AutoRevolution Definitions
Last Updated:
Effective Date:
Version: v1.0
This Definitions Article establishes the meaning and interpretation of key legal, technical, operational, commercial, cybersecurity, privacy, and automotive-industry terms used throughout the Agreement, including all applicable service policies, exhibits, schedules, statements of work, data processing terms, security commitments, and operational procedures.
Table of Contents
1. Introduction
1.1 Purpose & Scope
This Definitions Article establishes the meaning and interpretation of key legal, technical, operational, commercial, cybersecurity, privacy, and automotive-industry terms used throughout the Agreement, including all applicable service policies, exhibits, schedules, statements of work, data processing terms, security commitments, and operational procedures.
The Parties acknowledge that clear definition of contractual terminology is essential to:
- establish allocation of rights and responsibilities;
- define ownership and control of data;
- clarify privacy and security obligations;
- govern the provision and use of SaaS technology services;
- support regulatory compliance;
- establish operational expectations between the Parties.
2. Definitions
These definitions apply throughout this Agreement, all Order Forms, Statements of Work, Subscription Agreements, Data Processing Addenda, Service Level Agreements, Professional Services Agreements, and all schedules, exhibits, appendices, policies, and documents incorporated by reference.
2.1 Corporate Terms
Affiliate
"Affiliate" means, with respect to any Person or legal entity, any other Person or legal entity that directly or indirectly Controls, is Controlled by, or is under common Control with such Person or entity, whether through ownership of voting securities, membership interests, partnership interests, contractual rights, management authority, beneficial ownership, or otherwise.
For purposes of this Agreement, an Affiliate includes any parent company, subsidiary, sister company, holding company, operating company, joint venture under common Control, successor entity, merged entity, or other business organization that satisfies the foregoing definition.
The existence of an Affiliate relationship shall be determined at the time the applicable rights or obligations arise and shall continue for so long as the requisite Control exists unless otherwise expressly provided herein.
Affiliate Company
"Affiliate Company" means any corporation, limited liability company, partnership, joint venture, governmental entity, nonprofit organization, dealership entity, dealer group, franchise entity, business division, branch office, operating unit, or other legal organization that qualifies as an Affiliate.
For Customers operating multiple dealership locations, dealer groups, or commonly owned automotive businesses, each dealership, rooftop, franchise location, affiliated dealership, or operating company shall constitute a separate Affiliate Company unless otherwise identified within an executed Order Form.
Unless expressly stated otherwise in an executed Order Form, execution of this Agreement by one Affiliate Company does not automatically grant rights to any other Affiliate Company to access or use the Services.
Agreement
"Agreement" means this Master Services Agreement together with all Order Forms, Statements of Work ("SOWs"), Subscription Agreements, Data Processing Addenda ("DPAs"), Service Level Agreements ("SLAs"), Professional Services Agreements, Acceptable Use Policies, Privacy Notices, Security Documentation, Product-Specific Terms, pricing schedules, amendments, renewals, exhibits, appendices, schedules, and any other documents expressly incorporated herein by reference, each as amended from time to time in accordance with the terms of this Agreement.
Applicable Law
"Applicable Law" means all applicable international, federal, state, provincial, territorial, local, municipal, tribal, administrative, regulatory, judicial, and governmental constitutions, statutes, laws, regulations, ordinances, directives, rules, executive orders, agency guidance, consent decrees, industry standards having the force of law, court orders, judgments, and governmental requirements applicable to either Party, the Services, Customer Data, Personal Information, communications, or the performance of this Agreement.
Applicable Law includes, without limitation, laws relating to privacy, cybersecurity, artificial intelligence, consumer protection, automotive retail operations, electronic communications, telemarketing, financial services, employment, accessibility, export controls, sanctions, taxation, intellectual property, record retention, electronic signatures, and data protection.
Business Day
"Business Day" means any day other than a Saturday, Sunday, or federal banking holiday observed within the United States on which commercial banks are generally open for business in the State of Texas.
Unless otherwise expressly stated:
- Business Days shall be measured according to the Central Time Zone (U.S.).
- Business Hours are 10:00 a.m. through 7:00 p.m. Central Time.
- Deadlines expiring on a non-Business Day automatically extend to the next Business Day.
- Scheduled maintenance occurring outside Business Hours shall not constitute a Service interruption unless otherwise provided in an applicable Service Level Agreement.
Business Hours
"Business Hours" means the Company's standard operational support hours unless otherwise specified within an executed Service Level Agreement or applicable Support Plan. Unless otherwise agreed in writing, Business Hours shall be Monday through Friday from 10:00 a.m. until 7:00 p.m. Central Time, excluding recognized federal holidays.
Control
"Customer Entity" means the legal entity identified within the applicable Order Form that has entered into this Agreement with the Company and is responsible for payment of Fees, compliance with this Agreement, and the acts and omissions of its Authorized Users.
Where Customer consists of multiple dealership rooftops, dealer groups, subsidiaries, franchise operations, or affiliated businesses, each Customer Entity shall remain jointly and severally responsible only to the extent expressly provided within an executed Order Form.
Effective Date
"Effective Date" means the earliest date upon which this Agreement becomes legally binding, including the first occurrence of any of the following:
- execution of this Agreement by both Parties;
- electronic acceptance through the Company's website or platform;
- execution of an Order Form or Subscription Agreement incorporating this Agreement;
- Customer's first access to or use of the Services;
- Company's acceptance of Customer's Order Form;
- commencement of implementation, onboarding, Professional Services, or subscription services; or
- any other legally sufficient manifestation of acceptance under Applicable Law.
If multiple events occur, the earliest such event shall constitute the Effective Date unless expressly stated otherwise within an executed Order Form.
Order
"Order" means any commercial transaction through which Customer purchases, licenses, subscribes to, renews, upgrades, expands, or otherwise acquires the Company's Services, whether memorialized through an Order Form, online checkout process, electronic acceptance, quotation accepted by Company, renewal confirmation, purchase order accepted by Company, Statement of Work, or other mutually authorized ordering document.
Order Form
"Order Form" means any written or electronic ordering document executed, accepted, or otherwise approved by both Parties that identifies one or more Services to be provided under this Agreement.
An Order Form may include, without limitation:
- Subscription Services;
- Professional Services;
- Implementation Services;
- Training Services;
- Support Services;
- Data migration services;
- AI features;
- API access;
- integration services;
- pricing;
- payment terms;
- subscription quantities;
- licensed dealership locations;
- Authorized User limitations;
- service-specific terms;
- renewal provisions;
- special commercial terms; and
- any negotiated deviations from this Agreement.
Each executed Order Form is incorporated into and governed by this Agreement unless expressly stated otherwise.
Party
"Party" means individually either the Company or the Customer, and "Parties" individually means both collectively. References to a Party include such Party's permitted successors and authorized assigns unless otherwise prohibited under this Agreement.
Person
"Person" means any natural person, corporation, limited liability company, partnership, sole proprietorship, governmental authority, nonprofit organization, trust, estate, association, dealer group, dealership entity, financial institution, or any other legal or commercial organization recognized under Applicable Law.
Primary Administrator
"Primary Administrator" means the individual designated by Customer to administer Customer's Account, manage Authorized Users, receive legal notices, approve configuration changes, authorize integrations, review billing matters, and act as Customer's primary administrative contact for the Services.
Unless Company receives written notice otherwise, Company may reasonably rely upon instructions received from the Primary Administrator as authorized instructions from Customer.
Renewal Date
"Renewal Date" means the first calendar day immediately following expiration of the then-current Subscription Term upon which a Renewal Term begins unless the Agreement or applicable Order Form is terminated or non-renewed in accordance with its terms.
Renewal Term
"Renewal Term" means each successive subscription period that follows expiration of the Initial Subscription Term.
Unless otherwise expressly provided within an executed Order Form:
- Subscriptions automatically renew for successive terms equal to the immediately preceding Subscription Term;
- renewal pricing shall be determined in accordance with the Agreement or applicable Order Form;
- either Party may elect not to renew by providing timely written notice in accordance with this Agreement;
- all renewals remain subject to the then-current Agreement except where superseded by a mutually executed written amendment; and
- all licenses, subscriptions, support obligations, and payment obligations continue throughout each Renewal Term.
Successor Entity
"Successor Entity" means any Person or legal entity that acquires, merges with, consolidates into, reorganizes, converts, or otherwise succeeds to substantially all of the assets, equity interests, operations, or business of either Party by operation of law or otherwise.
Term
"Term" means the period beginning on the Effective Date and continuing until expiration or termination of all applicable Subscription Terms, Renewal Terms, Order Forms, and any surviving obligations under this Agreement.
2.2 SaaS Licensing Terms
Access Credentials
"Access Credentials" means any username, password, passkey, authentication token, API key, certificate, digital credential, multifactor authentication mechanism, security token, cryptographic key, single sign-on credential, OAuth credential, or other authentication method used to access or interact with the Services. Access Credentials are Confidential Information and remain subject to the security obligations set forth in this Agreement.
Authorized Environment
"Authorized Environment" means the hardware, software, browser, operating system, mobile device, cloud infrastructure, network, communications platform, and technical environment approved or supported by Company for access to or use of the Services as described within the applicable Documentation.
Availability
"Availability" means the percentage of time during a measurement period that the Subscription Services are operational and available for Customer's authorized use, excluding scheduled maintenance, emergency maintenance, Force Majeure Events, third-party service interruptions, Customer-caused outages, telecommunications failures outside Company's reasonable control, and any exclusions expressly identified within an applicable Service Level Agreement.
Beta Feature
"Beta Feature" means any individual feature, module, API, integration, workflow, artificial intelligence capability, reporting function, automation, user interface element, or functionality designated by Company as beta, preview, pilot, experimental, limited release, early access, evaluation, prerelease, technology preview, or similar designation.
Beta Services
"Beta Services" means any software, products, services, functionality, artificial intelligence tools, APIs, integrations, communications services, or technology offerings designated by Company as beta, preview, pilot, experimental, prerelease, limited availability, early access, evaluation, or similar status.
Beta Services are provided solely for testing, evaluation, product improvement, and customer feedback purposes. Unless otherwise expressly stated in an executed Order Form, Beta Services:
- are provided on an "AS IS" and "AS AVAILABLE" basis;
- may be modified, suspended, discontinued, or replaced at any time without prior notice;
- may contain defects, errors, interruptions, or incomplete functionality;
- may not be supported under any Service Level Agreement;
- may not be suitable for production use;
- may be subject to additional terms established by Company; and
- may generate Customer Feedback that Company may use in accordance with this Agreement.
Cloud Infrastructure
"Cloud Infrastructure" means the hosted computing environment, virtualization platforms, storage systems, databases, networking infrastructure, container orchestration systems, cloud hosting resources, backup systems, disaster recovery infrastructure, and related technology utilized by Company or its authorized Service Providers to operate, host, secure, and deliver the Services.
Configuration
"Configuration" means the settings, preferences, permissions, workflows, automations, templates, user roles, integrations, business rules, communication preferences, dealership settings, branding elements, and other customizable parameters established by or on behalf of Customer within the Services.
Documentation
"Documentation" means Company's then-current user guides, implementation guides, administrator guides, API documentation, technical specifications, training materials, release notes, security documentation, product descriptions, knowledge base articles, online help resources, support documentation, and other written or electronic materials made available by Company describing the proper installation, configuration, administration, operation, integration, security, or permitted use of the Services.
Documentation may be updated periodically to reflect changes in the Services, security practices, supported functionality, regulatory requirements, or product enhancements.
Feature
"Feature" means an individual function, capability, module, tool, workflow, automation, integration, communication channel, reporting component, dashboard, artificial intelligence capability, or other functional component of the Services that may be licensed independently or collectively as part of a Subscription.
Hosted Services
"Hosted Services" means software applications, databases, APIs, communications platforms, artificial intelligence services, websites, portals, mobile applications, integrations, infrastructure, and related technology hosted by or on behalf of Company and made available to Customer through a cloud-based software-as-a-service delivery model.
Implementation Services
"Implementation Services" means onboarding, deployment, installation, configuration, migration, integration, customization, training, consulting, project management, testing, launch assistance, and related professional services provided by Company to facilitate Customer's implementation and adoption of the Services.
License
"License" means the limited, non-exclusive, non-transferable, non-sublicensable, revocable (where expressly permitted by this Agreement), and subscription-based right granted by Company to Customer during the applicable Subscription Term to access and use the Services solely for Customer's internal business operations and strictly in accordance with this Agreement, the applicable Order Form, Documentation, Applicable Law, and any usage limitations established by Company.
Except for the limited rights expressly granted herein, Company reserves all rights, title, and interests in and to the Services, Software, Documentation, and all related intellectual property.
Licensed Capacity
"Licensed Capacity" means the quantity of Authorized Users, dealership rooftops, business locations, vehicle records, communication volume, API transactions, storage allocation, data processing limits, modules, features, or other measurable licensing metrics purchased by Customer under the applicable Order Form.
Maintenance Release
"Maintenance Release" means a correction, patch, hotfix, security update, defect correction, compatibility enhancement, performance optimization, or similar release intended to maintain, stabilize, or improve the Services without materially changing core functionality.
Module
"Module" means an individual software component, licensed product, functional capability, or service offering made available separately or collectively as part of the Services, including CRM, websites, communications, marketing automation, artificial intelligence, inventory management, analytics, reporting, API services, or other product offerings.
Professional Services
"Professional Services" means consulting, implementation, configuration, customization, migration, training, project management, technical advisory services, integration services, optimization services, strategic consulting, or other non-subscription services performed by Company under a Statement of Work or Order Form.
Release
"Release" means any published version of the Services made generally available by Company, including Updates, Upgrades, Maintenance Releases, feature enhancements, security improvements, compatibility modifications, or other software revisions.
Software
"Software" means all software, source code, object code, executable code, applications, cloud-based applications, databases, artificial intelligence models, machine learning systems, APIs, algorithms, scripts, workflows, templates, user interfaces, mobile applications, firmware, embedded software, backend systems, and related technology developed, licensed, operated, or made available by Company in connection with the Services, whether hosted by Company or provided through authorized third-party Service Providers.
Software includes all modifications, Releases, Updates, Upgrades, derivative works, enhancements, translations, adaptations, and improvements developed by or for Company.
Subscription
"Subscription" means Customer's contractual right to access and use the Services during the applicable Subscription Term pursuant to this Agreement and the applicable Order Form.
A Subscription may include one or more licensed Modules, dealership locations, business entities, Authorized Users, integrations, communications services, APIs, Professional Services, storage allocations, artificial intelligence capabilities, reporting services, support plans, or other licensed offerings.
Subscriptions are provided on a subscription basis and do not constitute the sale, assignment, transfer, or conveyance of ownership of any Software or intellectual property.
Subscription Services
"Subscription Services" means the hosted SaaS applications, cloud services, websites, APIs, communications services, artificial intelligence services, reporting tools, analytics platforms, integrations, and related hosted technology licensed by Company and made available to Customer during the applicable Subscription Term.
Subscription Term
"Subscription Term" means the initial subscription period identified within the applicable Order Form together with any Renewal Terms, unless earlier terminated in accordance with this Agreement.
Unless expressly stated otherwise:
- the Subscription Term begins on the Subscription Start Date identified in the applicable Order Form or, if none is specified, the Effective Date;
- Subscriptions continue until expiration or termination;
- all Subscription Fees remain payable throughout the Subscription Term;
- Customer's right to access the Services automatically expires upon termination or expiration unless otherwise provided herein; and
- renewal of the Subscription Term shall be governed by the applicable Order Form and this Agreement.
Support Services
"Support Services" means technical support, help desk assistance, troubleshooting, incident response, maintenance activities, customer service, implementation assistance, software corrections, and related support services provided by Company under the applicable Support Plan or Service Level Agreement.
Update
"Update" means any revision, correction, enhancement, bug fix, security patch, compatibility improvement, performance optimization, maintenance release, documentation revision, or other modification to the Services that does not materially alter the primary functionality or licensing scope of the applicable Software.
Unless otherwise specified by Company, Updates are included within Customer's active Subscription without additional licensing fees.
Upgrade
"Upgrade" means a significant enhancement, new version, expanded functionality, architectural revision, major release, new module, premium feature, artificial intelligence capability, communications enhancement, integration, or other substantial improvement to the Services.
Company may designate certain Upgrades as requiring additional Subscription Fees, execution of an amended Order Form, acceptance of additional Product-Specific Terms, or the purchase of additional Licensed Capacity.
Workspace
"Workspace" means the logical software environment, tenant, organization, dealership instance, account structure, database partition, or other segregated environment assigned to Customer for accessing and using the Services.
2.3 Industry Terms
Aftermarket Product
"Aftermarket Product" means any product, service, accessory, protection product, warranty, insurance product, maintenance plan, vehicle service contract, GAP product, tire and wheel protection, appearance protection, theft deterrent product, roadside assistance program, subscription service, software, hardware, or other product offered to a Consumer before, during, or after the purchase, lease, financing, servicing, or ownership of a Vehicle.
Auction
"Auction" means any wholesale, commercial, governmental, online, digital, physical, or hybrid marketplace or organization facilitating the purchase, sale, exchange, remarketing, transportation, appraisal, valuation, or disposition of motor vehicles.
Book Value
"Book Value" means an estimated wholesale, retail, market, trade-in, residual, or replacement value assigned to a Vehicle by a recognized valuation source, internal appraisal methodology, or other valuation process.
CRM
"Customer Relationship Management" or "CRM" means any software platform, application, database, cloud service, communication system, or customer management solution used to create, collect, organize, maintain, process, analyze, or manage information relating to Consumers, Prospects, sales opportunities, marketing campaigns, communications, appointments, service history, transactions, customer interactions, or dealership operations.
CRM includes Company's CRM platform, third-party CRM platforms, and any integrated customer engagement or relationship management systems.Dealer Group
"Dealer Group" means any organization, holding company, ownership group, management company, or affiliated business that directly or indirectly owns, controls, operates, franchises, manages, or administers two or more Dealerships, whether operating under one or multiple automotive brands.
Dealer Management System (DMS)
"Dealer Management System" or "DMS" means any software platform, enterprise management system, dealership operating system, or integrated business application used by a Dealership to manage one or more aspects of dealership operations, including inventory, sales, finance, accounting, parts, service, warranty administration, customer records, employee management, communications, compliance, reporting, document management, and related business activities.
A DMS includes both Company-supported and third-party systems, regardless of deployment method, licensing model, or hosting environment.
