Is your shop or dealership data safe with AI software? How to tell, and what to demand
Before you let an AI tool touch your customers, your repair orders, and your DMS, three things decide whether your data is actually safe: who can see it, how it is protected, and whether you can get it back or delete it. Here is how Auto Advisor handles all three, and a checklist to grade any vendor.
- The real test of "secure" is not a logo on a website. It is whether one shop can ever see another, whether your data is encrypted in transit and at rest, and whether you can export or delete it yourself, on demand.
- Auto Advisor enforces isolation in the database itself (row-level security), so one account can never read another. It is the default, not a setting, and it is tested on every change.
- Your connected shop-software or DMS credentials are never stored in our database. They live in Google Secret Manager, encrypted with AES-256, and are never written to a log.
- The AI runs on a leash: every agent is Off, Approve, or Auto by your choice, every write goes through an approval gate, and your data is never used to train a public model or sold.
- You can download a complete, machine-readable copy of your data, or permanently delete everything, from Settings, any time. No ticket, no waiting.
- Ask any AI vendor the nine questions at the end of this article. If they cannot answer plainly, that is your answer.
Here is the honest version of the question every owner is really asking before they connect an AI tool to their shop: if I let this software read my customer list, my repair orders, and my schedule, and write back into the system I already run, what happens to that data, and who else can see it? It is the right question. You are not buying a gadget. You are handing over the operating record of your business.
So this article does two things. First, it walks through exactly how Auto Advisor protects a shop or dealership's data, in plain language, with no hand-waving. Second, it gives you a vendor-agnostic checklist so you can grade any AI tool you are considering, ours included. If a vendor cannot answer these questions plainly, that hesitation is the most useful thing they will ever tell you.
The short answer
Data is safe when three things are true: one customer can never see another's data, the data is encrypted in transit and at rest, and you can take it out or delete it yourself. Everything else is detail. Auto Advisor is built so all three are the default, not an option you have to find and switch on.
What "secure" actually has to mean for a shop or a dealership
Most security marketing is a wall of acronyms. Strip it away and a shop owner only cares about a few concrete failures, and whether the software makes them impossible. Could the shop across town end up seeing my customers? If someone got a copy of the database, could they read my data or my passwords? Could the AI do something to my system that I did not approve? If I leave, can I get my data, and can I make them delete it? A serious vendor designs against each of those by construction, not by promising to be careful.
One shop can never see another (and why that is a database job, not a code job)
The most important property of any multi-tenant system, where many businesses share the same software, is tenant isolation: your data is fenced off from every other customer. The weak way to do this is in application code, where a developer remembers to add a filter to every query. The strong way is to enforce it in the database itself, so the fence holds even if a piece of code forgets.
Auto Advisor uses the strong way. Every tenant table runs Postgres row-level security with a fail-closed policy, so a query returns only the rows that belong to your account, and the application connects with a restricted database role that is not allowed to bypass those policies. On top of that, the tenant identity is set per request and then read back (a canary) before any row is returned, which catches the rare case where a shared connection could otherwise serve the wrong account. A two-tenant test proves the fence holds on every change.
Encrypted in transit, and at rest, with secrets kept out of the database
Two kinds of encryption matter. In transit means traffic between your browser and the platform is encrypted (modern TLS), so nobody on the network in between can read it. At rest means the stored data is encrypted on disk, so a stolen backup is not a readable copy of your shop.
Auto Advisor does both. The detail worth understanding is how the most sensitive secrets are handled: the credentials that let the platform talk to your shop-management software or dealer DMS. Those are never stored in our own database. They live in Google Secret Manager, encrypted with Google-managed AES-256 keys, and the database holds only a non-secret reference to them. That reference is never written to a log. It means that even an attacker with a copy of the database does not get the keys to your connected systems.
Who can do what: least privilege, and the dangerous buttons are gated
Inside your own workspace, not everyone should be able to do everything. What a person can see and do is decided by their role, and that role is resolved from Auto Advisor's own directory rather than trusted from whatever a login token claims, which is the difference between a real permission system and one an attacker can talk their way around.
The two actions that can actually hurt you, deleting the entire workspace and exporting all of its data, are owner-only. They require a typed confirmation, and when the owner has two-factor authentication enrolled, they require that second factor as well. The assurance level defaults to the weakest value and is only raised by a real verified factor, so a forgotten check can never silently grant access it should not.
The AI is on a leash
An autonomous agent that can act on your business is only safe if you decide how much rope it has. In Auto Advisor, every agent runs in one of three modes you set: Off (it does nothing), Approve (it drafts the action and waits for a human to click yes), or Auto (it acts on its own inside the policy you defined). You can change your mind any morning before the bays open.
- Writes go through an approval gate. Anything the AI does to your system follows a propose, approve, execute path, admin-only, with an audit trail and an undo.
- The numbers are computed, not guessed. The figures the AI reports (your KPIs, your dollars) are calculated by tested code, not invented by the language model, so you cannot get a hallucinated number presented as fact.
- Spending is capped. Each shop has a daily limit on AI usage, enforced in the database so it holds even across many running servers, which means a runaway loop or an abusive request cannot run up an open-ended bill.
