Document · Dealership Safeguards · Effective July 2, 2026

Dealership Safeguards

A plain statement of what Dealer Duo touches, what it never touches, and the controls that protect it — compliance-minded software, written to support dealership vendor review so a manager or compliance officer can evaluate a salesperson's use of Dealer Duo and file this page.

I · Article

Purpose of this page

This page is written for dealership managers and compliance officers evaluating a salesperson’s use of Dealer Duo. It states plainly what Dealer Duo touches, what it never touches, and what controls protect the data that passes through it. Print it and place it in your policy or vendor file.

II · Article

What Dealer Duo is — and is not

Dealer Duo gives a salesperson a personal link-in-bio showroom: a public page with their name, photo, contact information, your dealership’s publicly listed inventory, and a path for buyers to reach out. It is a marketing front door for the audience the salesperson already has. It is designed to complement the dealership’s website, not replace it.

Dealer Duo does not connect to your DMS, CRM, or lender portals. It does not receive deal jackets, credit applications, finance terms, buyers orders, driver’s licenses, Social Security numbers, or any records from dealership systems. There is nothing for a salesperson to upload from your store.

III · Article

Information Dealer Duo touches

Three categories, all narrow. First, vehicle inventory taken from your dealership’s own public website listings — the same information any shopper can see. Second, the salesperson’s own profile information: name, photo, contact details, and social links. Third, pre-sale buyer inquiries submitted through the page: typically a name, phone number or email address, the vehicle of interest, and a message.

Lead forms never ask for Social Security numbers, dates of birth, driver’s license numbers, income, or credit information. A Dealer Duo lead is the digital equivalent of a buyer handing a salesperson their phone number on the lot.

IV · Article

Inventory display

Inventory is sourced from the dealership’s public listings and refreshed on a recurring schedule. Pages display the dealership’s own advertised information; salespeople do not set or edit vehicle prices in Dealer Duo. Vehicles that leave your public listings are removed on the next sync, and a dealership may ask us to stop displaying its inventory entirely.

V · Article

Lead handling and security controls

Buyer inquiries are protected by anti-spam verification at submission, encrypted in transit and at rest, and delivered only to the salesperson whose page received them. Application access is tenant-scoped: a salesperson sees only their own page and their own leads. Administrative access is limited and logged.

VI · Article

Service providers

Dealer Duo uses the following providers to deliver the platform, each bound by its own published security and data-governance terms. Inventory sync and search run on infrastructure we operate ourselves and process only public listing data. We assess this list periodically and update this page when it materially changes.

VII · Article

Dealership control

A Dealer Duo page identifies the salesperson, not the store, and must not claim dealership sponsorship or endorsement unless that is true. If a page misstates an affiliation, uses your dealership’s name or information without permission, or if you simply want your inventory removed, contact us and we will act promptly — including unpublishing the page while a dispute is resolved.

VIII · Article

Safeguards Rule posture

The FTC Safeguards Rule (16 CFR Part 314) covers customer information that arises from financial products and services. Dealer Duo is designed to minimize sensitive data collection and to sit upstream of that: it is built not to receive nonpublic personal information from dealership systems, and the buyer information it handles is pre-sale marketing contact data volunteered by the shopper.

If your written information security program nonetheless treats Dealer Duo as a service provider requiring oversight under 16 CFR § 314.4(f), this page is written to support your vendor review — so your Qualified Individual can document what Dealer Duo receives and the controls that protect it.

IX · Article

Incident notification

Dealer Duo commits to notify the affected salesperson — and the affected dealership’s designated contact, where a dealership relationship exists — within three business days of confirming unauthorized access, acquisition, or use of their data, and sooner where the matter is material. Notification includes the categories of information involved, the date or date range of the incident, the date of discovery, and the actions taken in response.

X · Article

What Dealer Duo does not claim

Dealer Duo does not claim to be “FTC compliant,” “Safeguards Rule compliant,” or “GLBA certified,” and it does not guarantee your dealership’s compliance — no vendor can. Compliance obligations rest with the dealership, and no software product satisfies them on its own.

What Dealer Duo does claim is narrower and accurate: it is compliance-minded and dealer-friendly software, built with dealership data-security expectations in mind, designed to minimize sensitive data collection, and written up on this page to support — not replace — your own vendor review.

XI · Article

Who stands behind this

Dennis Walsh is responsible for the security and data-handling practices described on this page. He owned a car dealership for 23 years, is an attorney licensed in Arizona whose practice focuses on dealership compliance, and is an electrical engineer and software developer. He built Dealer Duo — and drew these boundaries — knowing exactly what a dealership compliance file needs to say about a vendor.

Signed

— Dennis Walsh

Founder, Dealer Duo · Attorney, Arizona

Effective date
July 2, 2026
Source URL
https://dealerduo.com/safeguards