Dealer Principal
"Dealer Principal" means the owner, managing member, executive officer, general manager, principal operator, or other individual possessing primary executive authority over a Dealership or Dealer Group.
Dealership
"Dealership" means any franchised dealership, independent dealership, used vehicle retailer, commercial vehicle dealer, powersports dealer, motorcycle dealer, recreational vehicle dealer, marine dealer, agricultural equipment dealer, heavy equipment dealer, trailer dealer, fleet sales organization, mobility provider, or other automotive-related retail or wholesale business licensed or authorized to buy, sell, lease, finance, service, repair, market, auction, transport, or otherwise transact in Vehicles or related products and services.
Digital Retailing
"Digital Retailing" means any online, mobile, or electronic process enabling Consumers to browse inventory, calculate payments, submit credit applications, obtain trade valuations, reserve Vehicles, execute agreements, schedule deliveries, complete transactions, purchase products or services, or otherwise engage in vehicle purchasing or leasing activities through electronic means.
Fleet
"Fleet" means one or more Vehicles owned, leased, rented, financed, managed, operated, maintained, administered, or controlled by a commercial business, governmental entity, nonprofit organization, educational institution, transportation provider, rental company, rideshare provider, logistics organization, or other enterprise managing multiple Vehicles.
Fleet includes commercial fleets, municipal fleets, law enforcement fleets, utility fleets, rental fleets, mobility fleets, corporate fleets, and any similar vehicle management organization.
Fleet Data
"Fleet Data" means information relating to Fleet Vehicles, Fleet operators, Fleet maintenance, telematics, utilization, mileage, inspections, assignments, operating costs, repairs, warranties, fuel usage, compliance, and related operational activities.
Inventory
"Inventory" means all new, used, certified pre-owned, wholesale, auction, in-transit, demonstrator, loaner, rental, commercial, specialty, or other Vehicles offered for sale, lease, transfer, auction, servicing, storage, transportation, or management by Customer.
Inventory Feed
"Inventory Feed" means any automated or manual transmission, synchronization, import, export, API connection, data exchange, batch file, XML feed, JSON feed, CSV file, Webhook, or other electronic method used to transmit Vehicle Inventory information between Customer, Company, OEMs, third-party providers, marketplaces, advertising platforms, auctions, or other integrated systems.
Inventory Feeds may include Vehicle specifications, pricing, incentives, images, options, availability, merchandising content, equipment, descriptions, financing offers, or related Inventory information.
Lead
"Lead" means any inquiry, request, communication, submission, referral, internet form, telephone call, text message, email, chat session, digital interaction, appointment request, trade valuation request, financing inquiry, service inquiry, or other expression of interest received by Customer from a Prospect or Consumer regarding a Vehicle, product, service, financing opportunity, or business relationship.
OEM
"Original Equipment Manufacturer" or "OEM" means any manufacturer, assembler, importer, distributor, automotive brand owner, captive finance company, affiliated software provider, regional distributor, factory representative, or related entity responsible for designing, manufacturing, marketing, distributing, licensing, supporting, or administering Vehicles or automotive products.
OEM Program
"OEM Program" means any certification program, incentive program, compliance requirement, technology program, marketing initiative, digital retailing initiative, data-sharing arrangement, communications program, dealer standards program, warranty program, customer satisfaction program, service campaign, recall campaign, software certification, integration requirement, or other program sponsored, administered, endorsed, approved, or required by an OEM.
Participation in an OEM Program does not modify this Agreement unless expressly provided within an executed Order Form.
Prospect
"Prospect" means any identifiable individual or business entity that has expressed, directly or indirectly, an interest in purchasing, leasing, financing, servicing, repairing, maintaining, trading, transporting, insuring, or otherwise engaging in a transaction involving a Vehicle or automotive-related product or service.
Recall Information
"Recall Information" means any information concerning a manufacturer recall, safety recall, emissions recall, customer satisfaction campaign, service campaign, technical service bulletin ("TSB"), warranty extension, stop-sale order, field action, software update, safety notification, repair campaign, compliance notice, or other manufacturer-issued notification affecting one or more Vehicles.
Recall Information may originate from OEMs, governmental authorities, authorized data providers, or other lawful sources and may include recall status, remedy availability, completion status, repair procedures, campaign numbers, eligibility information, or related Vehicle data.
Repair Order
"Repair Order" or "RO" means any electronic or paper work order, service ticket, maintenance record, inspection report, diagnostic report, warranty repair record, invoice, estimate, technician report, or related documentation generated in connection with servicing, repairing, inspecting, maintaining, or diagnosing a Vehicle.
Service Appointment
"Service Appointment" means any scheduled, requested, confirmed, modified, cancelled, completed, or pending appointment for inspection, diagnosis, maintenance, repair, warranty work, recall work, detailing, installation, or other automotive service performed by or on behalf of Customer.
Trade-In Vehicle
"Trade-In Vehicle" means any Vehicle offered by a Consumer to Customer as part of a purchase, lease, financing, or other transaction involving another Vehicle.
Vehicle
"Vehicle" means any automobile, truck, van, sport utility vehicle, crossover, motorcycle, powersports vehicle, recreational vehicle, trailer, marine vessel, commercial vehicle, fleet vehicle, agricultural vehicle, construction equipment, electric vehicle, hybrid vehicle, autonomous vehicle, connected vehicle, or other motorized or towable equipment that may be bought, sold, leased, financed, serviced, maintained, transported, marketed, insured, auctioned, or otherwise managed through the Services.
Vehicle Data
"Vehicle Data" means any information relating to a Vehicle, including without limitation Vehicle Identification Numbers (VINs), year, make, model, trim, body style, engine specifications, drivetrain, color, options, installed equipment, mileage, odometer readings, maintenance records, repair history, ownership history, title status, registration status, warranty information, recall status, inspection records, telematics, valuation information, inventory status, pricing, merchandising content, photographs, videos, condition reports, compliance information, emissions information, and any other data associated with a Vehicle.
Vehicle History Information
"Vehicle History Information" means historical information relating to a Vehicle, including ownership records, title events, accident history, service history, maintenance records, inspections, recalls, warranty claims, odometer readings, damage reports, auction records, registration events, and other historical information obtained from lawful sources.
Vehicle Identification Number (VIN)
"Vehicle Identification Number" or "VIN" means the unique alphanumeric identifier assigned by a manufacturer to identify an individual Vehicle, including any successor identification standard recognized by Applicable Law or the automotive industry.
A VIN may be used by the Services for identification, inventory management, service history, warranty administration, recall verification, financing, valuation, reporting, analytics, integration, communications, fraud prevention, compliance, or other lawful automotive business purposes.
Warranty Information
"Warranty Information" means information relating to manufacturer warranties, extended warranties, vehicle service contracts, maintenance agreements, recall eligibility, warranty claims, coverage periods, repair authorizations, reimbursement information, warranty status, and other warranty-related information associated with a Vehicle or Aftermarket Product.
2.4 Privacy & Security Terms
Applicable Data Protection Law
"Applicable Data Protection Law" means all applicable privacy, data protection, cybersecurity, information security, consumer protection, and data governance laws, regulations, rules, directives, and regulatory requirements governing the collection, processing, storage, transfer, disclosure, protection, or destruction of Personal Information.
Applicable Data Protection Law includes, without limitation, applicable federal, state, provincial, local, and international privacy laws, including laws governing consumer rights, data subject rights, breach notification, security safeguards, electronic communications, cookies, tracking technologies, and cross-border data transfers.
Controller
"Controller" means the individual or legal entity that determines the purposes and means of Processing Personal Information, or any equivalent term recognized under Applicable Data Protection Law, including "Data Controller," "Business," or similar designation.
Customer shall generally act as the Controller with respect to Customer Data and Personal Information submitted to, collected through, or processed by the Services, except where otherwise expressly agreed in writing.
Customer Personal Information
"Customer Personal Information" means Personal Information contained within Customer Data that is provided by Customer, collected on Customer's behalf, generated through Customer's use of the Services, or otherwise Processed by Company in connection with providing the Services.
Customer Personal Information may include, without limitation:
- Consumer information;
- Vehicle owner information;
- Prospect and Lead information;
- Customer relationship records;
- Dealer personnel information;
- communications records;
- service and repair records;
- financial-related information;
- marketing preferences;
- online identifiers;
- device information; and
- other protected information under Applicable Data Protection Law.
Data Breach
"Data Breach" means any confirmed unauthorized acquisition, access, disclosure, alteration, loss, destruction, or compromise of Personal Information that materially affects the confidentiality, integrity, or availability of such Personal Information and requires notification under Applicable Law.
A Data Breach does not include unsuccessful attempts or events that do not result in unauthorized access to Personal Information, including unsuccessful login attempts, blocked attacks, firewall events, malware detections that are contained, or similar security events.
Data Processing Addendum
"Data Processing Addendum" or "DPA" means any agreement, addendum, exhibit, schedule, or supplemental terms governing the Processing of Personal Information by Company on behalf of Customer, including provisions regarding privacy obligations, security requirements, sub-processors, data transfers, and data subject rights.
Data Protection Impact Assessment
"Data Protection Impact Assessment" or "DPIA" means a documented assessment used to identify, analyze, and mitigate privacy risks associated with the Processing of Personal Information, particularly Processing involving sensitive information, automated decision-making, artificial intelligence, large-scale data processing, or other higher-risk activities.
Data Subject
"Data Subject" means an identified or identifiable individual whose Personal Information is Processed under this Agreement, including Consumers, vehicle owners, prospects, customers, employees, applicants, contractors, service customers, or other individuals interacting with Customer or the Services.
Encryption
"Encryption" means the use of cryptographic technologies, algorithms, keys, certificates, protocols, or similar security mechanisms designed to protect information against unauthorized access, disclosure, alteration, or misuse.
Encryption includes:
- encryption in transit using secure communication protocols;
- encryption at rest using industry-standard encryption methods;
- cryptographic key management;
- secure authentication mechanisms; and
- other commercially reasonable encryption controls.
Company may update encryption methods periodically to maintain appropriate security standards.
Information Security Program
"Information Security Program" means Company's documented administrative, technical, and organizational safeguards designed to protect the confidentiality, integrity, availability, and resilience of the Services and Customer Data.
The Information Security Program may include:
- access controls;
- identity management;
- authentication procedures;
- encryption practices;
- network security;
- monitoring and logging;
- incident response procedures;
- employee security training;
- vulnerability management;
- backup and recovery procedures; and
- security governance processes.
Personal Information
"Personal Information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to an identified or identifiable individual, household, account, device, or other protected entity under Applicable Data Protection Law.
Personal Information includes Personal Data, Personally Identifiable Information ("PII"), Consumer Data, and similar protected categories.
Privacy Notice
"Privacy Notice" means Company's publicly available privacy statement describing Company's practices relating to the collection, use, disclosure, retention, protection, and Processing of information.
Customer remains responsible for providing any required privacy notices to Consumers or other individuals whose Personal Information Customer provides to Company.
Processing
"Processing", "Process", or "Processed" means any operation performed on Personal Information, whether automated or manual, including:
- collection;
- receipt;
- access;
- storage;
- organization;
- structuring;
- retrieval;
- analysis;
- use;
- disclosure;
- transmission;
- combination;
- modification;
- restriction;
- deletion; and
- destruction.
Processor
"Processor" means the person or entity that Processes Personal Information on behalf of a Controller pursuant to documented instructions, or any equivalent term recognized under Applicable Data Protection Law, including "Data Processor," "Service Provider," or similar designation.
Company acts as a Processor with respect to Customer Personal Information except where Company independently determines the purpose and means of Processing as permitted by Applicable Law.
Security Incident
"Security Incident" means any actual or reasonably suspected event that threatens the confidentiality, integrity, availability, or security of the Services, Customer Data, systems, networks, applications, or information assets.
Security Incident includes:
- unauthorized access attempts;
- malware events;
- ransomware events;
- security vulnerabilities;
- misconfiguration events;
- loss of security credentials;
- service disruption caused by malicious activity; or
- events requiring investigation under Company's security procedures.
A Security Incident may or may not constitute a Data Breach depending on whether unauthorized access to Personal Information occurred.
Security Measures
"Security Measures" means the administrative, technical, physical, and organizational safeguards implemented by Company to protect Customer Data and Personal Information against unauthorized access, disclosure, alteration, destruction, loss, or misuse.
Security Measures may include:
- encryption;
- access management;
- network controls;
- monitoring;
- logging;
- segmentation;
- backup procedures;
- disaster recovery procedures;
- employee controls; and
- security testing.
Service Provider
"Service Provider" means an entity that Processes Personal Information on behalf of another entity and performs services for business purposes, including any entity recognized as a service provider, contractor, processor, or similar role under Applicable Data Protection Law.
Company may act as a Service Provider when processing Customer Data solely to provide the Services.
Sub-processor
"Sub-processor" means any third-party service provider, contractor, vendor, hosting provider, infrastructure provider, cloud provider, software provider, communications provider, analytics provider, payment provider, or other third party engaged by Company to Process Personal Information on behalf of Customer in connection with providing the Services.
Company remains responsible for its Sub-processors' Processing activities to the extent required by Applicable Data Protection Law.
Cross-Border Transfer
"Cross-Border Transfer" means any transfer, access, disclosure, storage, hosting, Processing, or remote access of Personal Information across national, state, provincial, or jurisdictional boundaries where such transfer is regulated under Applicable Data Protection Law.
Cross-Border Transfers may include transfers between Customer, Company, Affiliates, Sub-processors, cloud infrastructure providers, or other authorized service providers.
Technical and Organizational Measures
"Technical and Organizational Measures" means the documented security controls, policies, procedures, technologies, governance practices, and operational safeguards implemented to protect Personal Information and maintain compliance with Applicable Data Protection Law.
Vulnerability
"Vulnerability" means any weakness, flaw, defect, configuration issue, software issue, or condition that could reasonably permit unauthorized access, disruption, misuse, disclosure, or compromise of systems or information.
2.5 Communications Terms
Communication
"Communication" means any electronic, digital, voice, written, or automated message, transmission, notification, interaction, or exchange of information sent, received, initiated, facilitated, stored, processed, or managed through the Services.
Communications include, without limitation:
- SMS messages;
- MMS messages;
- emails;
- telephone calls;
- voice messages;
- ringless voicemail messages;
- chat messages;
- web messages;
- push notifications;
- automated reminders;
- marketing communications;
- transactional communications; and
- customer service communications.
Communication Channel
"Communication Channel" means any method, platform, network, carrier, technology, application, or medium through which Communications are transmitted or delivered, including mobile telecommunications networks, email systems, voice networks, internet-based messaging platforms, social platforms, and third-party communication providers.
Consent
"Consent" means any legally sufficient permission, authorization, agreement, opt-in, or affirmative indication provided by an individual permitting a Communication or Processing activity where required by Applicable Law.
Consent may include:
- written consent;
- electronic consent;
- digital consent;
- webform consent;
- mobile application consent;
- recorded verbal consent;
- prior express written consent;
- service-related authorization; and
- other legally recognized forms of authorization.
Customer is solely responsible for obtaining and maintaining legally sufficient Consent from Consumers before initiating Communications.
Conversational Messaging
"Conversational Messaging" means interactive communications between Customer and a Consumer or other recipient through SMS, MMS, chat, web messaging, email, or other supported channels where participants may exchange responses or continue a conversation.
Conversational Messaging may include sales inquiries, service scheduling, appointment coordination, customer support, vehicle inquiries, financing discussions, and other dealership-related communications.
Electronic Communication
"Electronic Communication" means any Communication transmitted electronically, including messages, emails, text messages, notifications, digital records, online communications, or other electronic exchanges.
"Email" means electronic mail messages transmitted through internet-based email systems, including marketing emails, transactional emails, appointment confirmations, service notifications, customer communications, newsletters, automated messages, and other electronic mail communications.
Email includes messages sent through Company's email infrastructure, Customer-authorized email systems, third-party email service providers, or integrated platforms.
Email Campaign
"Email Campaign" means a coordinated series of email Communications created, scheduled, transmitted, tracked, or analyzed through the Services for marketing, informational, transactional, operational, or customer engagement purposes.
Message Content
"Message Content" means the text, images, videos, audio, attachments, links, files, templates, personalization fields, metadata, sender information, recipient information, signatures, and other materials contained within or associated with a Communication.
MMS
"MMS" means Multimedia Messaging Service or any successor technology that permits transmission of multimedia content through mobile telecommunications networks.
MMS may include:
- images;
- videos;
- audio files;
- documents;
- rich media;
- links; and
- other supported content formats.
Opt-Out
"Opt-Out" means a request, instruction, preference, or indication by a Consumer or recipient to discontinue, restrict, suppress, or limit one or more Communications or categories of Communications.
Opt-Out methods may include:
- replying with STOP or similar keywords;
- unsubscribe requests;
- email preference changes;
- account preference updates;
- written requests;
- verbal requests;
- carrier-level blocking; and
- other legally recognized withdrawal methods.
Customer is responsible for honoring Opt-Out requests and maintaining appropriate suppression lists as required by Applicable Law.
Opt-In
"Opt-In" means a Consumer's affirmative authorization to receive Communications through a specific Communication Channel, including SMS, MMS, email, voice, automated messaging, or other electronic methods.
Opt-In may include authorization for marketing, informational, transactional, service-related, appointment-related, or other permitted Communications.
Ringless Voicemail
"Ringless Voicemail" means any technology or service that delivers a prerecorded or automated voice message directly to a recipient's voicemail system without causing the recipient's telephone device to ring.
Ringless Voicemail may be subject to telecommunications, consumer protection, and marketing laws. Customer is solely responsible for ensuring lawful use of such technology.
SMS
"SMS" means Short Message Service or any successor text messaging technology used to transmit text-based Communications through mobile telecommunications networks.
SMS includes:
- one-to-one text messages;
- automated text messages;
- appointment reminders;
- service notifications;
- marketing messages;
- customer engagement messages;
- two-way conversations; and
- application-generated messages.
TCPA
"TCPA" means the United States Telephone Consumer Protection Act, 47 U.S.C. § 227, together with implementing regulations, guidance, amendments, interpretations, and successor laws governing telephone solicitations, automated calls, text messaging, prerecorded messages, and related communications.
TCPA Consent
"TCPA Consent" means any consent required under the TCPA or related telecommunications laws permitting a Communication to a telephone number using automated technology, prerecorded voice, artificial or automated voice, text messaging, or similar communication methods.