Your data is never used to train a public model, and never sold
This is the fear behind the question, and it deserves a direct answer: Auto Advisor does not use your data to train any public AI model, and does not sell it. The agents read your data only to do your work, inside your account. The model provider that powers the reasoning does not train on data sent through its API. Your customer list is an asset of your business, not training fuel for someone else's.
Can you get your data out, and can you delete it? Yes, yourself
A vendor that makes it hard to leave is telling you something. Auto Advisor puts both controls in your own hands. From Settings, a workspace owner can download a complete, machine-readable copy of the shop or dealership data, your customers, vehicles, repair orders, schedule, parts, vendors, leads, call records, and agent activity, in a file you own, with no ticket and no waiting.
And from the same place, an owner can permanently delete the entire workspace and everything in it. That deletion cascades to every record and is real erasure, not a hidden flag that keeps your data around. You confirm by typing the workspace name, and with your second factor if you have 2FA on, so it can never happen by accident. You can read the full detail on the Security and Data Handling page and the Privacy and Sub-Processors page.
Who else touches your data
Honest software runs on a few outside services, and you deserve to know which. Auto Advisor uses a small, vetted set of sub-processors to run the platform: the database and authentication host, the cloud host, the AI model provider, the voice provider for the phone agent, and a public-business research tool used only on public listings. Each one receives only the data its function needs, and the full list, with exactly what each one gets, is published on the Privacy and Sub-Processors page. A vendor that will not name its sub-processors is asking you to trust a black box.
How to vet any AI vendor in nine questions
Use this with any tool you are considering, including Auto Advisor. The point is not to find a vendor with a perfect answer to all nine. It is to find one that answers all nine plainly and without defensiveness. Vagueness is the red flag.
- Is tenant isolation enforced in the database (row-level security), or only in application code? Ask them to say which.
- Is my data encrypted in transit and at rest, and where do my connected-system credentials live?
- Inside my account, who can see and do what, and are the destructive actions (delete, export) gated to the owner plus a second factor?
- Can the AI write to my system without my approval, and can I set each agent to off, approve-first, or automatic?
- Do you use my data to train any public model, or sell it? Get a yes or no.
- Can I download a complete copy of my data myself, any time, in a usable format?
- Can I permanently delete my data myself, and is it real erasure?
- Who are your sub-processors, and what does each one receive?
- How do you verify your security, and what is honestly not yet in place (for example, a third-party SOC 2 audit)?
Where we are honest about the gaps
The fastest way to lose your trust would be to claim a certification we do not hold. So, plainly: Auto Advisor has not yet completed a third-party SOC 2 audit or external penetration test. We are a small team. What we do today is run a structured internal security audit, four adversarial reviews of the actual code plus live tests against the running system, and the most recent one found no critical or high issues on the live platform. A formal third-party audit is on the roadmap before we serve enterprise customers, and we will tell any partner exactly where we stand. We would rather be the vendor that answers question nine honestly than the one that hopes you do not ask it.
The bottom line
Safe data is not a promise, it is a design. Isolation enforced in the database, encryption in transit and at rest with secrets kept out of the database, owner-gated destructive actions, an AI you keep on a leash, no training on your customers, and the ability to take your data out or delete it yourself. Demand all of it, from us and from anyone else.
Want to see how the system handles your data on your own numbers? Request a Service-Drive Audit for a live demo on sample data, with everything handled the way this article describes.
Can another shop or dealership see my data in Auto Advisor?
No. Isolation is enforced in the database itself with row-level security, so one account can never read another, and the application connects with a database role that cannot override that. It is the default and it is tested on every change, not a setting you have to enable.
Does Auto Advisor train AI on my customer data?
No. Your data is never used to train any public model and is never sold. The agents read your data only to do your work inside your account, and the underlying model provider does not train on data sent through its API.
How is my connected shop software or DMS credential protected?
Those credentials are never stored in our database. They live in Google Secret Manager, encrypted with AES-256 keys managed by Google, and the database holds only a non-secret reference that is never logged. A stolen database copy would not contain the keys to your connected systems.
Can I get my data out of Auto Advisor, or delete it?
Yes, both, yourself, any time. A workspace owner can download a complete machine-readable copy of the shop or dealership data from Settings, and can permanently delete the entire workspace and all of its data from the same place. Deletion is real erasure that cascades to every record.
Can the AI do something to my system without my approval?
Only if you let it. Every agent runs in a mode you choose: off, approve-first, or automatic. Writes go through a propose, approve, execute gate with an audit trail and an undo, and you can change any agent’s mode at any time.
Is Auto Advisor SOC 2 certified?
Not yet, and we will not pretend otherwise. We run a structured internal security audit (four adversarial code reviews plus live probes) and publish a vulnerability-disclosure contact. A third-party SOC 2 audit and penetration test are on the roadmap before we serve enterprise customers, and we will say where we stand to any partner who asks.
Founder of Auto Advisor. Engineering experience at Tesla, SpaceX, and Rivian, where autonomous systems have to be safe, cite their work, and keep a human in the loop. He builds the same discipline into an AI crew for auto repair shops and dealerships. More about Auto Advisor →
See the crew run on your numbers.
Open the live demo with no login, or request a Service-Drive Audit and we will calculate your real missed-call leak, your current ARO, and where the crew recovers the most.
No obligation · no high-pressure pitch · plain, public pricing