Your data is yours, and we can prove it.
We hold a shop or dealership’s whole operation: customers, vehicles, repair orders, the schedule, the numbers. So we treat that trust as the product. Here is exactly how your data is protected and handled, in plain language, and what is still on our roadmap.
The short version
- Your data is isolated to your account at the database layer. One shop can never see another.
- Encrypted in transit (TLS) and at rest. Connector secrets live in Google Secret Manager, not our database.
- You can download a machine-readable copy of your data, or permanently delete everything, at any time.
- We never train a public AI model on your data, and we never sell it.
- Every AI action runs behind an approval gate you control, with a full audit trail.
Take your data out, or delete it, on your own, any time.
No ticket, no waiting, no salesperson in the way. These controls live in your workspace Settings and belong to the workspace owner.
Download your data
Export a complete, machine-readable (JSON) copy of your shop or dealership data at any time: customers, vehicles, repair orders, schedule, parts, vendors, leads, call records, and agent activity. It is your operation, in a file you own.
Settings, then Download your data. Owner-only, gated by your login.
Delete everything
Permanently erase the entire workspace and all of its data, cascading to every record. Real erasure, not a hidden flag. We ask you to type the workspace name to confirm, and for a second factor if you have 2FA enrolled, so it can never happen by accident.
Settings, then Delete this workspace. Owner-only, with confirmation.
Built so the safe thing is the default, not a setting.
One shop can never see another
Tenant isolation is enforced in the database itself (row-level security), not just in application code. Every record is fenced to your account, and our app connects with a restricted role that cannot bypass those fences. A two-tenant test proves it on every change.
Encrypted, in transit and at rest
Traffic to the site runs over modern TLS. Data is encrypted at rest. The credentials for your connected shop software or dealer DMS are never stored in our database; they live in Google Secret Manager, encrypted with Google-managed AES-256 keys, and are never written to a log.
Access is least-privilege and audited
Who can see and do what is decided by your role, resolved from our own directory rather than trusted from a login token. The most destructive actions (deleting the workspace, exporting all data) are owner-only, require a typed confirmation, and ask for a second factor when 2FA is enrolled.
The AI is on a leash
Every agent runs in a mode you set: Off, Approve, or Auto. Writes go through a propose, approve, execute gate with an audit trail. The numbers it reports are computed by tested code, not invented by the model, and its spending is capped per shop, per day.
We also run modern web-security headers on every response (a strict content-security policy, HSTS, clickjacking and content-type protections), verify every webhook, and run a secret scan plus a dependency-vulnerability scan on every change. The full sub-processor list and retention details are on our Privacy & Sub-Processors page.
We verify our security. We do not just assert it.
We run a structured internal audit: four adversarial lenses over the actual code (authentication and authorization, tenant isolation and data, the AI and agent surface, and the edge and infrastructure) plus live probes against the running system. The most recent audit found no critical or high issues on the live system. We are a small team and have not yet completed a third-party SOC 2 audit or penetration test; that is on the roadmap before we serve enterprise customers, and we will tell any partner exactly where we stand.
Found something? Report it privately to security@autoadvisorpartners.com (also published at /.well-known/security.txt). We acknowledge promptly and do not pursue good-faith researchers.
The questions owners actually ask.
- Can another shop or dealership see my data?
- No. Isolation is enforced in the database with row-level security, so one account can never read another account, and our application connects with a role that cannot override that. It is not a setting we hope is on; it is the default and it is tested on every change.
- Can I get my data out?
- Yes, any time. A workspace owner can download a complete, machine-readable (JSON) copy of the shop or dealership data from Settings, with no waiting and no ticket. It includes your customers, vehicles, repair orders, schedule, parts, leads, and agent activity.
- What happens to my data if I cancel?
- A workspace owner can permanently delete the entire workspace and all of its data at any time from Settings. The deletion cascades to every record and is real erasure, not a hidden flag. You can also export a copy first.
- Do you train a public AI model on my customers?
- No. Your data is never used to train any public model and is never sold. The AI agents read your data only to do your work, inside your account, and our model provider does not train on the data sent through the API.
- Who else touches my data?
- A small, vetted set of sub-processors that run the platform: the database and auth host, the cloud host, the AI model provider, the voice provider, and a public-business research tool. Each receives only what its function needs. The full list, with what each one gets, is on our Privacy page.
- Are you SOC 2 certified?
- Not yet, and we will not pretend otherwise. We are a small team. We run a structured internal security audit (four adversarial lenses over the code plus live probes) and publish a vulnerability-disclosure contact. A third-party SOC 2 audit and penetration test are on the roadmap before we serve enterprise customers, and we will say where we stand to any partner who asks.
Run on a system you can trust with the whole operation.
Request a Service-Drive Audit. See exactly what the crew does on your numbers, in a live demo on sample data, with your data handled the way this page describes.
No obligation · no high-pressure pitch · plain, public pricing