TCPA Consent may include:
- prior express consent;
- prior express written consent;
- documented opt-in authorization;
- consumer disclosures;
- authorization records; and
- other legally sufficient consent mechanisms.
Customer is solely responsible for determining whether TCPA Consent is required and ensuring appropriate consent has been obtained before Communications are initiated.
Telephone Consumer Protection Laws
"Telephone Consumer Protection Laws" means all applicable laws, regulations, carrier requirements, and industry standards governing telephone communications, automated messaging, texting, voice communications, marketing calls, prerecorded messages, and related activities.
This includes the TCPA, state telephone solicitation laws, Do-Not-Call requirements, carrier messaging rules, and applicable regulatory guidance.
Transactional Communication
"Transactional Communication" means a Communication primarily related to an existing business relationship, transaction, service request, customer account, Vehicle purchase, Vehicle lease, financing process, repair order, appointment, warranty matter, recall notification, delivery update, or other operational activity.
Transactional Communications may include:
- appointment confirmations;
- service reminders;
- repair updates;
- recall notifications;
- purchase documentation;
- account notifications;
- payment-related notices; and
- customer support communications.
Unsolicited Communication
"Unsolicited Communication" means any Communication transmitted without legally sufficient authorization, Consent, or a recognized lawful basis under Applicable Law.
Customer shall not use the Services to send Unsolicited Communications, spam, unlawful marketing messages, deceptive communications, or prohibited content.
Voice Communication
"Voice Communication" means any telephone call, voice message, pre-recorded message, automated call, interactive voice response ("IVR"), artificial intelligence-generated voice interaction, or other audio communication transmitted through telecommunications networks or internet-based communication systems.
Voice Communications include inbound and outbound calls initiated through or integrated with the Services.
Voice Recording
"Voice Recording" means any audio recording, transcript, call recording, voice capture, conversation record, or related information created through voice communication functionality.
Customer is responsible for obtaining any legally required consent or notice before recording or transcribing Communications.
Suppression List
"Suppression List" means a list of telephone numbers, email addresses, individuals, accounts, or recipients who have opted out, unsubscribed, requested removal, or otherwise should not receive specified Communications.
Suppression Lists may be maintained by Customer, Company, communication providers, or third-party systems.
Campaign
"Campaign" means any planned, scheduled, automated, targeted, or coordinated series of Communications delivered to one or more recipients for marketing, sales, customer engagement, retention, service, operational, informational, or business purposes.
Campaigns may include:
- SMS campaigns;
- MMS campaigns;
- Email campaigns;
- voice campaigns;
- service campaigns;
- recall campaigns;
- customer retention campaigns;
- inventory campaigns; and
- lead follow-up campaigns.
2.6 AI Terms
Artificial Intelligence ("AI")
"Artificial Intelligence" or "AI" means any technology, software, computational system, model, algorithm, machine learning system, neural network, automated decision system, statistical model, natural language processing system, generative system, predictive analytics system, automation technology, or similar technology capable of performing tasks that traditionally require human intelligence, including learning, reasoning, classification, prediction, generation, analysis, recommendation, optimization, or decision assistance.
AI Application
"AI Application" means any software application, feature, module, tool, workflow, assistant, chatbot, agent, interface, or functionality incorporated into or made available through the Services that uses Artificial Intelligence technology.
AI Applications may include, without limitation:
- AI customer communication assistants;
- AI sales assistants;
- AI service advisors;
- AI chat functionality;
- AI content generation;
- AI recommendations;
- AI analytics;
- AI forecasting;
- AI workflow automation;
- AI search functionality; and
- AI-powered business intelligence.
AI Feature
"AI Feature" means any specific functionality within the Services that uses AI technology to assist, automate, analyze, generate, predict, recommend, classify, summarize, communicate, or otherwise process information.
AI Features may be offered as part of the Subscription Services or as optional licensed functionality.
AI Generated Content
"AI Generated Content" means any text, image, audio, video, communication, recommendation, summary, response, classification, analysis, prediction, document, marketing material, message, code, workflow, or other content created, generated, modified, or assisted by an AI Service.
AI Generated Content may include content generated from Customer Data, Customer instructions, User prompts, system instructions, templates, models, or other permitted inputs.
AI Input
"AI Input" means any information, data, text, instructions, prompts, queries, files, documents, records, images, audio, video, Vehicle Data, Customer Data, Personal Information, configuration information, metadata, or other materials submitted, transmitted, uploaded, imported, or otherwise provided to an AI Service by Customer, Authorized Users, or through automated system integrations.
AI Input includes:
- Customer prompts;
- Consumer inquiries;
- sales opportunities;
- service requests;
- vehicle information;
- communications history;
- dealership information;
- business rules; and
- workflow instructions.
AI Model
"AI Model" means any mathematical model, machine learning model, statistical model, neural network, algorithmic system, language model, generative model, predictive model, classification model, recommendation model, or other computational model used to perform AI-related functions.
AI Models may include proprietary models developed by Company, third-party models licensed by Company, open-source models, commercial models, or hybrid model architectures.
AI Output
"AI Output" means any result, response, recommendation, prediction, classification, generated content, summary, analysis, suggestion, automation, communication, or other information produced by an AI Service in response to AI Input or other Processing activities.
AI Output:
- may require review and validation by Customer;
- may contain errors, inaccuracies, omissions, or incomplete information;
- does not constitute legal, financial, compliance, or professional advice unless expressly stated;
- should not be relied upon as the sole basis for material business decisions; and
- does not replace human judgment or professional review.
AI Service
"AI Service" means any Service, functionality, application, feature, integration, API, tool, or technology provided by Company that incorporates or uses Artificial Intelligence.
AI Services include generative AI, predictive analytics, automation, recommendations, conversational interfaces, intelligent search, classification, summarization, and other AI-enabled capabilities.
Automated Decision-Making
"Automated Decision-Making" means any process by which decisions, determinations, recommendations, rankings, eligibility assessments, classifications, or outcomes are generated primarily through automated processing without meaningful human involvement.
Where required by Applicable Law, Customer remains responsible for ensuring appropriate disclosures, approvals, reviews, and safeguards relating to automated decision-making involving Consumers or other individuals.
Foundation Model
"Foundation Model" means a large-scale AI model trained on broad datasets and capable of performing multiple tasks, including text generation, reasoning, summarization, classification, translation, image generation, coding, or other AI functions.
Foundation Models may include large language models ("LLMs") and multimodal models.
Generative AI
"Generative AI" means Artificial Intelligence technology capable of creating new content, information, recommendations, responses, communications, designs, summaries, or other outputs based on AI Input.
Generative AI may produce:
- text;
- emails;
- SMS messages;
- vehicle descriptions;
- marketing content;
- customer responses;
- images;
- reports;
- summaries; and
- other generated materials.
Generative AI Features
"Generative AI Features" means any AI Features that generate, modify, transform, summarize, draft, compose, or otherwise create content using Generative AI technology.
Generative AI Features may include AI writing assistance, customer communication generation, dealership marketing assistance, chatbot functionality, and automated workflow creation.
Machine Learning
"Machine Learning" means a category of Artificial Intelligence technology where computer systems identify patterns, improve performance, generate predictions, or modify behavior based on data, training, feedback, or statistical analysis.
Machine Learning Model
"Machine Learning Model" means a trained or partially trained computational model designed to identify patterns, generate predictions, classify information, recommend actions, automate tasks, or perform other AI-related functions.
Machine Learning Models may include supervised, unsupervised, semi-supervised, reinforcement learning, deep learning, neural network, or other model architectures.
Model Training
"Model Training" means the process of developing, tuning, adjusting, improving, evaluating, or optimizing an AI Model through the use of datasets, examples, feedback, testing, or other techniques.
Unless expressly agreed otherwise in writing, Company does not use Customer Personal Information to train general-purpose AI models in a manner that identifies Customer or Consumers.
Prompt
"Prompt" means any instruction, request, question, command, configuration, input, or communication provided to an AI Service intended to generate, modify, analyze, or produce AI Output.
Prompt Engineering
"Prompt Engineering" means the creation, refinement, optimization, formatting, or structuring of prompts, instructions, workflows, templates, or configurations designed to improve AI performance, accuracy, consistency, or usefulness.
Predictive Analytics
"Predictive Analytics" means the use of statistical analysis, machine learning, AI, historical information, behavioral data, operational data, or other techniques to forecast trends, identify patterns, estimate outcomes, recommend actions, or support business decisions.
Predictive Analytics may include:
- lead scoring;
- customer engagement predictions;
- inventory recommendations;
- service predictions;
- marketing optimization;
- sales forecasting; and
- business performance analysis.
Responsible AI Practices
"Responsible AI Practices" means commercially reasonable practices intended to promote secure, reliable, transparent, and appropriate use of AI technology, including consideration of accuracy, security, privacy, fairness, explainability, oversight, and appropriate human review.
Third-Party AI Provider
"Third-Party AI Provider" means any third-party technology provider, software provider, cloud provider, model provider, API provider, infrastructure provider, or other vendor supplying AI-related technology used in connection with the Services.
Third-Party AI Providers may include providers of AI models, hosting infrastructure, data processing services, analytics technology, or related components.
AI Usage Data
"AI Usage Data" means information relating to interaction with AI Services, including usage patterns, feature utilization, performance metrics, system logs, prompts, response times, error rates, operational metrics, and technical information.
AI Usage Data does not include Customer Personal Information except as permitted under this Agreement and Applicable Law.
2.7 Technical Terms
API
"API" or "Application Programming Interface" means any set of protocols, specifications, methods, functions, endpoints, software interfaces, documentation, authentication methods, and technical mechanisms that allow systems, applications, databases, platforms, or services to communicate, exchange data, or perform authorized functions.
APIs may include:
- REST APIs;
- GraphQL APIs;
- SOAP APIs;
- web APIs;
- partner APIs;
- internal APIs;
- mobile APIs;
- integration APIs;
- data exchange APIs; and
- third-party APIs.
APIs may be used to connect the Services with Customer systems, including Dealer Management Systems ("DMS"), Customer Relationship Management ("CRM") systems, OEM platforms, inventory platforms, marketing platforms, communication providers, payment systems, and other business applications.
API Access
"API Access" means the authorized ability to connect to, communicate with, retrieve information from, transmit information to, or otherwise interact with the Services through one or more APIs.
API Access may be subject to:
- authentication requirements;
- rate limits;
- usage restrictions;
- security requirements;
- technical documentation;
- approved use cases; and
- apitional fees or licensing terms.
API Credentials
"API Credentials" means any authentication information, security token, key, certificate, secret, credential, identifier, or authorization mechanism issued, generated, or required to access an API or integrated Service.
API Credentials include:
- API keys;
- client IDs;
- client secrets;
- access tokens;
- refresh tokens;
- private keys;
- certificates;
- signing keys; and
- other authentication materials.
Customer is responsible for protecting API Credentials issued to Customer and shall be responsible for all activity occurring through Customer-controlled API Credentials.
API Documentation
"API Documentation" means Company's technical documentation describing available APIs, endpoints, authentication methods, integration procedures, data formats, usage requirements, limitations, security requirements, and supported functionality.
API Documentation may be updated periodically as part of normal product development and maintenance.
Authentication
"Authentication" means the process of verifying the identity of a User, system, application, device, organization, or other entity attempting to access the Services.
Authentication methods may include:
- username and password;
- multi-factor authentication ("MFA");
- single sign-on;
- security tokens;
- certificates;
- biometric verification;
- OAuth authorization;
- API Credentials; and
- other identity verification methods.
Authorization
"Authorization" means the process of determining whether an authenticated User, system, application, or device has permission to access specific resources, data, features, functions, or Services.
Authorization may include:
- role-based access controls;
- permission settings;
- administrative privileges;
- data access restrictions;
- location-based restrictions; and
- organization-level controls.
Authentication Token
"Authentication Token" means a digitally generated credential used to verify identity and authorize access to the Services, including session tokens, API tokens, OAuth tokens, security tokens, and similar credentials.
Data Exchange
"Data Exchange" means any electronic transmission, synchronization, import, export, transfer, integration, or automated exchange of information between the Services and another system.
Data Exchange may occur through APIs, Webhooks, file transfers, integrations, direct connections, or other approved methods.
Endpoint
"Endpoint" means a specific URL, network address, API route, service interface, or technical access point through which a system, application, or User may communicate with the Services.
Endpoints may provide access to specific functions, data resources, integrations, or Services.
Encryption Key
"Encryption Key" means any cryptographic key, certificate, secret, or security mechanism used to encrypt, decrypt, authenticate, or protect data, communications, systems, or Services.
Integration
"Integration" means any technical connection, interface, configuration, workflow, data exchange, synchronization, connector, plugin, API connection, or other method enabling interoperability between the Services and another system, platform, application, or service.
Integrations may include:
- DMS integrations;
- CRM integrations;
- OEM integrations;
- inventory integrations;
- marketing integrations;
- communication integrations;
- payment integrations;
- analytics integrations; and
- third-party technology integrations.
Integration Partner
"Integration Partner" means any third-party provider, vendor, technology company, OEM, software provider, data provider, platform provider, or other organization whose products, systems, or services interoperate with the Services.
Log Data
"Log Data" means automatically generated records describing activity, events, transactions, system operations, security events, performance information, access attempts, configuration changes, API calls, errors, and other technical activities occurring within or relating to the Services.
Log Data may include:
- timestamps;
- User identifiers;
- system events;
- IP apresses;
- device information;
- API activity;
- security events;
- diagnostic information; and
- performance metrics.
Metadata
"Metadata" means information describing or associated with data, content, transactions, communications, files, records, systems, or activities.
Metadata may include:
- creation dates;
- modification dates;
- file properties;
- timestamps;
- user activity information;
- configuration settings;
- system identifiers;
- transaction information; and
- technical attributes.
Multi-Factor Authentication ("MFA")
"Multi-Factor Authentication" or "MFA" means an authentication method requiring two or more independent verification factors before access is granted.
Factors may include:
- something a User knows;
- something a User possesses;
- something a User is; or
- other approved verification mechanisms.
OAuth
"OAuth" means an industry-standard authorization framework that enables secure delegated access between systems without requiring disclosure of User credentials.
OAuth may be used to authorize access between the Services and third-party applications, including automotive technology platforms, CRM systems, DMS platforms, communication providers, and other integrations.
Rate Limit
"Rate Limit" means a technical restriction limiting the number, frequency, volume, or speed of API requests, transactions, messages, data transfers, or other activities permitted within a specified period.
Rate Limits are designed to protect system reliability, security, and performance.
Sandbox Environment
"Sandbox Environment" means a non-production testing environment used for development, integration testing, configuration validation, demonstrations, quality assurance, training, or evaluation.
Sandbox Environments may not contain production Customer Data unless expressly authorized.
Single Sign-On ("SSO")
"Single Sign-On" or "SSO" means an authentication capability allowing Authorized Users to access multiple systems, applications, or Services through one identity provider or authentication process.
SSO may utilize standards including:
- SAML;
- OAuth;
- OpenID Connect ("OIDC");
- LDAP;
- Active Directory integration; and
- other identity protocols.
System Availability
"System Availability" means the operational accessibility of the Services measured according to applicable Service Level Agreement terms, excluding permitted downtime, maintenance periods, Customer-caused interruptions, third-party failures, and Force Majeure Events.
Webhook
"Webhook" means an automated notification mechanism that allows one system to send real-time or near-real-time information to another system when a specified event occurs.
Webhooks may transmit information relating to:
- new records;
- updated records;
- status changes;
- transactions;
- customer activity;
- inventory changes;
- communication events;
- service events; and
- other system activities.
Webhook Endpoint
"Webhook Endpoint" means the destination URL, application interface, or receiving system configured to accept Webhook notifications from the Services.
Customer is responsible for maintaining secure Webhook endpoints controlled by Customer.
Technical Documentation
"Technical Documentation" means system architecture information, API documentation, integration guides, configuration instructions, security documentation, technical specifications, and other materials describing operation or integration of the Services.
User Account
"User Account" means an individual or organizational account created to access the Services, including associated authentication information, permissions, settings, configurations, and activity records.
Webhook Event
"Webhook Event" means a system-generated notification triggered by a defined action, transaction, status change, or event within the Services.
Webhook Events may include creation, modification, deletion, synchronization, communication, inventory, service, customer, or operational events.
2.8 Commercial Terms
Affiliate
"Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with a Party, where "control" means ownership or control of more than fifty percent (50%) of the voting interests or equivalent ownership rights.
An Affiliate may participate in ordering, receiving, providing, or supporting Services under this Agreement.
Billing Cycle
"Billing Cycle" means the recurring period used to calculate and invoice Fees for Subscription Services, usage-based services, professional services, support services, or other charges.
Billing Cycles may include monthly, quarterly, annual, multi-year, milestone-based, usage-based, or other periods specified in an Order Form.
Change Order
"Change Order" means a written modification, amendment, or supplemental document executed by the Parties describing changes to the scope, requirements, specifications, deliverables, timeline, pricing, resources, assumptions, or obligations associated with Services, Professional Services, Implementation Services, integrations, or other work.
A Change Order may address:
- optional functionality;
- custom development;
- integration modifications;
- expanded deployment scope;
- optional users or locations;
- new business requirements;
- project delays;
- Customer-requested changes; and
- material scope adjustments.
Commercial Terms
"Commercial Terms" means all business, financial, pricing, subscription, payment, licensing, ordering, renewal, and service-related terms applicable to Customer's use of the Services.
Commercial Terms may be set forth in this Agreement, Order Forms, Statements of Work, or other executed documents.
Customer Responsibilities
"Customer Responsibilities" means the obligations, requirements, dependencies, information, approvals, access, cooperation, resources, and actions required from Customer to enable Company to provide the Services.
Customer Responsibilities may include:
- providing accurate information;
- assigning authorized personnel;
- providing system access;
- maintaining required licenses;
- obtaining required consents;
- configuring Customer systems;
- reviewing deliverables;
- testing integrations; and
- timely decision-making.
Fees
"Fees" means all amounts payable by Customer to Company for access to, use of, or receipt of the Services.
Fees may include:
- Subscription Fees;
- implementation fees;
- professional service fees;
- integration fees;
- support fees;
- usage-based fees;
- training fees;
- data migration fees;
- customization fees;
- transaction fees; and
- other applicable charges.
Fees are as specified in the applicable Order Form or other applicable commercial document.
Go-Live Date
"Go-Live Date" means the date on which Customer is authorized to begin production use of the Services following completion of applicable implementation activities, configuration, testing, acceptance requirements, or deployment procedures.
