Privacy Policy
Effective Date: January 31, 2026
DealerReg (“DealerReg,” “we,” “our,” or “us”) is committed to protecting the privacy, confidentiality, and security of information entrusted to us by our business clients. This Privacy Policy explains how we collect, use, disclose, store, and protect information in connection with our services, software platform, dashboards, APIs, and administrative processing activities. This Policy applies exclusively to commercial and institutional users and does not apply to consumers acting in a personal or household capacity.
By accessing or using DealerReg, you acknowledge and agree to the practices described in this Privacy Policy.
1. Scope and Nature of Information Collected
DealerReg collects information solely for the purpose of providing administrative vehicle titling, registration, lien, and compliance processing services. Information collected may include, without limitation: business entity information, dealer or fleet identifiers, corporate contact details, authorized user credentials, transaction metadata, vehicle information (VINs, mileage, weight, classification), ownership and title documentation, Manufacturer’s Certificates of Origin or Statements of Origin, lien and financing information, insurance details, tax and fee data, powers of attorney, government forms, shipping information, and communications exchanged through the platform. DealerReg does not intentionally collect personal consumer data outside the scope of vehicle transaction processing as provided by business clients.
2. Source of Information
Information is collected directly from you, your authorized users, your agents, your systems via API integrations, or from documents and data you submit. DealerReg may also receive limited information from governmental agencies, carriers, or service providers strictly in connection with processing authorized transactions.
3. Purpose of Data Use
DealerReg uses collected information solely to provide services requested by you, including transaction processing, document submission, compliance facilitation, platform operation, customer support, invoicing, audit trails, fraud prevention, risk management, and legal or regulatory compliance. DealerReg does not sell personal data, does not use data for advertising, and does not engage in consumer profiling.
4. Legal Basis for Processing
DealerReg processes data based on contractual necessity, legitimate business interests, regulatory compliance obligations, and your express authorization. You represent that you have obtained all required permissions and legal authority to provide any information submitted to DealerReg.
5. Data Sharing and Disclosure
DealerReg may disclose information only as necessary to perform services, including disclosures to state DMVs, tax authorities, lienholders, governmental agencies, carriers, technology providers, and professional advisors such as legal, accounting, or compliance firms. Information may also be disclosed when required by law, subpoena, court order, audit, or regulatory inquiry. DealerReg does not sell or rent data to third parties.
6. Service Providers and Subprocessors
DealerReg may utilize third-party service providers to support hosting, cloud infrastructure, document storage, shipping, communications, payment processing, and security monitoring. Such providers are contractually obligated to maintain confidentiality and security and may only process data on DealerReg’s instructions.
7. Data Retention
DealerReg retains information only for as long as reasonably necessary to fulfill the purposes described in this Policy, comply with legal and regulatory requirements, resolve disputes, enforce agreements, or maintain internal records. Physical and electronic records may be securely destroyed or anonymized after applicable retention periods, which may vary by transaction type and jurisdiction.
8. Data Security Measures
DealerReg employs commercially reasonable administrative, technical, and physical safeguards designed to protect data against unauthorized access, disclosure, alteration, or destruction. These measures may include access controls, encryption, authentication protocols, monitoring, and internal policies. However, no system is completely secure, and DealerReg does not guarantee absolute security.
9. Client Responsibilities
You are solely responsible for maintaining internal access controls, safeguarding login credentials, ensuring authorized use of the platform, and securing your own systems and networks. DealerReg is not responsible for breaches resulting from compromised credentials, user error, phishing, or failures within your organization.
10. International and Cross-Border Data Transfers
DealerReg operates primarily within the United States. If data is transferred or accessed across jurisdictions, DealerReg takes reasonable steps to ensure appropriate safeguards consistent with applicable law.
11. Data Accuracy and Client Control
DealerReg relies entirely on the accuracy of information provided by you. You are responsible for correcting inaccuracies and notifying DealerReg of changes. DealerReg does not independently verify transactional data for legal sufficiency or correctness.
12. Rights and Requests
Because DealerReg services commercial entities and processes data on behalf of clients, requests for access, correction, deletion, or restriction of data must be directed through the client organization that submitted the information. DealerReg will reasonably cooperate with lawful requests where applicable.
13. No Consumer Rights Waiver
DealerReg does not provide services to individuals acting in a personal or household capacity and does not knowingly engage in consumer data processing subject to consumer privacy statutes except as required for vehicle transactions initiated by business clients.
14. Regulatory and Legal Compliance
DealerReg may retain, disclose, or preserve information as required to comply with legal obligations, audits, investigations, enforcement actions, or governmental requests, regardless of other provisions of this Policy.
15. Policy Updates and Modifications
DealerReg may update this Privacy Policy from time to time. Updates will be posted with a revised effective date. Continued use of DealerReg after an update constitutes acceptance of the revised Policy.
16. Relationship to Other Agreements
This Privacy Policy supplements, and does not replace, DealerReg’s Terms of Service, Master Services Agreements, or other contractual arrangements. In the event of a conflict, the governing agreement controls.
17. Contact Information
Questions regarding this Privacy Policy or data practices may be directed to DealerReg through official contact channels listed on the DealerReg website.
