Privacy Policy

Last updated: 10 June 2026 · Applies to usedealeros.com and the DealerOS platform.

Plain-English summary. DealerOS is software for UK car dealerships. We hold the account details of the dealers who use us, and we process the business records each dealer puts into the platform (their stock, leads, deals and customers) on their behalf. We don't sell personal data. You have rights over your data, set out below.

Who we are
Controller & processor roles
Information we collect
How and why we use it
Data we process for dealers
Cookies & analytics
Sharing & sub-processors
International transfers
How long we keep data
Security
Your rights
Children
Changes
Contact & complaints

1. Who we are

DealerOS ("DealerOS", "we", "us", "our") provides a multi-tenant CRM and dealer management platform for used-car dealerships in the United Kingdom, available at usedealeros.com.

For the purposes of UK data protection law — the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 — the data controller for this website and for DealerOS account data is:

[Legal entity name — e.g. DealerOS Ltd / Right Hand Motor Ltd]
Registered in England & Wales, company number [company number]
Registered office: [registered office address]
ICO registration number: [ICO number]
Contact: privacy@usedealeros.com

2. Controller & processor roles

It helps to separate two different things:

When we are the controller. For the account holders and staff who sign up to DealerOS, for visitors to our website, and for people who contact us, we decide how and why personal data is used — so we are the controller. This policy governs that data.
When we are the processor. When a dealer uses DealerOS to manage their own business — their stock, leads, customers, deals and messages — that dealer is the controller of that information, and we process it on their behalf under our customer agreement. If you are a customer of a dealership that uses DealerOS, contact that dealership about your data; we will support them in responding.

3. Information we collect

Account & profile data

Name, business name, work email, phone number, role, and login credentials of the dealership staff who use DealerOS.

Dealership business data

The records you enter or import into the platform — vehicles, valuations, leads, contacts, deals, reservations, invoices, accounts entries, messages and related documents. This may include personal data about your own customers and suppliers (see section 5).

Billing data

Subscription plan, billing contact, and transaction records. Card payments are handled by our payment provider; we do not store full card numbers.

Enquiry & communications data

If you fill in a form on our website (for example to start a trial or book a demo) or email us, we collect the details you provide and our correspondence with you. Website enquiry forms are delivered to us by a third-party form service.

Technical & usage data

IP address, device and browser type, pages visited, and basic usage events, collected to keep the service secure and working. Some of this is collected via cookies (see section 6).

4. How and why we use it — and our legal bases

To provide the platform — create accounts, deliver features, isolate each dealership's data. Legal basis: performance of a contract.
To take payment and manage subscriptions. Legal basis: performance of a contract; legal obligation for tax records.
To respond to enquiries and provide support. Legal basis: legitimate interests, or steps prior to entering a contract.
To secure and improve the service — monitoring, troubleshooting, preventing abuse, product improvement. Legal basis: legitimate interests.
To send service and, where permitted, marketing messages about DealerOS. You can opt out of marketing at any time. Legal basis: legitimate interests or consent.
To meet legal and regulatory obligations. Legal basis: legal obligation.

5. Data we process on behalf of dealers

When you use DealerOS to run your forecourt, you may store personal data about your own customers, leads and contacts. For that data:

You are the controller and you decide what to collect and why.
We are your processor and only act on your instructions, as set out in our customer agreement / data processing terms.
Our platform is multi-tenant and enforces isolation at the database level (PostgreSQL row-level security), so one dealership cannot access another's records.
You are responsible for having a lawful basis and your own privacy notice for the people whose data you hold.

6. Cookies & analytics

Our website and app use a small number of cookies and similar technologies: strictly necessary ones to make the site and sign-in work, and — where used — analytics to understand traffic. Non-essential cookies are only set where permitted. You can control cookies through your browser settings. Where we use an analytics or hosting provider, only the data needed to run and measure the service is shared.

We do not sell personal data. We share it only with service providers who help us run DealerOS, each under contract and only as needed. Our key sub-processors include:

Vercel — website and application hosting.
Supabase — database and authentication infrastructure.
FormSubmit (or equivalent) — delivery of website enquiry forms.
[Payment provider] — subscription billing.
[Email/messaging providers] — transactional email, SMS and WhatsApp messaging where you enable them.

We may also disclose data where required by law, to enforce our terms, or in connection with a business sale or reorganisation. Optional integrations you switch on (such as AutoTrader, Carwow, auction platforms, DVLA, Xero or Sage) involve sharing the relevant data with those services under their own terms and privacy policies.

8. International transfers

We aim to keep data within the UK or European Economic Area. Where a provider processes data outside the UK/EEA, we rely on an appropriate safeguard — such as UK adequacy regulations or the International Data Transfer Agreement / Addendum — so your data stays protected.

9. How long we keep data

We keep account and platform data for as long as your subscription is active and for a reasonable period afterwards. On request after termination we will delete or return your dealership data, except where we must retain certain records (for example for tax or legal reasons). Website enquiry and analytics data is kept only as long as needed for the purpose it was collected.

10. Security

We use technical and organisational measures appropriate to the risk, including encryption in transit (HTTPS), database-level tenant isolation, access controls and the principle of least privilege. No system is perfectly secure, but we work to protect your data and to notify you and the regulator of a notifiable breach where the law requires.

11. Your rights

Under UK GDPR you have the right to: access your data; have inaccurate data corrected; have data erased; restrict or object to processing; data portability; and to withdraw consent where we rely on it. Where we act as a processor for a dealership, please direct requests to that dealership and we will assist them. To exercise a right against DealerOS as controller, email privacy@usedealeros.com. We will respond within the statutory time limit.

12. Children

DealerOS is a business tool and is not directed at children. We do not knowingly collect personal data from anyone under 16.

13. Changes to this policy

We may update this policy from time to time. We will post the revised version here and update the "last updated" date; material changes affecting account holders will be notified directly.

14. Contact & complaints

Questions or requests: privacy@usedealeros.com. If you are unhappy with how we have handled your data you can complain to the UK Information Commissioner's Office (ICO) at ico.org.uk — though we'd appreciate the chance to put things right first.

Read our Terms of Service →