The Go-Live Date may be established by mutual agreement or specified in an applicable Order Form.
Implementation Services
"Implementation Services" means onboarding, configuration, deployment, migration, integration, setup, enablement, training, and related professional activities performed to prepare Customer for use of the Services.
Implementation Services may include:
- account configuration;
- User provisioning;
- DMS or CRM integration;
- data migration;
- workflow configuration;
- business rule setup;
- testing assistance;
- training;
- deployment coordination; and
- launch support.
Implementation Plan
"Implementation Plan" means a mutually agreed plan describing implementation activities, milestones, responsibilities, timelines, dependencies, deliverables, resources, and acceptance criteria for deployment of the Services.
Implementation Plans may be documented in an Order Form, Statement of Work, project plan, or other written agreement.
Invoice
"Invoice" means a billing statement issued by Company identifying amounts owed by Customer for Fees, applicable taxes, reimbursable expenses, usage charges, or other amounts payable under this Agreement.
Payment Terms
"Payment Terms" means the applicable requirements governing payment of Fees, including invoice timing, payment due dates, payment methods, late fees, disputes, and collection procedures.
Unless otherwise stated in an Order Form, invoices are due within the period specified in the applicable commercial document.
Professional Services
"Professional Services" means consulting, implementation, configuration, integration, customization, training, advisory, data migration, optimization, development, or other services performed by Company outside the standard Subscription Services.
Professional Services may be provided under a Statement of Work or other written agreement.
Professional Services Fees
"Professional Services Fees" means fees payable for Professional Services, including hourly rates, fixed project fees, milestone fees, retainers, expenses, or other agreed compensation structures.
Recurring Fees
"Recurring Fees" means charges automatically recurring during a Subscription Term for continued access to the Services.
Recurring Fees may include:
- Subscription Fees;
- platform fees;
- user fees;
- location fees;
- module fees;
- support fees; and
- usage-based recurring charges.
Renewal Term
"Renewal Term" means any optional subscription period following expiration of the initial Subscription Term or prior Renewal Term.
Renewal Terms shall continue unless terminated according to this Agreement or applicable Order Form.
Service Credit
"Service Credit" means a credit, adjustment, refund, or other financial remedy provided to Customer under an applicable Service Level Agreement or other written commitment due to failure to meet specified service performance obligations.
Service Credits represent Customer's exclusive remedy for applicable service-level failures unless otherwise stated.
Service Level Agreement ("SLA")
"Service Level Agreement" or "SLA" means any agreement, schedule, or exhibit establishing service availability, support response times, performance commitments, maintenance procedures, escalation procedures, and related operational standards.
An SLA may apply only to Services specifically identified therein.
Support Services
"Support Services" means technical assistance, troubleshooting, maintenance support, customer assistance, issue resolution, account assistance, documentation, and related support provided by Company regarding the Services.
Support Services may include:
- incident response;
- technical troubleshooting;
- bug resolution;
- service guidance;
- configuration assistance;
- knowledge resources; and
- Customer success activities.
Taxes
"Taxes" means all applicable governmental charges, duties, levies, assessments, fees, tariffs, sales taxes, use taxes, value-aped taxes, excise taxes, digital services taxes, withholding taxes, or similar charges imposed by any governmental authority relating to the Services.
Taxes do not include taxes based on Company's net income, property, payroll, or corporate franchise obligations.
Customer is responsible for applicable Taxes associated with Customer's purchase or use of the Services unless prohibited by Applicable Law.
Third-Party Charges
"Third-Party Charges" means fees, costs, expenses, usage charges, licenses, subscriptions, carrier charges, infrastructure charges, telecommunications charges, data provider charges, integration provider charges, or other amounts imposed by third parties in connection with Customer's use of the Services.
Third-Party Charges may be passed through to Customer where specified in an Order Form or applicable agreement.
Usage-Based Fees
"Usage-Based Fees" means charges calculated based on Customer's actual consumption or utilization of certain Services, including:
- message volume;
- API usage;
- transaction volume;
- data processing volume;
- storage;
- AI usage;
- communication usage; and
- other measurable consumption metrics.
Quote
"Quote" means a commercial proposal, pricing document, estimate, or offer issued by Company describing proposed Services, Fees, Subscription quantities, terms, assumptions, or other commercial details.
A Quote becomes binding only upon execution of an applicable Order Form or other agreement.
Order Form
"Order Form" means a written ordering document executed by the Parties describing the Services purchased by Customer, Subscription Term, Fees, applicable quantities, modules, users, locations, Professional Services, implementation scope, and other applicable commercial terms.
Each Order Form is incorporated into and governed by this Agreement.
2.9 Legal Terms
Affiliate
"Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with a Party, where "control" means ownership or control of more than fifty percent (50%) of the voting interests, equity interests, or equivalent ownership rights of such entity.
An Affiliate may receive or provide Services, process information, perform obligations, or exercise rights under this Agreement as permitted herein.
Agreement
"Agreement" means this Master Services Agreement, together with all exhibits, schedules, addendum, Order Forms, Statements of Work, policies, attachments, and other documents incorporated by reference.
The Agreement governs Customer's access to and use of the Services provided by Company.
Applicable Law
"Applicable Law" means all applicable federal, state, provincial, local, international, administrative, regulatory, judicial, and governmental laws, statutes, regulations, rules, ordinances, orders, directives, and legally binding requirements applicable to a Party, the Services, Customer Data, Personal Information, or the performance of obligations under this Agreement.
Business Day
"Business Day" means any day other than Saturday, Sunday, or a recognized banking or governmental holiday applicable to the location performing the applicable obligation.
Claim
"Claim" means any allegation, demand, complaint, action, cause of action, proceeding, investigation, audit, arbitration, lawsuit, regulatory inquiry, dispute, or legal proceeding asserted by any person, entity, governmental authority, or third party.
Claims include claims relating to:
- breach of contract;
- privacy or data protection matters;
- intellectual property infringement;
- security incidents;
- negligence;
- misrepresentation;
- regulatory violations; and
- other legal or equitable theories.
Confidential Information
"Confidential Information" means any non-public information disclosed by one Party ("Disclosing Party") to the other Party ("Receiving Party"), whether orally, electronically, visually, in writing, or by access to systems, that is designated as confidential or that reasonably should be understood to be confidential based on the nature of the information or circumstances of disclosure.
Confidential Information includes, without limitation:
- business plans;
- pricing information;
- financial information;
- customer information;
- dealership information;
- trade secrets;
- technical documentation;
- software architecture;
- security information;
- API information;
- product roadmaps;
- source code;
- non-public features;
- marketing strategies;
- vendor information;
- operational procedures;
- Customer Data;
- Personal Information; and
- other proprietary information.
Confidential Information does not include information that the Receiving Party can demonstrate:
- was lawfully known before disclosure;
- becomes publicly available without breach;
- is received lawfully from a third party without restriction; or
- is independently developed without use of Confidential Information.
Consequential Damages
"Consequential Damages" means indirect, special, incidental, exemplary, punitive, or consequential damages arising from or relating to this Agreement.
Consequential Damages may include:
- lost profits;
- loss of revenue;
- loss of business opportunity;
- loss of goodwill;
- loss of anticipated savings;
- business interruption; and
- loss of data, except where expressly included under this Agreement.
Damages
"Damages" means any losses, liabilities, obligations, costs, expenses, judgments, settlements, penalties, awards, or other amounts incurred by a Party arising from or relating to a Claim, breach, event, or legal obligation.
Damages include direct damages and, where permitted, indirect or special damages.
Disclosing Party
"Disclosing Party" means the Party providing Confidential Information to the other Party under this Agreement.
Force Majeure Event
"Force Majeure Event" means any event or circumstance beyond a Party's reasonable control that prevents, delays, or materially impacts performance of obligations under this Agreement.
Force Majeure Events may include:
- acts of God;
- natural disasters;
- fire;
- flood;
- earthquake;
- pandemic;
- epidemic;
- war;
- terrorism;
- civil unrest;
- government actions;
- regulatory restrictions;
- labor disputes;
- internet outages;
- telecommunications failures;
- cloud infrastructure failures;
- utility failures;
- cybersecurity events beyond reasonable control; and
- third-party service disruptions.
A Force Majeure Event does not include a Party's financial inability to perform, lack of resources, or failure to maintain reasonable business continuity measures.
Good Faith
"Good Faith" means honest dealing, fair conduct, and reasonable cooperation consistent with the Parties' obligations and commercial relationship under this Agreement.
Governing Law
"Governing Law" means the laws identified in this Agreement that govern the interpretation, enforcement, validity, and construction of this Agreement and the rights and obligations of the Parties.
Unless otherwise specified, Governing Law excludes conflict-of-law principles that would require application of another jurisdiction's laws.
Indemnified Party
"Indemnified Party" means a Party entitled to receive indemnification, defense, protection, reimbursement, or other relief from another Party under this Agreement.
An Indemnified Party may include Company, Customer, their Affiliates, officers, directors, employees, agents, and representatives.
Indemnifying Party
"Indemnifying Party" means the Party responsible for providing indemnification or defense obligations under this Agreement.
Intellectual Property
"Intellectual Property" means all intellectual property rights and proprietary rights recognized under Applicable Law, including:
- patents;
- copyrights;
- trademarks;
- service marks;
- trade names;
- trade secrets;
- know-how;
- design rights;
- database rights;
- software rights;
- moral rights;
- confidential information rights; and
- all related applications, registrations, renewals, and protections.
Intellectual Property Rights
"Intellectual Property Rights" means all rights, title, and interests in and to Intellectual Property, whether registered or unregistered, existing now or created in the future.
Intellectual Property Rights include rights in:
- software;
- platforms;
- applications;
- APIs;
- documentation;
- designs;
- databases;
- models;
- analytics;
- workflows;
- configurations; and
- technology.
License
"License" means a limited, non-exclusive, non-transferable, non-sublicensable right granted by one Party to another Party to access, use, or receive specified rights under this Agreement.
Unless expressly stated, licenses do not transfer ownership of Intellectual Property.
Party
"Party" means either Company or Customer individually.
"Parties" means Company and Customer collectively.
Permitted Use
"Permitted Use" means the authorized use of Services, data, information, technology, documentation, or materials strictly in accordance with this Agreement, applicable Order Forms, Documentation, and Applicable Law.
Proprietary Information
"Proprietary Information" means information owned, controlled, developed, or maintained by a Party that has commercial value or is protected by confidentiality obligations.
Proprietary Information includes Confidential Information, trade secrets, technology, business processes, and intellectual property.
Receiving Party
"Receiving Party" means the Party receiving Confidential Information from the other Party.
Representative
"Representative" means a Party's employees, officers, directors, contractors, advisors, agents, Affiliates, consultants, legal counsel, accountants, or other authorized personnel.
Third Party
"Third Party" means any individual, entity, organization, vendor, provider, governmental authority, or person other than Company, Customer, or their respective Affiliates.
Trade Secret
"Trade Secret" means information that derives independent economic value from not being generally known or readily ascertainable and that is subject to reasonable efforts to maintain confidentiality.
Trade Secrets may include source code, algorithms, business methods, security practices, processes, models, and technical information.
Work Product
"Work Product" means any deliverables, materials, documentation, configurations, reports, designs, developments, modifications, or other materials created by Company in performing Professional Services.
Ownership of Work Product shall be determined according to the applicable Order Form, Statement of Work, and Intellectual Property provisions of this Agreement.
2.10 Data Terms
Consumer
"Consumer" means any identified or identifiable natural person whose Personal Information, Consumer Information, Vehicle Information, transaction information, communications, or other data is collected, received, generated, transmitted, stored, accessed, analyzed, disclosed, or otherwise Processed through the Services by or on behalf of Customer in connection with Customer's automotive, commercial, financial, marketing, sales, service, or business operations.
A Consumer may include, without limitation:
- prospective vehicle purchasers;
- vehicle purchasers;
- vehicle owners;
- vehicle lessees;
- former customers;
- returning customers;
- service customers;
- parts customers;
- warranty customers;
- collision repair customers;
- maintenance customers;
- website visitors;
- mobile application users;
- online account holders;
- lead submissions;
- sales prospects;
- finance applicants;
- lease applicants;
- credit applicants;
- borrowers;
- co-buyers;
- co-applicants;
- guarantors;
- trade-in vehicle owners;
- fleet drivers;
- fleet contacts;
- commercial vehicle operators;
- employees or representatives of Customer where Customer Data is Processed through the Services;
- individuals receiving marketing communications;
- event registrants;
- survey respondents;
- recall notification recipients;
- roadside assistance participants;
- subscription program participants; and
- any other individual whose information is Processed through the Services by or on behalf of Customer.
Consumer Information may include information obtained directly from the Consumer, provided by Customer, received from third-party service providers, imported from integrated systems, generated through Customer's use of the Services, or otherwise lawfully Processed pursuant to Applicable Law.
For purposes of this Agreement, a Consumer may be associated with one or more:
- Customer Records;
- Accounts;
- Vehicles;
- Vehicle Identification Numbers (VINs);
- service histories;
- purchase histories;
- finance applications;
- lease transactions;
- communication records;
- marketing preferences;
- consent records;
- appointment records;
- telematics information;
- warranty records;
- loyalty programs;
- customer satisfaction surveys; and
- other dealership relationship records.
A Consumer may be identified directly or indirectly through Personal Information, online identifiers, device identifiers, customer numbers, account numbers, vehicle identifiers, communication records, transaction history, geolocation information, biometric identifiers where lawfully collected, or any combination of information capable of reasonably identifying or relating to an individual.
For purposes of Applicable Privacy Laws, Customer exclusively determines the purposes and means for Processing Consumer Information and acts as the "Controller," "Business," or equivalent legal designation. Company Processes Consumer Information solely on behalf of Customer as a "Processor," "Service Provider," or equivalent legal designation, except where Company independently Processes information for its own lawful business purposes expressly permitted by this Agreement or Applicable Law.
Nothing in this Agreement shall be interpreted as creating a direct contractual relationship between Company and any Consumer solely because the Consumer's information is Processed through the Services. Unless otherwise expressly agreed in writing, Company provides the Services exclusively to Customer, and Customer remains solely responsible for:
- its relationship with each Consumer;
- providing legally required privacy notices;
- obtaining required consents and authorizations;
- responding to Consumer inquiries and privacy rights requests;
- ensuring the lawful collection and Processing of Consumer Information;
- the accuracy and completeness of Consumer Information submitted to the Services;
- the legality of Customer communications, advertising, and marketing activities; and
- compliance with all Applicable Laws governing Consumer interactions.
Consumer Data
"Consumer Data" means any information, record, content, document, communication, file, dataset, identifier, or other data relating to an identified or identifiable Consumer that is collected, received, generated, created, uploaded, imported, transmitted, synchronized, stored, accessed, disclosed, analyzed, maintained, or otherwise Processed through or in connection with the Services by or on behalf of Customer.
Consumer Data includes both Personal Information and non-personal information associated with a Consumer, regardless of the format, source, medium, or method by which such information is obtained or Processed.
Without limitation, Consumer Data may include:
- Consumer names;
- postal addresses;
- email addresses;
- telephone numbers;
- date of birth;
- government-issued identification information;
- driver's license information;
- customer numbers;
- account identifiers;
- online identifiers;
- device identifiers;
- Internet Protocol (IP) addresses;
- cookie identifiers;
- browser information;
- mobile device information;
- authentication credentials provided by Customer;
- communication preferences;
- marketing preferences;
- opt-in and opt-out records;
- consent records;
- lead information;
- CRM records;
- sales records;
- vehicle purchase history;
- trade-in information;
- service history;
- repair orders;
- appointment records;
- warranty information;
- vehicle ownership information;
- lease information;
- loan information;
- finance application information;
- insurance-related information;
- payment information;
- billing information;
- customer support records;
- survey responses;
- website activity;
- application activity;
- chat communications;
- SMS communications;
- email communications;
- voice communication records;
- documents uploaded by Customer or Consumers;
- digital signatures;
- electronic transaction records;
- Vehicle Identification Numbers (VINs) associated with Consumers;
- vehicle registration information;
- vehicle maintenance information;
- recall information associated with a Consumer;
- telematics information where lawfully collected;
- geolocation information where lawfully collected;
- customer interaction history;
- website behavioral information;
- shopping activity;
- inventory inquiry history;
- consumer preferences;
- Customer-generated notes;
- customer satisfaction information;
- analytics relating to Customer's interactions with Consumers; and
- any other information submitted to, generated through, or maintained within the Services that relates to a Consumer.
Consumer Data may originate from one or more sources, including:
- Customer;
- Authorized Users;
- Consumers;
- Dealer Management Systems (DMS);
- Customer Relationship Management (CRM) systems;
- inventory management systems;
- OEM systems;
- finance sources;
- insurance providers;
- payment processors;
- marketing platforms;
- service scheduling systems;
- vehicle history providers;
- telematics platforms;
- Company APIs;
- third-party integrations;
- websites;
- mobile applications;
- communication platforms; and
- other lawful sources authorized by Customer.
Consumer Data may consist of structured, semi-structured, or unstructured information and may include text, documents, images, audio recordings, video, electronic records, metadata, log information, communications, reports, analytics inputs, or other digital content associated with a Consumer.
For purposes of this Agreement, Consumer Data includes Personal Information, Sensitive Personal Information, financial information, vehicle-related information, communications, and any other information protected under Applicable Law, to the extent such information is Processed by Company on behalf of Customer.
Consumer Data expressly excludes:
- Company Confidential Information;
- Company intellectual property;
- Company Software;
- Company source code;
- Company proprietary algorithms;
- Company security information;
- Company system architecture;
- Company operational procedures;
- Aggregated Data;
- De-Identified Data;
- Operational Data;
- Usage Data;
- system performance metrics;
- security logs;
- service diagnostics;
- technical telemetry;
- platform monitoring information; and
- other information that Company lawfully creates independently of identifiable Consumer Data.
As between the Parties, Customer retains all right, title, and interest in and to Consumer Data. Except as expressly provided in this Agreement, Customer grants Company only a limited, non-exclusive, revocable (subject to the terms of this Agreement), worldwide right to Process Consumer Data solely to the extent reasonably necessary to provide, host, maintain, support, secure, integrate, monitor, troubleshoot, improve, and operate the Services, fulfill Customer's documented instructions, comply with Applicable Law, protect the security and integrity of the Services, and perform Company's contractual obligations.
