Enterprise-Grade Security

Data Protection Measures

Encryption at Rest and in Transit

All dealership data, customer information, and vehicle listings are encrypted both when stored on our servers and during transmission. We use AES-256 encryption for data at rest and TLS 1.3 for data in transit, ensuring your information remains protected from unauthorized access.

Database Security

Our databases are protected with multiple layers of security including network isolation, firewall rules, encrypted backups, automated patching, and connection pooling with rate limiting. Database credentials are rotated regularly and stored in encrypted vaults.

Application Security

Our development practices prioritize security at every stage:

• Regular code reviews and static analysis to identify vulnerabilities
• Input validation and sanitization to prevent injection attacks
• CSRF and XSS protection on all forms and user inputs
• Rate limiting to prevent abuse and DDoS attacks
• Secure session management with HTTP-only cookies
• Dependency scanning to identify and patch vulnerable libraries

Authentication and Authorization

We implement multiple layers of access control:

• Multi-Factor Authentication (MFA): Optional 2FA via authenticator apps for enhanced account security
• Role-Based Access Control (RBAC): Granular permissions ensure team members only access what they need
• Session Management: Automatic logout after inactivity and detection of suspicious login patterns
• API Security: OAuth 2.0 tokens with expiration and revocation capabilities

Infrastructure and Operations

Cloud Hosting

DealerLauncher is hosted on enterprise-grade cloud infrastructure with built-in redundancy, automatic failover, and global content delivery. Our hosting providers maintain SOC 2 Type II, ISO 27001, and PCI DSS certifications.

Backup and Disaster Recovery

We maintain comprehensive backup and recovery procedures including automated daily backups retained for 30 days, real-time database replication across multiple data centers, point-in-time recovery capabilities, and regular disaster recovery testing. In the event of a catastrophic failure, we can restore your data with minimal disruption.

Network Security

Our network infrastructure includes:

• Web Application Firewall (WAF) to block malicious traffic
• DDoS protection with automatic traffic filtering
• Network segmentation to isolate sensitive systems
• Intrusion detection and prevention systems (IDS/IPS)
• Regular vulnerability scanning and penetration testing

Compliance and Certifications

Data Privacy Regulations

DealerLauncher complies with major data protection regulations including GDPR (General Data Protection Regulation) for European customers, CCPA (California Consumer Privacy Act) for California residents, and other state privacy laws. We provide tools for customers to exercise their data rights.

Industry Standards

We align our security practices with recognized frameworks:

• SOC 2 Type II: Annual audits verify our security, availability, and confidentiality controls
• OWASP Top 10: We actively protect against the most critical web application security risks
• CIS Controls: Implementation of cybersecurity best practices

Facebook/Meta Integration Security

Our integration with Facebook Marketplace follows Meta's security best practices including OAuth 2.0 authentication with minimal required permissions, secure token storage with automatic refresh, compliance with Facebook Platform Terms and Developer Policies, and regular review of API access and data usage.

Employee Access and Training

Background Checks

All DealerLauncher employees with access to customer data undergo background checks and sign confidentiality agreements before accessing production systems.

Security Training

Our team receives regular security awareness training covering phishing recognition, secure coding practices, data handling procedures, and incident response protocols. Security is everyone's responsibility.

Principle of Least Privilege

Employee access to customer data is strictly limited based on job function. All access is logged and monitored, with quarterly reviews to ensure appropriate permissions.

Monitoring and Incident Response

24/7 Security Monitoring

Our security operations center monitors for suspicious activity around the clock using automated intrusion detection, anomaly detection algorithms, log aggregation and analysis, and real-time alerting for security events.

Incident Response Plan

In the event of a security incident, we follow a documented response plan including immediate containment and investigation, notification to affected customers within 72 hours, forensic analysis to identify root cause, remediation to prevent future incidents, and post-incident review and documentation.

Vulnerability Management

We proactively identify and address security vulnerabilities through continuous dependency scanning, quarterly penetration testing by third parties, bug bounty program for responsible disclosure, and rapid patching of critical vulnerabilities (typically within 48 hours).

Your Responsibility

While we implement extensive security measures, you play a crucial role in protecting your dealership's data:

• Strong Passwords: Use unique, complex passwords and enable multi-factor authentication
• Secure Devices: Access DealerLauncher from trusted, up-to-date devices with antivirus protection
• Team Training: Educate your staff about phishing and social engineering attacks
• Access Management: Remove access for former employees immediately
• Report Issues: Notify us immediately if you suspect unauthorized access

Transparency and Communication

We believe in transparency about our security practices. If you have questions about our security measures, would like a copy of our SOC 2 report (under NDA), or need to report a security vulnerability, please contact our security team:

Security Email: security@dealerlauncher.com
General Contact: info@dealerlauncher.com
Phone: (740) 231-2690

Last Updated: January 2025