​
​
DATA PROCESSING ADDENDUM (DPA) – DEALERREG
Effective Date: January 31, 2026
This Data Processing Addendum (“DPA”) forms part of and is incorporated into the DealerReg Terms of Service, Privacy Policy, and any applicable Master Services Agreement (“Agreement”) between DealerReg (“DealerReg,” “Processor,” or “Service Provider”) and the business entity accessing or using DealerReg services (“Client,” “Controller,” or “Business User”). In the event of a conflict, this DPA governs solely with respect to data protection and processing obligations.
1. Definitions
“Applicable Data Protection Laws” means all data protection and privacy laws applicable to the processing of Personal Data, including but not limited to the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), Virginia CDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, and any other similar U.S. state privacy laws. “Personal Data” means any information that identifies, relates to, describes, or could reasonably be linked to an identified or identifiable individual, as defined by Applicable Data Protection Laws, that is processed by DealerReg on behalf of Client. “Processing” has the meaning given under Applicable Data Protection Laws.
2. Roles of the Parties
Client acts as the Controller or Business under Applicable Data Protection Laws. DealerReg acts solely as a Processor or Service Provider, as applicable. DealerReg processes Personal Data only on behalf of and at the documented instructions of Client and does not determine the purposes or means of processing.
3. Scope and Purpose of Processing
DealerReg processes Personal Data solely for the purpose of providing administrative vehicle titling, registration, lien recording, compliance facilitation, platform access, transaction management, support services, fraud prevention, audit logging, billing, and regulatory compliance, as requested or authorized by Client. DealerReg shall not process Personal Data for any purpose other than those expressly permitted under the Agreement or required by law.
4. Categories of Data Subjects and Personal Data
Data subjects may include vehicle owners, lessees, borrowers, authorized drivers, dealership personnel, lender representatives, fleet operators, and other individuals whose data is included in vehicle transaction documentation. Personal Data may include names, addresses, identification numbers, vehicle identifiers, VINs, odometer readings, lien information, insurance data, signatures, and other information included in transaction records. DealerReg does not knowingly collect sensitive personal data unless required to process an authorized transaction.
5. Client Responsibilities
Client represents and warrants that it has obtained all required notices, consents, and legal authority to provide Personal Data to DealerReg and to instruct DealerReg to process such data. Client is solely responsible for the accuracy, legality, and integrity of the Personal Data provided and for compliance with all Applicable Data Protection Laws.
6. DealerReg Processing Obligations
DealerReg shall process Personal Data only in accordance with Client’s documented instructions and shall not sell, rent, retain, use, or disclose Personal Data for any purpose other than providing the contracted services, including any secondary use prohibited by Applicable Data Protection Laws. DealerReg shall not combine Personal Data with other data except as necessary to perform services.
7. Confidentiality
DealerReg shall ensure that all personnel authorized to process Personal Data are bound by confidentiality obligations and receive appropriate training regarding data protection and security.
8. Security Measures
DealerReg shall implement and maintain commercially reasonable administrative, technical, and physical safeguards designed to protect Personal Data against unauthorized access, disclosure, alteration, or destruction. These measures may include access controls, encryption, authentication protocols, monitoring, and incident response procedures. Client acknowledges that no system is completely secure and agrees that DealerReg does not guarantee absolute security.
9. Subprocessors
Client authorizes DealerReg to engage subprocessors to support hosting, infrastructure, communications, document storage, shipping, security, and payment processing. DealerReg shall ensure subprocessors are bound by contractual obligations consistent with this DPA. DealerReg remains responsible for subprocessors’ compliance with this DPA.
10. Data Subject Requests
DealerReg shall reasonably assist Client, to the extent legally required and technically feasible, in responding to verified data subject requests under Applicable Data Protection Laws. DealerReg shall not respond directly to data subject requests unless legally required or instructed by Client.
11. Data Breach Notification
DealerReg shall notify Client without undue delay upon becoming aware of a confirmed unauthorized access, acquisition, or disclosure of Personal Data resulting from a breach of DealerReg’s security systems, to the extent required by Applicable Data Protection Laws. Notification shall include information reasonably available to assist Client in meeting its legal obligations.
12. Data Retention and Deletion
DealerReg shall retain Personal Data only for as long as necessary to provide services, comply with legal obligations, resolve disputes, or enforce agreements. Upon termination of services, DealerReg may delete, anonymize, or retain Personal Data as required by law or internal compliance obligations unless otherwise agreed in writing.
13. Audits and Assessments
DealerReg shall make available reasonable information necessary to demonstrate compliance with this DPA. Any audit requests must be reasonable, non-disruptive, limited in scope, subject to confidentiality, and conducted no more than once annually unless required by law.
14. Cross-Border Transfers
DealerReg processes data primarily within the United States. Any cross-border transfers shall be conducted in accordance with Applicable Data Protection Laws and appropriate safeguards.
15. Limitation of Liability
This DPA is subject to the limitation of liability provisions set forth in the Agreement. DealerReg’s total liability arising out of or related to this DPA shall not exceed the amounts specified in the Agreement.
16. Survival
This DPA survives termination or expiration of the Agreement for so long as DealerReg processes Personal Data on behalf of Client.
17. Governing Law
This DPA shall be governed by the same law and dispute resolution provisions set forth in the Agreement.