Customer
"Customer" means the legal entity identified in the applicable Order Form, Subscription Agreement, Statement of Work, Service Order, online registration, purchasing agreement, reseller agreement, enterprise agreement, or other written or electronic agreement incorporating this Master Services Agreement, that purchases, licenses, subscribes to, accesses, or otherwise receives the Services from Company for its internal business operations.
Customer may include, without limitation:
- new vehicle dealerships;
- used vehicle dealerships;
- independent dealerships;
- franchise dealerships;
- dealer groups;
- automotive retailer organizations;
- dealer holding companies;
- automotive service and repair facilities;
- collision repair centers;
- parts distributors;
- fleet operators;
- fleet management companies;
- commercial vehicle dealers;
- recreational vehicle dealers;
- marine dealerships;
- powersports dealerships;
- motorcycle dealerships;
- OEM-affiliated organizations;
- manufacturer programs;
- vehicle auction companies;
- automotive finance companies;
- banks and credit unions participating in automotive financing;
- insurance companies;
- extended warranty administrators;
- vehicle service contract providers;
- marketing agencies;
- digital retail providers;
- technology vendors;
- automotive software providers;
- automotive consultants;
- automotive vendors;
- automotive associations;
- governmental automotive entities;
- educational institutions;
- commercial enterprises operating vehicle fleets; and
- any other business entity authorized by Company to access or use the Services.
Customer includes all subsidiaries, parent companies, Affiliates, divisions, operating entities, dealership rooftops, business units, locations, franchises, brands, departments, and Authorized Users that Customer authorizes to access or use the Services under Customer's subscription unless otherwise expressly stated in an applicable Order Form.
Customer Data
"Customer Data" means any data, information, content, records, files, documents, materials, communications, transactions, configurations, submissions, or other information provided, submitted, uploaded, imported, transmitted, generated, collected, stored, or otherwise made available by or on behalf of Customer, Authorized Users, Consumers, or Customer's systems through the Services.
Customer Data includes, without limitation:
- Consumer information;
- Customer records;
- Prospect and Lead information;
- vehicle information;
- Vehicle Identification Numbers ("VINs");
- inventory information;
- sales records;
- service records;
- repair orders;
- communications;
- marketing information;
- financial-related information;
- Dealer personnel information;
- workflow configurations;
- documents;
- images;
- files; and
- other information processed through the Services.
Customer Data includes Personal Information to the extent contained therein.
Customer Content
"Customer Content" means any materials, information, data, text, images, files, documents, templates, communications, configurations, instructions, or other content provided by Customer or Authorized Users for use with the Services.
Customer Content includes Customer Data and Customer-created materials stored within the Services.
Data
"Data" means any information, records, content, digital assets, electronic information, metadata, files, communications, measurements, statistics, or other information processed, transmitted, stored, created, or generated through the Services.
Data includes Customer Data, Usage Data, Operational Data, Analytics Data, Derived Data, Aggregated Data, and De-Identified Data.
Derived Data
"Derived Data" means information, insights, results, analyses, calculations, models, correlations, trends, classifications, predictions, recommendations, metrics, or other information created, developed, calculated, or derived from processing Customer Data, Usage Data, Operational Data, or other information.
Derived Data may include:
- performance metrics;
- business intelligence;
- workflow recommendations;
- trend analysis;
- optimization insights;
- statistical outputs;
- benchmarking information;
- AI-generated insights; and
- machine learning outputs.
Derived Data does not include Customer Data in a form that identifies Customer, Consumers, or specific individuals unless otherwise permitted under this Agreement.
De-Identified Data
"De-Identified Data" means information that has been processed or modified so that it cannot reasonably be used to identify, relate to, describe, or be linked to a particular individual, household, Consumer, Customer, dealership, organization, device, or Vehicle.
De-Identified Data may include information where identifiers have been:
- removed;
- masked;
- hashed;
- tokenized;
- generalized;
- aggregated; or
- otherwise transformed.
Company may use De-Identified Data for lawful business purposes, including analytics, product improvement, benchmarking, research, security, and service optimization, provided such use complies with Applicable Law.
Aggregated Data
"Aggregated Data" means data combined, summarized, grouped, compiled, or analyzed from multiple sources in a manner that does not reasonably identify or reveal information about an individual Customer, Consumer, household, dealership, Vehicle owner, or specific organization.
Aggregated Data may include:
- industry trends;
- benchmarking statistics;
- performance measurements;
- market insights;
- operational comparisons;
- usage trends;
- system metrics; and
- statistical analysis.
Aggregated Data does not include Personal Information unless expressly permitted under Applicable Law.
Analytics Data
"Analytics Data" means information generated through the operation, performance, monitoring, or use of the Services for analytical, reporting, measurement, optimization, and business intelligence purposes.
Analytics Data may include:
- feature usage statistics;
- system performance measurements;
- engagement metrics;
- workflow effectiveness;
- conversion metrics;
- communication performance;
- operational trends;
- service utilization;
- error rates;
- technical metrics; and
- platform performance information.
Automotive Data
"Automotive Data" means information relating to Vehicles, automotive transactions, dealership operations, mobility services, or automotive-related activities.
Automotive Data includes:
- VIN information;
- vehicle specifications;
- vehicle history;
- inventory data;
- maintenance records;
- repair information;
- warranty information;
- recall information;
- telematics information;
- ownership information;
- sales transactions;
- service transactions;
- appraisals;
- valuations; and
- automotive operational records.
Benchmark Data
"Benchmark Data" means comparative, statistical, or analytical information created by comparing performance, usage, operational, or business metrics across multiple Customers, users, systems, or environments.
Benchmark Data shall be maintained in a manner that does not identify a specific Customer, Consumer, or individual unless expressly authorized.
Business Data
"Business Data" means information relating to Customer's business operations, including dealership operations, sales activities, marketing activities, service operations, inventory management, employee activities, financial operations, and customer engagement activities.
Data Set
"Data Set" means any structured or unstructured collection of information processed through or maintained within the Services.
A Data Set may include databases, tables, records, files, documents, logs, reports, exports, or other organized collections of information.
Metadata
"Metadata" means information describing, relating to, or generated from Data, including:
- timestamps;
- file properties;
- system identifiers;
- activity information;
- configuration information;
- access records;
- technical attributes;
- transaction information; and
- system events.
Metadata may be used for security, operations, support, analytics, and service improvement purposes.
Operational Data
"Operational Data" means information generated from the operation, administration, maintenance, monitoring, and performance of the Services.
Operational Data may include:
- system logs;
- performance metrics;
- availability information;
- error reports;
- diagnostic information;
- security events;
- capacity measurements;
- technical configurations; and
- service health information.
Personal Data
"Personal Data" means any information that identifies, relates to, describes, or is reasonably capable of being associated with an identified or identifiable individual as defined under Applicable Data Protection Law.
Personal Data includes Personal Information, Personally Identifiable Information ("PII"), Consumer Data, and similar protected information.
Processed Data
"Processed Data" means any Data that has been accessed, collected, transmitted, stored, analyzed, modified, transformed, organized, combined, or otherwise handled through the Services.
Service Data
"Service Data" means information created, generated, or collected through Customer's use of the Services, including Usage Data, Operational Data, technical information, and service performance information.
Service Data does not include Customer Data except where expressly stated.
Usage Data
"Usage Data" means information regarding how Customer, Authorized Users, systems, devices, or integrations access, interact with, navigate, configure, or use the Services.
Usage Data may include:
- login activity;
- feature usage;
- clickstream information;
- session information;
- workflow activity;
- interaction history;
- API activity;
- performance metrics;
- device information; and
- technical usage information.
Data Ownership
"Data Ownership" means the rights, title, interests, and control associated with Data.
Customer retains ownership of Customer Data provided by Customer, subject to the rights granted to Company under this Agreement necessary to provide the Services.
Company retains ownership of its technology, systems, methodologies, analytics, models, tools, and proprietary materials.
Data Retention Period
"Data Retention Period" means the period during which Data is maintained, stored, processed, or available within the Services.
Retention periods may be established by:
- this Agreement;
- Order Forms;
- Customer configuration settings;
- Applicable Law;
- security requirements; or
- Company policies.
Data Export
"Data Export" means the process by which Customer retrieves or receives Customer Data from the Services through approved methods, including reports, downloads, APIs, integrations, or other supported mechanisms.
2.11 Compliance Terms
Applicable Law
"Applicable Law" means all applicable federal, state, provincial, local, foreign, and international laws, statutes, regulations, ordinances, rules, directives, administrative requirements, regulatory guidance, judicial decisions, governmental orders, and legally binding requirements applicable to:
- Company;
- Customer;
- the Services;
- Customer Data;
- Personal Information;
- Processing activities;
- communications;
- automotive operations; or
- the performance of obligations under this Agreement.
Applicable Law includes, without limitation, laws relating to privacy, cybersecurity, consumer protection, electronic communications, advertising, marketing, data security, accessibility, intellectual property, employment, financial transactions, and automotive industry requirements.
Automotive Industry Requirements
"Automotive Industry Requirements" means applicable industry standards, manufacturer requirements, dealership obligations, contractual requirements, certifications, policies, guidelines, and operational rules applicable to automotive businesses, including:
- OEM requirements;
- dealer franchise requirements;
- DMS integration requirements;
- vehicle data handling requirements;
- inventory data standards;
- service operation requirements;
- automotive cybersecurity expectations; and
- industry best practices.
Consumer
"Consumer" means an individual person whose information is collected, accessed, processed, stored, or transmitted through the Services.
Consumers may include:
- vehicle purchasers;
- vehicle lessees;
- service customers;
- vehicle owners;
- prospective customers;
- website visitors;
- marketing recipients;
- applicants;
- co-buyers;
- guarantors; and
- other individuals interacting with Customer.
Consumer Protection Laws
"Consumer Protection Laws" means all Applicable Laws governing consumer rights, fair business practices, advertising, marketing, disclosures, transactions, unfair or deceptive acts or practices, consumer complaints, and consumer-facing activities.
Consumer Protection Laws may include laws relating to:
- truth in advertising;
- unfair or deceptive practices;
- consumer disclosures;
- automotive sales practices;
- financial representations;
- customer communications;
- telemarketing;
- electronic communications; and
- consumer privacy rights.
Cybersecurity Laws
"Cybersecurity Laws" means Applicable Laws, regulations, rules, and requirements relating to information security, cybersecurity, system protection, breach notification, access controls, security safeguards, and protection of information systems.
Cybersecurity Laws may include requirements relating to:
- security controls;
- risk assessments;
- incident response;
- encryption;
- authentication;
- access management;
- security monitoring; and
- breach reporting.
Data Protection Laws
"Data Protection Laws" means all Applicable Laws governing the collection, use, disclosure, storage, processing, transfer, security, retention, and disposal of Personal Information or Personal Data.
Data Protection Laws include, where applicable:
- privacy laws;
- consumer privacy statutes;
- data security laws;
- breach notification laws;
- cross-border transfer requirements;
- data residency requirements; and
- regulatory privacy requirements.
Export Laws
"Export Laws" means all Applicable Laws governing the export, re-export, transfer, access, disclosure, or provision of software, technology, technical data, services, encryption functionality, or controlled information to persons, entities, countries, or territories.
Export Laws include restrictions administered by applicable governmental authorities relating to:
- export controls;
- economic sanctions;
- restricted parties;
- embargoed jurisdictions;
- technology transfers;
- encryption controls; and
- international trade compliance.
Foreign Corrupt Practices Laws
"Foreign Corrupt Practices Laws" means Applicable Laws prohibiting bribery, corruption, improper payments, kickbacks, or unethical business practices involving government officials, commercial parties, or other persons.
These laws may apply where Services, Customers, Affiliates, vendors, or transactions involve international operations.
Government Authority
"Government Authority" means any federal, state, local, foreign, international, regulatory, administrative, judicial, law enforcement, supervisory, or governmental body having authority over a Party, the Services, Data, or Processing activities.
Industry Standard
"Industry Standard" means generally accepted professional, technical, security, operational, or commercial practices applicable to technology providers, SaaS platforms, data processors, and automotive technology providers. Industry Standards may include:
- reasonable cybersecurity practices;
- software development practices;
- privacy practices;
- availability practices;
- risk management procedures; and
- data protection practices.
Privacy Laws
"Privacy Laws" means Applicable Laws governing privacy rights, Personal Information, Personal Data, consumer rights, data collection, processing, disclosure, and individual control over information.
Privacy Laws may include requirements relating to:
- notice obligations;
- consent requirements;
- consumer access rights;
- deletion rights;
- opt-out rights;
- data minimization;
- purpose limitation;
- security obligations; and
- privacy disclosures.
Regulated Data
"Regulated Data" means any information subject to heightened legal, regulatory, contractual, or industry requirements.
Regulated Data may include:
- Personal Information;
- Sensitive Personal Information;
- financial information;
- payment information;
- government identifiers;
- health information where applicable;
- vehicle ownership information;
- consumer records;
- authentication credentials; and
- other protected information.
Regulatory Requirement
"Regulatory Requirement" means any binding requirement, order, directive, rule, standard, examination requirement, or compliance obligation issued by a Government Authority or regulatory body applicable to a Party, the Services, or the processing of information.
Restricted Party
"Restricted Party" means any person, entity, organization, country, territory, or jurisdiction subject to applicable sanctions, embargoes, trade restrictions, export restrictions, or prohibited-party limitations under Export Laws.
Sanctions Laws
"Sanctions Laws" means Applicable Laws imposing economic sanctions, trade restrictions, asset freezes, embargoes, or restrictions on transactions with certain individuals, organizations, governments, or jurisdictions.
Security Requirements
"Security Requirements" means the technical, administrative, organizational, contractual, and legal requirements applicable to protecting the confidentiality, integrity, availability, and security of Systems, Services, and Data.
Security Requirements may include:
- access controls;
- encryption;
- monitoring;
- logging;
- incident response;
- risk management;
- employee controls;
- security policies; and
- industry best practices.
Telecommunications Laws
"Telecommunications Laws" means Applicable Laws governing electronic communications, telephone communications, text messaging, automated communications, voice services, marketing communications, and related technologies.
Telecommunications Laws may include requirements relating to:
- SMS messaging;
- MMS messaging;
- automated communications;
- calling practices;
- consent requirements;
- consumer opt-out rights; and
- communications records.
Third-Party Compliance Requirement
"Third-Party Compliance Requirement" means any contractual, legal, technical, security, privacy, or operational requirement imposed by a third party whose products, systems, data, platforms, or services interoperate with the Services.
Third-Party Compliance Requirements may include those imposed by:
- OEMs;
- DMS providers;
- CRM providers;
- communication carriers;
- payment providers;
- data providers;
- cloud providers; and
- technology partners.
Compliance Documentation
"Compliance Documentation" means policies, procedures, records, certifications, reports, assessments, attestations, agreements, security materials, privacy materials, and other documentation demonstrating compliance with Applicable Law or contractual requirements.
Compliance Program
"Compliance Program" means the policies, procedures, controls, training, processes, governance practices, and operational measures implemented by a Party to support compliance with Applicable Law and contractual obligations.
2.12 Consumer Terms
Applicant
"Applicant" means an individual who submits, authorizes, initiates, or participates in an application, inquiry, request, or process related to obtaining automotive products or services.
An Applicant may include an individual seeking:
- vehicle purchase;
- vehicle lease;
- vehicle financing;
- trade-in evaluation;
- insurance products;
- service or repair services;
- extended warranty products;
- protection products;
- fleet services; or
- other automotive-related offerings.
Applicant information may include Personal Information, employment information, financial information, credit-related information, and transaction-related information.
Buyer
"Buyer" means an individual or entity that purchases, leases, finances, or otherwise acquires an interest in a Vehicle, automotive product, or automotive service.
A Buyer may include a Customer, Consumer, Vehicle Owner, Co-Buyer, or other transaction participant.
Co-Buyer
"Co-Buyer" means an individual who participates jointly with another individual in purchasing, leasing, financing, or otherwise acquiring a Vehicle or automotive product.
A Co-Buyer may share contractual, ownership, financial, or payment obligations associated with an automotive transaction.
Co-Buyer information may include:
- name and contact information;
- identity verification information;
- financial information;
- employment information;
- credit-related information;
- transaction information; and
- ownership-related information.
Consumer
"Consumer" means any individual whose Personal Information, communications, records, interactions, or activities are processed through the Services.
Consumers may include:
- Leads;
- Prospects;
- Customers;
- Vehicle Owners;
- Applicants;
- Co-Buyers;
- Guarantors;
- Service Customers;
- Website Visitors;
- Marketing Recipients;
- Trade-In Participants; and
- other individuals interacting with a Dealer.
Customer Record
"Customer Record" means a record maintained within the Services containing information relating to the Consumer, an individual, organization, transaction, inquiry, interaction, communication, or relationship with Customer.
Customer Records may include:
- contact information;
- communication history;
- purchase history;
- service history;
- preferences;
- consent records;
- marketing activity;
- appointment history;
- vehicle information;
- transaction information; and
- other CRM-related information.
Customer Relationship Management Data ("CRM Data")
"CRM Data" means information collected, stored, processed, or managed through Customer relationship management activities, including consumer interactions, sales opportunities, communications, follow-up activities, appointments, tasks, notes, and transaction history.
CRM Data may include Lead Data, Prospect Data, Customer Records, and communication records.
Dealer Customer
"Dealer Customer" means an individual or entity that has completed a transaction or established a commercial relationship with a Dealership or automotive business.
Dealer Customers may include:
- vehicle purchasers;
- vehicle lessees;
- service customers;
- parts customers;
- fleet customers;
- commercial customers; and
- other automotive consumers.
Fleet Customer
"Fleet Customer" means a business, government entity, organization, or other customer that acquires, manages, operates, leases, or maintains multiple Vehicles for commercial or operational purposes.
Fleet Customers may include:
- corporations;
- rental companies;
- transportation providers;
- government entities;
- commercial operators; and
- vehicle management organizations.
Guarantor
"Guarantor" means an individual or entity that agrees to guarantee, support, secure, or otherwise assume responsibility for the obligations of another person or entity relating to an automotive transaction.
Guarantor information may include:
- identity information;
- contact information;
- financial information;
- employment information;
- credit-related information;
- authorization records; and
- transaction information.
Lead
"Lead" means an individual, organization, or entity that has expressed interest, directly or indirectly, in a Vehicle, automotive product, automotive service, dealership offering, or related business opportunity.
A Lead may originate from:
- website inquiries;
- digital advertising;
- marketing campaigns;
- OEM programs;
- third-party providers;
- phone inquiries;
- text messages;
- email communications;
- social media interactions;
- walk-in dealership interactions; or
- other sources.
