Privacy Policy

Last updated: 3 May 2026

Dealerexport ("we", "us") respects your privacy. This policy explains what data we collect, why we collect it, and what your rights are. We're an Irish company subject to Irish data protection law and the GDPR.

1. What we collect

• Account data — your email, name, forecourt name, country, VAT number (optional), and a hashed password.
• Vehicle data — the cars you list, with their specs, photos, prices, mileage, descriptions, and your private notes.
• Reservation data — names, phone numbers, and email addresses of customers who place a deposit through your forecourt. This is your data, used only for your own forecourt operations.
• Billing data — your card last-4, billing address, and VAT details (the full card number is held by Stripe; we never see it).
• Usage data — IP address, browser type, pages visited, for security and product improvement.

2. Why we collect it

• To provide the service you signed up for (legal basis: contract).
• To bill you accurately (legal basis: contract).
• To prevent fraud and abuse (legal basis: legitimate interest).
• To send service notifications — outage alerts, feature changes, billing receipts (legal basis: contract).
• We do not use your data to train AI models, sell to third parties, or run advertising on you.

3. Where it's stored

All your data is stored in EU data centres (Ireland and Frankfurt). Photos sit on AWS S3 in eu-west-1. Database is hosted in the EU. Backups are encrypted and stored in the EU.

4. Sub-processors

We use a small set of trusted vendors:

• Stripe — payment processing (PCI-DSS Level 1).
• AWS — hosting and photo storage (EU regions only).
• Anthropic — AI listing description generation. Vehicle specs are sent; customer data is never sent.
• MotorCheck — Irish vehicle plate lookup. Only the plate string is sent.
• Resend / SendGrid — transactional email (receipts, password resets).

5. Your rights

• Access — see what we hold on you. Email info@dealerexport.ie.
• Export — download all your vehicles, photos and reservations as CSV/ZIP from Settings.
• Delete — delete your account from Settings. We retain a backup for 30 days for recovery, then erase.
• Correct — fix anything inaccurate from your dashboard, or email us.
• Complain — to the Irish Data Protection Commission if you're unhappy.

6. Cookies

We use essential cookies only (login session, CSRF protection). No advertising cookies. No third-party trackers. See our cookie policy for the full list.

7. Customer data on your behalf

When you take a customer's details for a reservation, that's your data — we're a processor, you're the controller. You're responsible for telling those customers you hold their data and for getting consent where required. We provide the technical means to delete or export that data on demand.

8. Changes to this policy

If we change anything material, we'll email account holders at least 14 days before it takes effect. Minor wording changes may be made without notice.

9. Contact

Questions? info@dealerexport.ie. Postal: Dealerexport, Dublin, Ireland.