DEALERAMMO

1. Data Stewardship & Processor Role

DealerAmmo (the System) operates strictly as a Service Provider / Data Processor. The Dealership Group or entity utilizing the System is the Data Controller. All customer PII (Personally Identifiable Information), vehicle data, and transaction logs remain the exclusive property of the Controller. DealerAmmo warrants that it does not sell, rent, or monetize Controller data to third-party automotive aggregators or competitors.

2. Data Ingestion & Third-Party Integrations

Data is ingested into the System via Manual Entry, CSV imports, API hooks, or DMS (Dealer Management System) integration. The Controller assumes sole responsibility for securing all necessary authorizations and permissions from third-party providers to facilitate these data transfers. Any costs, integration fees, or licensing requirements imposed by DMS providers or third-party vendors are the exclusive financial responsibility of the Controller. DealerAmmo does not audit Source Data for accuracy; therefore, it is not responsible for discrepancies in pacing, gross calculations, or reporting resulting from corrupted, inaccurate, or improperly formatted data provided by the Controller or their third-party service providers.

3. Access Control & User Authorization

The System provides administrative features, including identity shield protocols and granular rank levels, to enable the Controller to manage data visibility. The Controller is solely responsible for defining internal access policies, assigning atomic permissions, and ensuring that their specific configuration of the System meets their internal security standards and any applicable regulatory obligations. DealerAmmo does not audit or oversee the Controller's internal permissioning structure.

4. System Integrity & Access Monitoring

The System utilizes industry-standard encryption protocols for data at rest and in transit. All access to the data plane is session-based and monitored via unique operator identifiers and node logging. Any attempt to circumvent the identity shield or unauthorized probing of system architecture is strictly prohibited. DealerAmmo reserves the right to terminate access and pursue all available legal remedies for any breach of system integrity or unauthorized data extraction attempts.

5. Data Lifecycle, Retrieval, and Disposal

(a) Termination Grace Period: Upon termination of the service agreement or account abandonment (non-payment), the Controller has thirty (30) days to export their data using the System’s standard reporting tools.

(b) Permanent Purge: DealerAmmo reserves the right to permanently and irretrievably delete all Dealership data from active nodes sixty (60) days after account termination without further notice.

(c) Data Retrieval & Transfer Fees: While standard reports are available for export during the grace period at no cost, any request for specialized bulk data extraction, custom CSV formatting, or migration assistance to a third-party provider is subject to a Professional Services Fee at DealerAmmo’s then-current hourly rates.

(d) Backups: Residual encrypted data may persist in system backups for a standard rotation period (up to 90 days) but will remain inaccessible to unauthorized parties.

6. Browser Extension & Sidebar Tools