Lead Data
"Lead Data" means information associated with a Lead, including contact information, inquiry information, preferences, communication history, engagement activity, vehicle interests, and related sales opportunity information.
Lead Data may include Personal Information.
Marketing Recipient
"Marketing Recipient" means an individual or entity receiving marketing communications, promotional messages, advertisements, offers, notices, or business communications from Customer or through the Services.
Marketing Recipients may include Leads, Prospects, Customers, and other individuals.
Prospect
"Prospect" means an individual or entity that has demonstrated a potential interest in purchasing, leasing, financing, servicing, maintaining, or otherwise engaging with a Vehicle, automotive product, or automotive service.
A Prospect generally represents a more developed business opportunity than a Lead and may include:
- vehicle shoppers;
- internet buyers;
- sales opportunities;
- service opportunities;
- trade-in participants; and
- returning customers.
Prospect Data
"Prospect Data" means information relating to a Prospect, including:
- identity information;
- contact details;
- vehicle preferences;
- purchase interests;
- communication history;
- appointments;
- engagement activity;
- sales pipeline information; and
- related Customer Relationship Management information.
Service Customer
"Service Customer" means an individual or entity receiving, requesting, scheduling, or participating in automotive services, maintenance, repair, inspections, parts transactions, or related dealership services.
Service Customers may include Vehicle Owners, fleet operators, and other authorized users of automotive services.
Trade-In Participant
"Trade-In Participant" means an individual or entity providing information relating to a Vehicle offered, evaluated, appraised, exchanged, sold, or considered as part of an automotive transaction.
Trade-In Participant information may include:
- Vehicle information;
- ownership information;
- condition information;
- valuation information;
- contact information; and
- transaction records.
Vehicle Owner
"Vehicle Owner" means an individual or entity identified as owning, leasing, possessing, controlling, or having an interest in a Vehicle.
Vehicle Owner information may include:
- identity information;
- contact information;
- Vehicle Identification Number ("VIN");
- registration information;
- service history;
- maintenance records;
- warranty information;
- ownership history;
- telematics information;
- recall information; and
- transaction history.
Vehicle Transaction
"Vehicle Transaction" means any activity relating to the purchase, sale, lease, financing, trade-in, appraisal, service, repair, maintenance, registration, warranty, or other automotive-related activity involving a Vehicle.
Consumer Interaction
"Consumer Interaction" means any communication, engagement, activity, transaction, request, inquiry, appointment, message, response, or other exchange between Customer and a Consumer through the Services.
Consumer Interactions may include:
- phone calls;
- SMS messages;
- MMS messages;
- emails;
- chat communications;
- web submissions;
- appointments;
- service requests;
- sales communications; and
- follow-up activities.
2.13 Infrastructure Terms
Cloud Infrastructure
"Cloud Infrastructure" means the distributed computing environment, technology resources, systems, platforms, networks, storage, databases, applications, and supporting components used to host, operate, maintain, secure, and deliver the Services.
Cloud Infrastructure may include:
- cloud computing resources;
- virtual servers;
- compute resources;
- storage systems;
- databases;
- networking infrastructure;
- load balancing systems;
- security services;
- monitoring systems;
- backup systems;
- content delivery systems;
- application environments; and
- other technology components necessary to provide the Services.
Cloud Service Provider
"Cloud Service Provider" means any third-party infrastructure provider, hosting provider, cloud computing provider, data center provider, platform provider, or technology provider used by Company to operate, maintain, secure, or support the Services.
Cloud Service Providers may provide:
- hosting;
- compute capacity;
- storage;
- database services;
- networking;
- security services;
- monitoring;
- backup services; and
- disaster recovery capabilities.
Data Center
"Data Center" means a physical or virtual facility containing computing resources, networking equipment, storage systems, security controls, and operational infrastructure used to provide the Services.
Data Centers may be operated by Company or third-party infrastructure providers.
Hosting Environment
"Hosting Environment" means the technical environment in which the Services are deployed, operated, maintained, and made available to Customer.
The Hosting Environment may include:
- production environments;
- application servers;
- database environments;
- storage environments;
- network environments;
- security environments;
- testing environments; and
- disaster recovery environments.
Hosting Provider
"Hosting Provider" means any third-party provider engaged by Company to host, store, process, transmit, or support the operation of the Services or Customer Data.
Hosting Providers may include cloud providers, data center operators, infrastructure providers, managed service providers, and related technology providers.
Production Environment
"Production Environment" means the live operational environment used to provide the Services to Customer and Authorized Users.
The Production Environment may include Customer Data, Personal Information, configurations, integrations, and operational systems.
Non-Production Environment
"Non-Production Environment" means any environment used for development, testing, quality assurance, demonstrations, training, troubleshooting, staging, or evaluation purposes.
Non-Production Environments may include:
- development environments;
- testing environments;
- staging environments;
- sandbox environments; and
- quality assurance environments.
Availability
"Availability" means the ability of Authorized Users to access and use the Services in accordance with applicable Service Level Agreement commitments, excluding permitted downtime, maintenance periods, Customer-caused interruptions, Force Majeure Events, third-party failures, and other exclusions stated in this Agreement.
Availability may be measured as a percentage of total scheduled service time.
Service Availability
"Service Availability" means the operational availability and accessibility of the Services provided by Company.
Service Availability may include:
- application accessibility;
- system responsiveness;
- authentication availability;
- core functionality availability;
- integration availability; and
- platform operational status.
Availability Commitment
"Availability Commitment" means any contractual commitment made by Company regarding Service Availability, uptime, reliability, or operational performance as set forth in an applicable Service Level Agreement or Order Form.
Maintenance
"Maintenance" means activities performed to operate, improve, update, repair, secure, modify, monitor, or maintain the Services, infrastructure, systems, software, or supporting technology.
Maintenance may include:
- software updates;
- security patches;
- bug fixes;
- performance improvements;
- system upgrades;
- infrastructure changes;
- database maintenance; and
- security improvements.
Maintenance Window
"Maintenance Window" means a scheduled period during which Company may perform Maintenance activities that may temporarily impact availability, performance, functionality, or access to the Services.
Maintenance Windows may include:
- scheduled maintenance;
- emergency maintenance;
- security maintenance;
- infrastructure maintenance; and
- planned upgrades.
Company may provide notice of Maintenance Windows according to applicable Service Level Agreement terms.
Emergency Maintenance
"Emergency Maintenance" means unscheduled maintenance reasonably necessary to address urgent operational, security, reliability, performance, compliance, or infrastructure issues.
Emergency Maintenance may occur without advance notice where delay could create material risk to the Services, Customer Data, or security.
Disaster Recovery
"Disaster Recovery" means the processes, procedures, systems, technologies, and operational measures designed to restore Services, systems, applications, infrastructure, and data following a disruptive event.
Disaster Recovery activities may include:
- system restoration;
- data recovery;
- backup restoration;
- failover procedures;
- infrastructure recovery;
- business continuity coordination; and
- service restoration activities.
Disaster Recovery Plan
"Disaster Recovery Plan" means Company's documented procedures and operational strategies for responding to and recovering from events affecting availability, security, infrastructure, systems, or Services.
The Disaster Recovery Plan may address:
- recovery priorities;
- roles and responsibilities;
- communication procedures;
- backup restoration;
- system recovery;
- failover processes; and
- post-event remediation.
Business Continuity
"Business Continuity" means the policies, procedures, resources, and strategies designed to maintain or restore critical business operations during or after disruptive events. Business Continuity may include:
- operational resilience;
- continuity planning;
- employee response procedures;
- vendor coordination;
- communications planning; and
- recovery procedures.
Recovery Point Objective ("RPO")
"Recovery Point Objective" or "RPO" means the maximum acceptable amount of data loss measured by time following a disruption before systems or Services are restored. RPO describes the targeted restoration point for recovered data.
Recovery Time Objective ("RTO")
"Recovery Time Objective" or "RTO" means the targeted maximum amount of time required to restore Services, systems, or functionality following a disruption.
RTO describes the targeted restoration timeline.
Backup
"Backup" means a copy or replica of data, systems, configurations, applications, or infrastructure maintained for recovery, restoration, continuity, security, or operational purposes.
Backups may include:
- database backups;
- system backups;
- configuration backups;
- file backups;
- replicated copies; and
- recovery snapshots.
Replication
"Replication" means the creation and maintenance of duplicate copies of systems, applications, databases, or data across multiple environments, locations, or infrastructure resources.
Replication may be used for:
- availability;
- performance;
- disaster recovery;
- fault tolerance; and
- business continuity.
Failover
"Failover" means the process of automatically or manually transferring operations, workloads, systems, or services from a primary environment to a secondary environment due to interruption, failure, maintenance, or operational necessity.
Infrastructure Security
"Infrastructure Security" means the administrative, technical, physical, and organizational controls implemented to protect infrastructure, systems, applications, networks, and data.
Infrastructure Security may include:
- access controls;
- network security;
- encryption;
- monitoring;
- vulnerability management;
- logging;
- segmentation;
- incident response; and
- security operations.
System Monitoring
"System Monitoring" means the continuous or periodic observation, measurement, analysis, and reporting of system performance, availability, security, operational health, and infrastructure status.
Monitoring may include:
- availability monitoring;
- performance monitoring;
- security monitoring;
- capacity monitoring;
- error monitoring; and
- alerting.
Service Interruption
"Service Interruption" means any temporary inability, limitation, degradation, or disruption affecting Customer's access to or use of the Services.
Service Interruptions may result from:
- maintenance;
- infrastructure events;
- security events;
- network failures;
- third-party failures;
- Customer actions; or
- Force Majeure Events.
2.14 Financial Terms
Financial Information
"Financial Information" means information relating to financial transactions, obligations, accounts, payment activity, financing activities, or other monetary matters processed through the Services.
Financial Information may include:
- payment records;
- billing information;
- transaction history;
- invoice information;
- account balances;
- payment status information;
- financing information;
- credit-related information;
- consumer financial records; and
- other financial data.
Financial Information may constitute Personal Information or Sensitive Personal Information under Applicable Law.
Payment Information
"Payment Information" means information used to initiate, authorize, process, complete, record, or verify a payment transaction.
Payment Information may include:
- payment card information;
- bank account information;
- routing information;
- payment tokens;
- transaction identifiers;
- payment authorization records;
- billing details; and
- payment status information.
Payment Card Data
"Payment Card Data" means information relating to credit cards, debit cards, prepaid cards, or other payment cards used to conduct a financial transaction.
Payment Card Data may include:
- cardholder name;
- primary account number ("PAN");
- expiration date;
- security codes;
- billing information; and
- transaction details.
Payment Card Data shall be handled in accordance with Applicable Law and applicable payment card industry requirements.
Cardholder Data
"Cardholder Data" means information defined as cardholder data under applicable payment card industry standards, including information associated with payment cards that identifies or can be used to process a card transaction.
Cardholder Data includes, where applicable:
- primary account numbers;
- cardholder names;
- expiration dates; and
- other payment card information.
PCI DSS
"PCI DSS" means the Payment Card Industry Data Security Standard, including applicable requirements, standards, controls, and security obligations established by the PCI Security Standards Council relating to the protection of payment card information.
PCI DSS may include requirements relating to:
- network security;
- access controls;
- encryption;
- vulnerability management;
- monitoring;
- security testing;
- incident response; and
- payment data protection.
PCI Compliance
"PCI Compliance" means compliance with applicable PCI DSS requirements and other applicable payment card industry obligations relating to the handling, storage, transmission, processing, and protection of Payment Card Data.
PCI Compliance obligations may apply to Customer, Company, Payment Processors, or other parties depending on the applicable payment environment.
Payment Processor
"Payment Processor" means a third-party service provider, financial technology provider, acquiring processor, payment gateway, or other entity that processes payment transactions on behalf of Customer or Company.
Payment Processors may provide:
- payment authorization;
- transaction routing;
- settlement services;
- tokenization;
- fraud prevention;
- payment reporting;
- reconciliation services; and
- payment infrastructure.
Payment Gateway
"Payment Gateway" means technology that facilitates the secure transmission, authorization, routing, and processing of payment transaction information between Customer, Consumers, merchants, financial institutions, and payment processors.
A Payment Gateway may provide:
- transaction submission;
- payment authorization;
- token services;
- fraud screening;
- transaction status reporting; and
- payment communication services.
Merchant
"Merchant" means the business entity accepting payments from a Consumer, including a Dealership, automotive retailer, service provider, or other Customer.
A Merchant may maintain relationships with financial institutions, payment processors, and acquiring banks.
Merchant Account
"Merchant Account" means an account established with a financial institution, acquiring bank, or payment provider that enables a Customer to accept, process, and settle payment transactions.
Merchant Accounts are generally established and maintained by Customer or its selected payment provider.
Acquiring Bank
"Acquiring Bank" means a financial institution or payment institution that processes payment transactions on behalf of a Merchant and facilitates settlement of funds.
An Acquiring Bank may authorize, clear, and settle payment transactions.
Financial Institution
"Financial Institution" means a bank, credit union, lender, financing company, acquiring institution, payment institution, or other regulated financial entity involved in financial transactions, payment processing, lending, credit, or related services.
Financial Institutions may include:
- banks;
- credit unions;
- lenders;
- captives;
- finance companies;
- payment institutions; and
- other regulated entities.
ACH
"ACH" means Automated Clearing House transactions conducted through an electronic funds transfer network for the movement of funds between bank accounts.
ACH transactions may include:
- payments;
- withdrawals;
- deposits;
- recurring payments;
- account verification;
- refunds; and
- electronic transfers.
ACH Authorization
"ACH Authorization" means an authorization provided by an account holder permitting an ACH transaction or electronic debit from a designated bank account.
ACH Authorizations may include:
- account holder identity;
- bank account information;
- transaction terms;
- authorization records; and
- consent records.
Electronic Funds Transfer ("EFT")
"Electronic Funds Transfer" or "EFT" means the electronic movement of funds between accounts, including ACH transactions, wire transfers, card transactions, and other electronic payment methods.
Credit Application
"Credit Application" means information submitted by an individual or entity seeking financing, credit approval, leasing, lending, or other financial assistance relating to a Vehicle, automotive product, or service.
A Credit Application may include:
- identity information;
- contact information;
- employment information;
- income information;
- residential information;
- financial information;
- credit history information;
- vehicle information;
- authorization records; and
- other underwriting information.
Credit Information
"Credit Information" means information relating to an individual's or organization's creditworthiness, credit history, credit obligations, financing eligibility, or lending evaluation.
Credit Information may include:
- credit reports;
- credit scores;
- credit inquiries;
- payment history;
- debt obligations;
- credit decisions; and
- underwriting information.
Consumer Financial Data
"Consumer Financial Data" means financial information relating to a Consumer, including information used for financing, payment, credit evaluation, banking, or transaction processing.
Consumer Financial Data may include:
- income information;
- banking information;
- payment information;
- credit information;
- loan information;
- lease information; and
- financial transaction history.
Financing Transaction
"Financing Transaction" means any transaction involving credit, lending, leasing, financing, installment payments, payment arrangements, or other financial accommodations relating to a Vehicle or automotive product.
Settlement
"Settlement" means the process by which funds from completed financial transactions are transferred, reconciled, and distributed between applicable parties.
Settlement activities may involve:
- Merchants;
- Payment Processors;
- Acquiring Banks;
- Financial Institutions;
- Consumers; and
- other transaction participants.
Transaction Data
"Transaction Data" means information relating to a purchase, payment, refund, financing activity, service transaction, or other commercial activity conducted through the Services.
Transaction Data may include:
- transaction dates;
- amounts;
- payment methods;
- transaction status;
- order information;
- receipts;
- settlement information; and
- related records.
Billing Information
"Billing Information" means information relating to charges, invoices, subscriptions, payments, fees, account balances, and financial obligations between Customer and Company.
Billing Information may include:
- billing contacts;
- invoice records;
- payment status;
- subscription fees;
- tax information; and
- account statements.
Fraud Prevention Data
"Fraud Prevention Data" means information used to identify, prevent, investigate, or mitigate suspected fraudulent transactions, unauthorized activity, security risks, or misuse of payment services.
Fraud Prevention Data may include:
- transaction patterns;
- risk indicators;
- device information;
- verification results;
- authentication information; and
- security alerts.
2.15 Identity Terms
Account
"Account" means a unique registration, profile, credential set, user record, tenant identifier, or access mechanism established for Customer, an Authorized User, Administrator, or other approved individual or entity to access or use the Services.
An Account may include:
- username or login identifier;
- authentication credentials;
- security settings;
- access permissions;
- role assignments;
- profile information;
- activity records;
- preferences;
- configuration settings; and
- other identity-related information.
Each Account shall be assigned to a specific individual or approved entity and shall not be shared except as expressly permitted by Company.
Account Credentials
"Account Credentials" means information or mechanisms used to authenticate a user, system, application, or integration accessing the Services.
Account Credentials may include:
- usernames;
- passwords;
- authentication tokens;
- API credentials;
- security keys;
- certificates;
- single sign-on identifiers;
- multi-factor authentication methods; and
- other authentication information.
Customer is responsible for maintaining the confidentiality and security of Customer-controlled Account Credentials.
Administrator
"Administrator" means an Authorized User designated by Customer with administrative authority to manage Customer's use of the Services.
An Administrator may have permissions to:
- create and deactivate Accounts;
- assign user roles;
- configure permissions;
- manage organizational settings;
- approve integrations;
- review activity information;
- configure workflows;
- manage Customer preferences; and
- perform other administrative functions.
Customer is responsible for selecting and supervising Administrators.
Authorized User
"Authorized User" means an individual who is authorized by Customer to access or use the Services under Customer's Account or Organization.
Authorized Users may include:
- employees;
- dealership personnel;
- sales representatives;
- service advisors;
- managers;
- executives;
- contractors;
- agents;
- consultants;
- temporary personnel; and
- other approved representatives.
Authorized Users must access the Services only for legitimate Customer business purposes and in accordance with this Agreement.
Authentication
"Authentication" means the process used to verify the identity of a user, system, application, device, or integration attempting to access the Services.
Authentication methods may include:
- username and password;
- multi-factor authentication ("MFA");
- single sign-on ("SSO");
- OAuth authentication;
- API keys;
- security tokens;
- certificates; and
- other identity verification mechanisms.
Authorization
"Authorization" means the process of determining whether an authenticated user, system, application, or integration has permission to access specific Services, features, Data, records, functions, or resources.
