Privacy Policy

DealerPal ("we", "us") provides a platform that helps car dealerships ("Dealers") communicate with their customers through WhatsApp, Facebook Messenger, and Instagram. This policy explains what information we process, why, and the rights you have over it.

1. Who is the controller

When a Dealer uses DealerPal, the Dealeris the data controller of their customers’ messages and profiles. DealerPal acts as a data processor under the Dealer’s instructions. For a Dealer’s own account information (employees, billing), DealerPal is the controller.

2. Information we process

• Account information: name, email, phone, role, and authentication identifiers from Clerk (our identity provider).
• Dealer business data: dealership name, branding, vehicle inventory, pricing, knowledge-base content, uploaded photos.
• Messaging data from Meta platforms: when a Dealer connects WhatsApp, Facebook Page, or Instagram Business account, we receive message content, sender identifiers, and message metadata for the purpose of routing, replying, and reporting. We do not use this data for any other purpose.
• Operational data: application logs, error traces, and usage analytics used to keep the service reliable.

3. How we use it

• Provide the DealerPal service to the Dealer.
• Generate replies to customer messages using AI systems operated by DealerPal and its sub-processors.
• Maintain audit logs required by Meta platform policies and applicable law.
• Monitor, secure, and improve service reliability and quality.

We do not sell personal information. We do not use Meta-sourced message content to train public AI models.

4. Sub-processors

We use the following categories of sub-processors:

• Google Cloud Platform (EU region) — hosting, database, storage.
• Clerk — authentication and user management.
• Anthropic and other LLM providers — AI-generated replies.
• Sentry — error monitoring.
• Meta Platforms — source of messaging events only.

5. Data location & retention

Primary data storage is in the European Union (europe-west3). Message data is retained while the Dealer’s account is active. On account deletion, Dealer data is deleted within 30 days, except where we must retain it to comply with a legal obligation.

6. Your rights

You may request access to, correction of, or deletion of personal information we hold about you by emailing privacy@dealerpal.co.il. Dealers may also instruct us to delete customer data on a customer’s request.

7. Security

Tenant secrets (such as Meta access tokens) are encrypted at rest with Google Cloud KMS. Traffic is encrypted in transit with TLS. Access to production systems is restricted to authorized personnel.

8. Children

DealerPal is not directed at children under 16 and we do not knowingly collect information from them.

9. Changes

We may update this policy; material changes will be posted here with a new effective date. Continued use of the service after a change means you accept the updated policy.

10. Contact

DealerPal, operated by the owners of dealerpal.co.il. Questions: privacy@dealerpal.co.il.