90 days from report unless extended by mutual agreement.
- No bounty program active at this time. Researchers acknowledged in release notes.
Enterprise support tiers.
All license holders receive dedicated support. Managed services partners (Presidio-model) receive joint escalation access for their client rooftops.
| License | Support channel | P0/P1 SLA | Dedicated contact |
|---|---|---|---|
| LouieAuto License ($19,995 one-time) | Email + AI assistant + Slack channel | 4-hr P1 SLA | Named CSM |
| Multi-rooftop (2+ stores) | Direct phone + Slack + email | 60-min P0 / 4-hr P1 | Named CSM + SE |
| Managed Services partner | Joint partner escalation portal | 60-min P0 / 4-hr P1 | Named partner SE |
For enterprise procurement: send security questionnaires and vendor assessment forms to brian@louieauto.com. Full responses within 5 business days. NDA available on request before data room access.
System requirements.
LouieAuto ships two ways: a downloadable desktop app (Windows or Mac) for single rooftops — with the AI brain running on-device — and a local-server deployment for multi-rooftop groups (staff use a browser, no per-device install). The requirements below are for the group server host and client browsers.
Server (on-premise host)
| Component | Minimum | Recommended |
|---|---|---|
| OS | Ubuntu 20.04 LTS or Windows Server 2019 | Ubuntu 22.04 LTS |
| CPU | 2-core (x86-64) | 4-core |
| RAM | 4 GB | 8 GB |
| Disk | 20 GB SSD | 100 GB SSD (for deal history + reports) |
| Node.js | 18 LTS | 20 LTS (current production runtime) |
| Internet | Required only for optional cloud-LLM features | On-device Ollama brain runs offline; broadband recommended for cloud features + DMS sync |
Client browsers (all staff devices)
| Browser | Minimum version | Notes |
|---|---|---|
| Chrome | v110+ | Recommended |
| Firefox | v110+ | Fully supported |
| Safari | v16+ | iOS/iPad included |
| Edge (Chromium) | v110+ | Fully supported |
| IE / Legacy Edge | Not supported | — |
Bandwidth
- Standard operations: 1–5 Mbps per active user (dashboards, deal entry)
- AI features (briefings, deal coach, voice): 5–10 Mbps per concurrent AI session
- DMS sync (nightly batch): burst up to 25 Mbps for 2–5 minutes
- Multi-rooftop groups: recommend dedicated LAN segment for server; standard business internet (50 Mbps+) for user devices
Backup & restore
- Automated daily backup: runs at 2 AM local; average completion 3–8 minutes depending on database size
- Restore from backup: average 12–25 minutes for a single-rooftop database; up to 45 minutes for a multi-store group database
- Optional cloud sync: encrypted offsite backup to dealer's cloud provider (AWS S3, Azure Blob, or Google Cloud Storage) configurable in admin settings
- Point-in-time recovery: available to the last automated backup (24-hour max data loss window without continuous WAL archiving)
The on-device AI brain (local Ollama inference) runs offline after initial setup — deal entry, inventory, compliance, pipeline, lender routing, and the nightly learning loop all function without internet. Optional cloud-LLM features (e.g., long-form Ad Generator, conversational chat) use an internet connection to your configured provider. Fully air-gapped operation is supported — setup guide at louieauto.com/developers.
Ready to see it run?
Walk the live platform — every deal screened, logged, and audit-ready. The full SOC 2 / FTC Safeguards control matrix is available under NDA.