Authorization may be controlled through:
- roles;
- permissions;
- security policies;
- access levels;
- Customer configurations; and
- administrative settings.
Business Account
"Business Account" means an Account established by or on behalf of Customer for business use of the Services.
A Business Account may include:
- Customer profile information;
- billing information;
- subscription details;
- Organization information;
- user management settings;
- Service configurations; and
- Customer Data.
Customer Administrator
"Customer Administrator" means an Administrator appointed by Customer to control Customer's access configuration, user management, and administrative settings within the Services.
Customer Administrator actions shall be considered actions performed by Customer.
Identity Information
"Identity Information" means information used to identify, authenticate, manage, or distinguish a person, organization, system, or account.
Identity Information may include:
- names;
- email addresses;
- usernames;
- employee identifiers;
- organization identifiers;
- role information;
- authentication records;
- access history;
- security information; and
- related account information.
Identity Provider ("IdP")
"Identity Provider" or "IdP" means a system, platform, or service used to authenticate and manage identities for access to applications, systems, or Services.
An Identity Provider may support:
- single sign-on;
- federated authentication;
- identity lifecycle management;
- access control;
- multi-factor authentication; and
- user provisioning.
Organization
"Organization" means the Customer business entity, dealership, dealer group, automotive company, or other legal entity registered to use the Services.
An Organization may include:
- one or more Dealerships;
- business units;
- locations;
- departments;
- teams;
- employees;
- Authorized Users; and
- related operational structures.
Dealer Organization
"Dealer Organization" means an Organization consisting of one or more automotive dealerships, dealer groups, automotive retailers, or related automotive business operations.
A Dealer Organization may include multiple:
- franchise locations;
- rooftops;
- departments;
- sales teams;
- service operations; and
- administrative users.
Workspace
"Workspace" means a logical environment, account area, tenant space, or designated operating environment within the Services where Customer manages Users, Data, configurations, workflows, integrations, and Service features.
A Workspace may include:
- Customer Data;
- Organization settings;
- permissions;
- integrations;
- reports;
- dashboards;
- workflows; and
- application configurations.
Multi-Tenant Environment
"Multi-Tenant Environment" means a software architecture in which multiple Customers or Organizations use shared infrastructure, applications, or platform resources while maintaining logical separation of Customer Data and access controls.
Role
"Role" means a defined category of permissions or access rights assigned to an Authorized User, Account, or system within the Services.
Roles may include:
- Administrator;
- Manager;
- Sales User;
- Service User;
- Reporting User;
- Integration User; and
- custom Customer-defined roles.
Permission
"Permission" means a specific authorization granted to a user, Account, Role, or system allowing access to certain features, functions, Data, or resources within the Services.
Permissions may control:
- viewing Data;
- creating records;
- editing records;
- exporting information;
- managing users;
- configuring settings;
- accessing integrations; and
- performing administrative actions.
User Lifecycle Management
"User Lifecycle Management" means the processes used to create, modify, suspend, deactivate, and remove user access to the Services.
User Lifecycle Management may include:
- user onboarding;
- role assignment;
- permission changes;
- termination of access;
- credential updates; and
- account closure.
Federated Identity
"Federated Identity" means an identity management arrangement allowing users to access the Services through authentication managed by an external identity provider.
Federated Identity may utilize:
- SSO;
- SAML;
- OAuth;
- OpenID Connect; and
- other identity federation protocols.
Security Administrator
"Security Administrator" means an Authorized User responsible for managing security-related configurations, access controls, authentication requirements, and identity protections.
Security Administrator responsibilities may include:
- reviewing access;
- enforcing security policies;
- managing authentication settings;
- monitoring user activity; and
- coordinating security actions.
Impersonation
"Impersonation" means accessing, using, or attempting to access the Services by representing oneself as another user, person, Organization, or entity without authorization.
Impersonation is prohibited unless expressly authorized for legitimate support, security, or administrative purposes.
Access Control
"Access Control" means the policies, procedures, technologies, and mechanisms used to regulate access to the Services, Systems, Accounts, and Data.
Access Controls may include:
- authentication;
- authorization;
- permissions;
- role-based access controls;
- least privilege principles; and
- security policies.
2.16 Operational Terms
Incident
"Incident" means any unplanned event, occurrence, condition, failure, degradation, disruption, or circumstance affecting the Services, Systems, infrastructure, security, availability, performance, functionality, or Customer's ability to access or use the Services.
An Incident may include:
- service interruptions;
- application errors;
- performance degradation;
- availability issues;
- integration failures;
- authentication failures;
- data processing errors;
- security events;
- configuration issues;
- system failures; and
- other operational disruptions.
An Incident does not include matters caused solely by Customer systems, Customer misuse, third-party failures outside Company's reasonable control, or Force Majeure Events.
Security Incident
"Security Incident" means an actual or reasonably suspected event involving unauthorized access, disclosure, alteration, loss, destruction, misuse, compromise, or attempted compromise of Systems, Services, or Data.
A Security Incident may include:
- unauthorized access attempts;
- malware events;
- security vulnerabilities;
- credential compromise;
- data exposure;
- security control failures; and
- other cybersecurity-related events.
Security Incident response obligations shall be governed by this Agreement and applicable Data Protection Laws.
Data Breach
"Data Breach" means a confirmed incident resulting in unauthorized access to, acquisition of, disclosure of, loss of, or compromise of Personal Information or regulated data requiring notification under Applicable Law.
A Data Breach may include:
- unauthorized disclosure of Personal Information;
- loss of protected information;
- compromise of credentials;
- improper access to Customer Data; and
- other legally reportable events.
Service Degradation
"Service Degradation" means a reduction in Service performance, responsiveness, functionality, availability, or reliability that does not completely prevent access to the Services.
Service Degradation may include:
- slower response times;
- limited functionality;
- partial feature interruption;
- reduced performance;
- integration delays; and
- temporary operational limitations.
Service Interruption
"Service Interruption" means any period during which Customer or Authorized Users are unable to access or use all or a material portion of the Services.
Service Interruptions may result from:
- system failures;
- maintenance activities;
- network events;
- security events;
- infrastructure failures;
- software issues; or
- other operational causes.
Service Level Agreement ("SLA")
"Service Level Agreement" or "SLA" means the documented service performance commitments, availability standards, response targets, resolution objectives, support procedures, and operational commitments applicable to the Services.
An SLA may define:
- availability commitments;
- uptime calculations;
- support response times;
- incident severity levels;
- maintenance exclusions;
- service credits;
- performance measurements; and
- remediation procedures.
Availability Commitment
"Availability Commitment" means the agreed percentage of time during which the Services are intended to remain available and operational, subject to applicable exclusions.
Availability calculations may exclude:
- Scheduled Maintenance;
- Emergency Maintenance;
- Customer-caused interruptions;
- third-party outages;
- Force Majeure Events; and
- other exclusions stated in the SLA.
Scheduled Maintenance
"Scheduled Maintenance" means planned maintenance activities performed by Company to maintain, update, improve, secure, or modify the Services or supporting infrastructure.
Scheduled Maintenance may include:
- software updates;
- security patches;
- database maintenance;
- infrastructure upgrades;
- system improvements;
- performance optimization;
- testing; and
- other operational activities.
Company may provide advance notice of Scheduled Maintenance when commercially reasonable.
Emergency Maintenance
"Emergency Maintenance" means unscheduled maintenance performed when Company reasonably determines immediate action is required to protect the Services, Systems, Customer Data, security, availability, or operational integrity.
Emergency Maintenance may occur without advance notice when necessary to address:
- security vulnerabilities;
- critical defects;
- system failures;
- operational risks;
- compliance requirements; or
- urgent infrastructure issues.
Maintenance Window
"Maintenance Window" means an identified period during which Company may perform Scheduled Maintenance or Emergency Maintenance that may affect Service availability or performance.
Maintenance Windows may be communicated through:
- Service notices;
- customer portals;
- email notifications;
- support communications; or
- other approved communication channels.
Support Services
"Support Services" means technical assistance, troubleshooting, issue resolution, guidance, documentation, and operational assistance provided by Company relating to Customer's use of the Services.
Support Services may include:
- problem diagnosis;
- technical troubleshooting;
- user assistance;
- configuration support;
- bug investigation;
- service guidance; and
- operational assistance.
Support Ticket
"Support Ticket" means a documented request, inquiry, issue report, problem notification, or support communication submitted by Customer or an Authorized User through approved support channels.
A Support Ticket may include:
- ticket identification number;
- submission date and time;
- Customer information;
- issue description;
- affected Services;
- severity classification;
- troubleshooting information;
- communications history; and
- resolution details.
Support Channel
"Support Channel" means the approved methods through which Customer may request Support Services.
Support Channels may include:
- support portal;
- email;
- telephone;
- chat;
- designated customer platforms; and
- other methods established by Company.
Response Time
"Response Time" means the target period within which Company acknowledges receipt of a Support Ticket, Incident report, or service request. Response Time does not necessarily mean resolution time.
Resolution Time
"Resolution Time" means the period required to restore normal Service operation, provide a workaround, correct an issue, or otherwise resolve an Incident or Support Ticket.
Resolution Time may depend on:
- severity level;
- complexity;
- Customer cooperation;
- third-party dependencies;
- available remediation options; and
- technical circumstances.
Incident Priority
"Incident Priority" means the classification assigned to an Incident based on business impact, severity, urgency, affected Services, number of impacted users, and operational consequences.
Incident Priority levels may include:
- Critical;
- High;
- Medium; and
- Low.
Critical Incident
"Critical Incident" means an Incident causing substantial unavailability, material operational disruption, significant security risk, or inability of Customer to use a material portion of the Services.
Examples may include:
- complete Service outage;
- major authentication failure;
- critical security event;
- significant data integrity issue; or
- material production failure.
Change Request
"Change Request" means a request by Customer or Company to modify, enhance, configure, expand, reduce, or otherwise change the Services, integrations, functionality, implementation, or applicable scope.
Change Requests may require a written Change Order.
Change Order
"Change Order" means a written agreement describing approved changes to Services, scope, fees, timelines, responsibilities, or deliverables.
A Change Order may modify:
- implementation scope;
- professional services;
- integration requirements;
- delivery schedules;
- fees; and
- other commercial terms.
Operational Data
"Operational Data" means information generated through operation, monitoring, maintenance, support, and performance of the Services.
Operational Data may include:
- system logs;
- performance metrics;
- availability records;
- diagnostic information;
- support records;
- error information; and
- technical events.
Service Status
"Service Status" means the current operational condition, availability status, performance condition, maintenance state, or incident condition of the Services.
2.17 Biometric Terms
Biometric Data
"Biometric Data" means information generated from the measurement, analysis, processing, or use of biological, physiological, behavioral, or physical characteristics of an individual that can be used to identify or authenticate an individual.
Biometric Data may include:
- facial recognition data;
- face geometry measurements;
- fingerprint information;
- voice characteristics;
- iris or retina patterns;
- hand geometry;
- palm prints;
- typing patterns;
- behavioral identifiers;
- gait patterns; and
- other biometric identifiers recognized under Applicable Law.
Biometric Data shall be treated as Sensitive Personal Information where required by Applicable Law.
Biometric Identifier
"Biometric Identifier" means a unique biological or behavioral characteristic of an individual that may be used to identify, verify, authenticate, or distinguish that individual.
Biometric Identifiers may include:
- fingerprints;
- facial features;
- voice patterns;
- retinal scans;
- iris scans;
- hand geometry;
- signature dynamics;
- keystroke patterns; and
- other unique biological characteristics.
Biometric Information
"Biometric Information" means information derived from a Biometric Identifier through collection, analysis, measurement, conversion, comparison, storage, or processing.
Biometric Information may include:
- mathematical representations;
- templates;
- feature vectors;
- biometric signatures;
- comparison results;
- verification results; and
- authentication records.
Biometric Template
"Biometric Template" means a mathematical, digital, cryptographic, or algorithmic representation created from Biometric Data for purposes of identification, verification, authentication, comparison, or security.
A Biometric Template may include:
- encoded biometric characteristics;
- feature maps;
- hash representations;
- digital signatures;
- machine-readable biometric representations; and
- similar derived biometric records.
A Biometric Template shall not be considered anonymous solely because it does not contain a person's name or direct identifier.
Biometric Processing
"Biometric Processing" means any operation performed on Biometric Data or Biometric Information, including:
- collection;
- capture;
- recording;
- storage;
- analysis;
- matching;
- comparison;
- classification;
- verification;
- authentication;
- transmission;
- disclosure;
- deletion; or
- destruction.
Biometric Authentication
"Biometric Authentication" means a security process that verifies an individual's identity using Biometric Data or Biometric Information.
Biometric Authentication may be used for:
- account access;
- identity verification;
- fraud prevention;
- workforce authentication;
- device access;
- transaction verification; and
- security purposes.
Biometric Verification
"Biometric Verification" means the process of comparing newly captured biometric information against previously enrolled biometric information to determine whether the information matches an existing authorized identity.
Biometric Verification generally performs a one-to-one comparison.
Biometric Identification
"Biometric Identification" means the process of comparing Biometric Data against one or more records for the purpose of determining or identifying an individual.
Biometric Identification generally performs a one-to-many comparison.
Biometric System
"Biometric System" means any software, hardware, platform, service, application, device, algorithm, or technology used to collect, process, analyze, store, compare, verify, or otherwise handle Biometric Data.
A Biometric System may include:
- cameras;
- scanners;
- sensors;
- authentication software;
- identity platforms;
- verification services; and
- related technologies.
Biometric Technology
"Biometric Technology" means technology capable of collecting, processing, analyzing, or utilizing Biometric Data or Biometric Information for identification, authentication, security, operational, or business purposes.
Biometric Consent
"Biometric Consent" means a legally sufficient authorization, agreement, or permission provided by an individual before collection, capture, processing, or use of Biometric Data where required by Applicable Law.
Biometric Consent may require:
- clear notice;
- specific disclosure;
- affirmative authorization;
- purpose identification;
- retention disclosures; and
- withdrawal mechanisms.
Biometric Notice
"Biometric Notice" means a written or electronic disclosure provided to an individual describing the collection, use, storage, processing, retention, sharing, or deletion practices relating to Biometric Data.
A Biometric Notice may include:
- categories of biometric information collected;
- purpose of collection;
- retention periods;
- disclosure practices;
- third-party involvement; and
- individual rights.
Biometric Data Controller
"Biometric Data Controller" means the person or entity that determines the purposes and means of collecting, processing, storing, or using Biometric Data.
Where Customer determines the purpose and use of Biometric Data relating to its consumers, employees, or users, Customer may act as the Biometric Data Controller.
Biometric Data Processor
"Biometric Data Processor" means the person or entity that processes Biometric Data on behalf of a Controller according to documented instructions.
Company may act as a Biometric Data Processor where it processes Biometric Data solely to provide Services requested by Customer.
Biometric Service Provider
"Biometric Service Provider" means a third-party vendor, technology provider, identity provider, authentication provider, security provider, or other service provider engaged to process Biometric Data in connection with providing the Services.
A Biometric Service Provider may include:
- identity verification providers;
- fraud prevention providers;
- authentication providers;
- security vendors; and
- technology infrastructure providers.
Biometric Enrollment
"Biometric Enrollment" means the process of initially collecting Biometric Data and associating such information with an individual, account, device, credential, or identity profile.
Biometric Enrollment may include:
- initial capture;
- identity association;
- template creation;
- verification setup; and
- security configuration.
Biometric Match
"Biometric Match" means the result of comparing Biometric Information against stored or reference information to determine whether sufficient similarity exists.
A Biometric Match may produce:
- match results;
- confidence scores;
- verification outcomes;
- authentication decisions; and
- security responses.
Biometric Data Retention Period
"Biometric Data Retention Period" means the period during which Biometric Data, Biometric Information, or Biometric Templates may be retained, stored, or maintained before deletion or destruction.
Retention periods shall be determined by:
- Applicable Law;
- Customer instructions;
- business purpose;
- security requirements; and
- contractual obligations.
Biometric Data Destruction
"Biometric Data Destruction" means the permanent deletion, removal, or disposal of Biometric Data such that the information cannot reasonably be reconstructed or used for its original purpose.
Biometric Security Controls
"Biometric Security Controls" means administrative, technical, and organizational safeguards designed to protect Biometric Data against unauthorized access, disclosure, alteration, loss, or misuse.
Security Controls may include:
- encryption;
- access restrictions;
- authentication controls;
- logging;
- monitoring;
- segmentation;
- retention controls;
- security testing; and
- incident response procedures.
Biometric Laws
"Biometric Laws" means Applicable Laws governing the collection, use, storage, disclosure, retention, protection, or destruction of Biometric Data.
Biometric Laws may include:
- state biometric privacy laws;
- consumer privacy laws;
- data protection regulations;
- security requirements; and
- industry-specific requirements.
Biometric Information Security Incident
"Biometric Information Security Incident" means an actual or reasonably suspected unauthorized access, disclosure, acquisition, alteration, loss, destruction, or compromise involving Biometric Data or Biometric Information.
A Biometric Information Security Incident shall be handled according to applicable Security Incident and Data Breach procedures under this Agreement.
2.18 State Laws
State Laws
"State Laws" means all applicable laws, statutes, regulations, rules, ordinances, attorney general guidance, regulatory requirements, administrative requirements, judicial decisions, and governmental directives enacted or issued by any state, commonwealth, territory, or similar governmental jurisdiction within the United States that apply to the Parties, the Services, Customer Data, Personal Information, or the processing activities performed under this Agreement.
State Laws may include laws governing:
- privacy and data protection;
- consumer rights;
- data security;
- breach notification;
- communications;
- marketing;
- financial information;
- biometric information;
- automotive transactions;
- employment information;
- consumer reporting;
- electronic transactions; and
- industry-specific compliance obligations.
Applicable State Privacy Law
"Applicable State Privacy Law" means any State Law regulating the collection, processing, storage, use, disclosure, sale, sharing, or protection of Personal Information or Personal Data.
Applicable State Privacy Laws may include:
- comprehensive consumer privacy laws;
- state-specific privacy statutes;
- data protection requirements;
- consumer rights laws; and
- state regulatory guidance.
Consumer Privacy Law
"Consumer Privacy Law" means any law enacted by a state jurisdiction that grants individuals rights regarding Personal Information and regulates businesses that collect, process, use, disclose, or retain such information.
Consumer Privacy Laws may establish rights relating to:
- access;
- correction;
- deletion;
- portability;
- opt-out;
- restriction of processing;
- consent;
- automated decision-making;
- profiling; and
- disclosure of privacy practices.
Comprehensive State Privacy Law
"Comprehensive State Privacy Law" means a state privacy statute generally regulating the processing of Personal Information across multiple industries.
Such laws may govern:
- consumer rights;
- business obligations;
- processor obligations;
- contract requirements;
- security practices;
- data minimization;
- purpose limitation; and
- transparency requirements.
California Consumer Privacy Act ("CCPA")
"California Consumer Privacy Act" or "CCPA" means the California privacy law governing the collection, use, disclosure, sale, sharing, and protection of Personal Information of California residents, as amended from time to time.
The CCPA may impose obligations relating to:
- consumer notices;
- consumer rights;
- service provider obligations;
- contractual requirements;
- data minimization;
- security practices; and
- consumer requests.
California Privacy Rights Act ("CPRA")
"California Privacy Rights Act" or "CPRA" means amendments and apitions to California privacy law expanding consumer privacy protections and obligations applicable to businesses, contractors, service providers, and third parties.
CPRA may address:
- sensitive personal information;
- contractor obligations;
- data retention;
- consumer rights;
- audits;
- data sharing; and
- privacy enforcement.
Colorado Privacy Act ("CPA")
"Colorado Privacy Act" or "CPA" means Colorado legislation governing Personal Data processing, consumer rights, controller responsibilities, and processor obligations.
CPA-related requirements may include:
- consumer rights;
- consent requirements;
- data protection assessments;
- processor agreements;
- privacy notices; and
- data security obligations.
Connecticut Data Privacy Act ("CTDPA")
"Connecticut Data Privacy Act" or "CTDPA" means Connecticut privacy legislation governing Personal Data processing and consumer rights.
CTDPA may address:
- consumer access rights;
- deletion rights;
- opt-out rights;
- controller duties;
- processor duties; and
- security requirements.
Virginia Consumer Data Protection Act ("VCDPA")
"Virginia Consumer Data Protection Act" or "VCDPA" means Virginia privacy legislation governing Personal Data processing, consumer rights, and obligations of controllers and processors.
State Data Breach Notification Laws
"State Data Breach Notification Laws" means State Laws requiring notification, investigation, remediation, reporting, or other actions following unauthorized access to, disclosure of, or compromise of Personal Information.
Such laws may establish requirements relating to:
- incident investigation;
- consumer notice;
- regulator notice;
- timelines;
- content of notifications; and
- security remediation.
State Consumer Protection Laws
"State Consumer Protection Laws" means State Laws prohibiting unfair, deceptive, fraudulent, or unlawful business practices.
Such laws may regulate:
- advertising;
- marketing practices;
- consumer disclosures;
- communications;
- automotive transactions;
- sales practices; and
- representation of products or services.
State Communications Laws
"State Communications Laws" means State Laws governing electronic communications, telephone communications, text messaging, automated communications, marketing communications, and consumer contact practices.
Such laws may address:
- SMS messaging;
- telephone communications;
- automated calls;
- marketing consent;
- recording of communications; and
- consumer opt-out rights.
State Biometric Privacy Laws
"State Biometric Privacy Laws" means State Laws regulating the collection, use, storage, disclosure, retention, and destruction of Biometric Data.
Such laws may require:
- notice;
- consent;
- security safeguards;
- retention policies;
- disclosure restrictions; and
- destruction procedures.
State Financial Privacy Laws
"State Financial Privacy Laws" means State Laws governing financial information, consumer financial data, lending information, payment information, or financial transactions.
Such laws may regulate:
- financial records;
- credit information;
- payment data;
- banking information;
- consumer disclosures; and
- security obligations.
State Automotive Laws
"State Automotive Laws" means State Laws governing automotive businesses, dealerships, vehicle transactions, repair services, financing activities, advertising, consumer disclosures, and automotive-related operations.
State Automotive Laws may address:
- vehicle sales;
- dealer licensing;
- advertising;
- vehicle records;
- odometer disclosures;
- service activities;
- consumer transactions; and
- dealer compliance requirements.
State Data Protection Requirements
"State Data Protection Requirements" means State Laws requiring reasonable administrative, technical, and organizational safeguards to protect Personal Information.
Requirements may include:
- access controls;
- encryption;
- security policies;
- risk assessments;
- incident response;
- employee controls; and
- vendor management.
State Regulatory Authority
"State Regulatory Authority" means any state governmental, administrative, supervisory, enforcement, or regulatory body responsible for administering, interpreting, or enforcing State Laws.
Examples may include:
- state attorneys general;
- privacy regulators;
- consumer protection agencies;
- financial regulators;
- licensing authorities; and
- administrative agencies.
State Consumer Rights Request
"State Consumer Rights Request" means a request submitted by an individual exercising rights granted under Applicable State Privacy Law.
Such requests may include:
- access requests;
- deletion requests;
- correction requests;
- opt-out requests;
- data portability requests;
- restriction requests; and
- consent withdrawal requests.
State-Specific Addendum
"State-Specific addendum" means any supplemental agreement, privacy addendum, data processing addendum, compliance schedule, or amendment addressing requirements imposed by specific State Laws.
Regulated Data
"Regulated Data" means information subject to legal, regulatory, contractual, or industry-specific protection requirements under State Laws.
Regulated Data may include:
- Personal Information;
- Sensitive Personal Information;
- financial information;
- biometric information;
- health-related information;
- consumer records;
- vehicle-related information; and
- other protected information.
2.19 Federal Laws
Federal Laws
"Federal Laws" means all applicable federal statutes, regulations, rules, executive orders, regulatory guidance, administrative interpretations, agency requirements, judicial decisions, and governmental directives enacted or issued by the United States federal government that apply to the Parties, the Services, Customer Data, Personal Information, or the processing activities performed under this Agreement.
Federal Laws may include laws governing:
- privacy and data protection;
- consumer protection;
- communications;
- marketing;
- financial information;
- credit transactions;
- automotive commerce;
- cybersecurity;
- export controls;
- electronic transactions;
- employment information; and
- regulated business activities.
Federal Privacy Laws
"Federal Privacy Laws" means federal laws governing the collection, use, disclosure, processing, protection, or security of Personal Information or regulated information.
Federal Privacy Laws may include:
- consumer privacy requirements;
- financial privacy requirements;
- communications privacy requirements;
- data security obligations; and
- sector-specific privacy requirements.
Federal Trade Commission Act ("FTC Act")
"Federal Trade Commission Act" or "FTC Act" means the federal law governing unfair or deceptive acts or practices affecting commerce.
The FTC Act may apply to:
- advertising;
- marketing representations;
- consumer disclosures;
- privacy practices;
- data security practices; and
- business conduct.
Federal Consumer Protection Laws
"Federal Consumer Protection Laws" means federal laws regulating consumer-facing practices, disclosures, advertising, transactions, communications, and business activities.
Federal Consumer Protection Laws may address:
- unfair or deceptive practices;
- consumer disclosures;
- advertising claims;
- marketing communications;
- consumer transactions; and
- data handling practices.
Gramm-Leach-Bliley Act ("GLBA")
"Gramm-Leach-Bliley Act" or "GLBA" means federal legislation governing the collection, use, disclosure, and protection of nonpublic personal information by certain financial institutions and related entities.
GLBA may impose obligations relating to:
- privacy notices;
- consumer financial information;
- security safeguards;
- vendor oversight;
- information sharing;
- data protection; and
- risk management.
GLBA may apply to dealership financing activities, lending relationships, payment activities, or financial services operations.
Safeguards Rule
"Safeguards Rule" means applicable federal requirements relating to administrative, technical, and physical safeguards designed to protect consumer financial information.
Safeguards Rule obligations may include:
- security programs;
- risk assessments;
- access controls;
- encryption;
- monitoring;
- incident response;
- vendor management; and
- security governance.
Federal Communications Commission ("FCC") Laws
"Federal Communications Commission Laws" means federal laws, regulations, and requirements administered or enforced by the Federal Communications Commission relating to electronic communications.
Such laws may govern:
- telephone communications;
- text messaging;
- automated communications;
- consumer consent;
- marketing communications;
- caller identification; and
- communications practices.
Telephone Consumer Protection Act ("TCPA")
"Telephone Consumer Protection Act" or "TCPA" means federal law governing certain telephone, text messaging, and automated communications practices.
TCPA may regulate:
- automated calls;
- automated text messages;
- marketing communications;
- consumer consent requirements;
- opt-out requirements; and
- telemarketing activities.
CAN-SPAM Act
"CAN-SPAM Act" means federal law governing commercial electronic mail communications.
CAN-SPAM requirements may include:
- commercial email disclosures;
- sender identification;
- unsubscribe mechanisms;
- opt-out processing;
- header requirements; and
- email marketing practices.
Electronic Communications Privacy Act ("ECPA")
"Electronic Communications Privacy Act" or "ECPA" means federal law governing interception, access, storage, and disclosure of electronic communications.
ECPA-related obligations may apply to:
- electronic communications;
- stored messages;
- communication systems;
- user communications; and
- electronic records.
Computer Fraud and Abuse Act ("CFAA")
"Computer Fraud and Abuse Act" or "CFAA" means federal law addressing unauthorized access to computer systems, networks, and protected information.
CFAA-related obligations may include restrictions against:
- unauthorized access;
- credential misuse;
- system interference;
- unauthorized extraction of data; and
- circumvention of security controls.
Health Insurance Portability and Accountability Act ("HIPAA")
"Health Insurance Portability and Accountability Act" or "HIPAA" means federal legislation governing protected health information and related privacy and security requirements.
HIPAA may apply only where the Services involve regulated health information.
Fair Credit Reporting Act ("FCRA")
"Fair Credit Reporting Act" or "FCRA" means federal law governing consumer reports, consumer reporting agencies, permissible purposes, credit-related information, and related consumer protections.
FCRA may apply to:
- credit information;
- consumer reports;
- background information;
- credit decisions; and
- financial qualification processes.
Equal Credit Opportunity Act ("ECOA")
"Equal Credit Opportunity Act" or "ECOA" means federal law prohibiting unlawful discrimination in credit transactions.
ECOA may apply to:
- credit applications;
- lending decisions;
- financing activities;
- credit disclosures; and
- consumer financing processes.
Truth in Lending Act ("TILA")
"Truth in Lending Act" or "TILA" means federal law governing disclosures and requirements relating to consumer credit transactions.
TILA may address:
- credit terms;
- finance charges;
- loan disclosures;
- consumer credit advertising; and
- financing information.
Automotive Dealer Laws
"Automotive Dealer Laws" means federal laws and regulations applicable to automotive dealerships, vehicle transactions, automotive advertising, vehicle records, financing activities, and related automotive business operations.
Such laws may include requirements relating to:
- vehicle sales practices;
- consumer disclosures;
- advertising;
- vehicle information;
- dealer operations;
- financing activities; and
- consumer transactions.
Federal Vehicle Safety Laws
"Federal Vehicle Safety Laws" means federal laws and regulations governing vehicle safety, vehicle defects, recalls, manufacturer obligations, and related automotive information.
Such laws may include requirements concerning:
- vehicle identification;
- recall information;
- safety notices;
- manufacturer reporting; and
- vehicle safety records.
Federal Communications Privacy Requirements
"Federal Communications Privacy Requirements" means federal requirements governing collection, recording, monitoring, storage, and use of communications.
Such requirements may apply to:
- voice communications;
- SMS messages;
- MMS messages;
- email communications;
- call recordings;
- customer interactions; and
- marketing communications.
Federal Data Security Requirements
"Federal Data Security Requirements" means federal laws, regulations, standards, and guidance requiring reasonable security measures to protect information.
Security requirements may include:
- access management;
- authentication;
- encryption;
- monitoring;
- incident response;
- risk management; and
- security governance.
Export Control Laws
"Export Control Laws" means federal laws governing export, re-export, transfer, access, or use of software, technology, technical information, or services.
Export Control Laws may include restrictions relating to:
- restricted countries;
- restricted persons;
- sanctions;
- technology transfers;
- software exports; and
- regulated information.
Office of Foreign Assets Control ("OFAC") Requirements
"OFAC Requirements" means federal sanctions requirements administered by the United States government restricting transactions or services involving prohibited countries, entities, individuals, or activities.
Federal Regulatory Authority
"Federal Regulatory Authority" means any federal agency, department, regulator, enforcement authority, or governmental body responsible for administering or enforcing Federal Laws.
Federal Regulatory Authorities may include:
- Federal Trade Commission;
- Federal Communications Commission;
- Consumer Financial Protection Bureau;
- Securities and Exchange Commission;
- Department of Justice;
- Department of Transportation;
- National Highway Traffic Safety Administration; and
- other federal agencies.
Regulated Information
"Regulated Information" means any information subject to protection, handling, retention, disclosure, or security obligations under Federal Laws.
Regulated Information may include:
- Personal Information;
- consumer financial information;
- credit information;
- payment information;
- communications data;
- biometric information;
- vehicle information; and
- other protected information.
2.20 Regulations Terms
Regulations
"Regulations" means all applicable rules, regulations, requirements, standards, orders, directives, interpretations, guidance, bulletins, advisories, and official instructions issued by any Government Authority or regulatory body that apply to the Parties, the Services, Customer Data, Personal Information, or activities performed under this Agreement.
Regulations may include requirements relating to:
- privacy;
- data protection;
- cybersecurity;
- consumer protection;
- financial services;
- automotive operations;
- communications;
- marketing;
- record retention;
- security controls; and
- industry compliance obligations.
Applicable Regulations
"Applicable Regulations" means Regulations that apply to a Party based on its role, activities, location, customers, services, data processing activities, industry participation, or legal obligations.
Applicable Regulations may include:
- federal regulations;
- state regulations;
- local regulations;
- industry standards;
- regulatory guidance; and
- contractual compliance requirements.
Regulatory Authority
"Regulatory Authority" means any governmental agency, department, commission, authority, regulator, supervisory body, enforcement agency, or other organization responsible for issuing, administering, interpreting, or enforcing Regulations.
Regulatory Authorities may include:
- federal agencies;
- state agencies;
- local authorities;
- industry regulators;
- licensing bodies; and
- administrative agencies.
Regulatory Requirement
"Regulatory Requirement" means any obligation, restriction, condition, standard, procedure, or requirement imposed by Applicable Regulations.
Regulatory Requirements may govern:
- collection of information;
- processing activities;
- security practices;
- consumer interactions;
- business operations;
- communications;
- recordkeeping;
- reporting; and
- audit obligations.
Regulated Activity
"Regulated Activity" means any business activity, transaction, service, process, or operation subject to regulatory oversight.
Regulated Activities may include:
- vehicle sales transactions;
- vehicle financing;
- payment processing;
- consumer communications;
- data processing;
- identity verification;
- marketing activities;
- credit-related activities; and
- financial services activities.
Regulated Data
"Regulated Data" means any data, information, record, or content subject to legal, regulatory, contractual, or industry-specific requirements.
Regulated Data may include:
- Personal Information;
- Sensitive Personal Information;
- consumer financial information;
- credit information;
- payment information;
- biometric information;
- communications records;
- vehicle information; and
- other protected data.
Regulatory Compliance
"Regulatory Compliance" means adherence to Applicable Regulations, Regulatory Requirements, industry standards, and legally applicable obligations.
Regulatory Compliance may include:
- implementation of required controls;
- maintenance of policies;
- documentation requirements;
- training requirements;
- reporting obligations;
- security safeguards; and
- corrective actions.
Compliance Program
"Compliance Program" means a documented framework of policies, procedures, controls, practices, and governance processes designed to support compliance with Applicable Regulations.
A Compliance Program may include:
- risk management;
- security policies;
- privacy practices;
- training;
- monitoring;
- audits;
- vendor management; and
- incident response procedures.
Industry Standards
"Industry Standards" means generally recognized technical, operational, security, privacy, or business practices applicable to the Services or relevant industries.
Industry Standards may include:
- cybersecurity frameworks;
- privacy practices;
- automotive industry practices;
- payment standards;
- security frameworks;
- data governance practices; and
- operational standards.
Automotive Industry Regulations
"Automotive Industry Regulations" means Regulations applicable to automotive businesses, dealerships, manufacturers, suppliers, service providers, and related automotive operations.
Automotive Industry Regulations may govern:
- vehicle transactions;
- dealer operations;
- vehicle records;
- consumer disclosures;
- advertising;
- vehicle safety information;
- recalls;
- financing activities; and
- automotive service operations.
Dealer Regulations
"Dealer Regulations" means Regulations applicable to Customer's dealership, dealer group, automotive retailer, or automotive-related business operations.
Dealer Regulations may address:
- dealer licensing;
- sales practices;
- consumer protection;
- advertising;
- vehicle documentation;
- finance operations;
- customer communications; and
- record retention.
Privacy Regulations
"Privacy Regulations" means Regulations governing privacy rights, Personal Information, Personal Data, consumer information, and data processing activities.
Privacy Regulations may include requirements relating to:
- notice;
- consent;
- access rights;
- deletion rights;
- data minimization;
- purpose limitation;
- security safeguards; and
- processor obligations.
Security Regulations
"Security Regulations" means Regulations requiring protection of systems, networks, applications, infrastructure, and information against unauthorized access, misuse, disclosure, alteration, destruction, or compromise.
Security Regulations may address:
- access controls;
- encryption;
- authentication;
- monitoring;
- incident response;
- vulnerability management;
- risk assessments; and
- security governance.
Financial Regulations
"Financial Regulations" means Regulations applicable to financial information, payments, lending, credit activities, financing transactions, or financial service operations.
Financial Regulations may address:
- consumer financial information;
- credit applications;
- payment processing;
- transaction records;
- financial disclosures;
- security obligations; and
- recordkeeping.
Communications Regulations
"Communications Regulations" means Regulations governing electronic communications, messaging, telephone communications, marketing communications, and consumer outreach activities.
Communications Regulations may include requirements relating to:
- SMS;
- MMS;
- email;
- voice communications;
- automated messaging;
- consumer consent;
- opt-out mechanisms; and
- record retention.
Regulatory Change
"Regulatory Change" means any modification, amendment, enactment, repeal, interpretation, or newly issued Regulation that affects the Services, Customer Data, processing activities, or obligations under this Agreement.
Regulatory Changes may require:
- Service modifications;
- policy updates;
- technical changes;
- operational adjustments;
- optional compliance measures; or
- contract amendments.
Regulatory Investigation
"Regulatory Investigation" means any inquiry, examination, audit, review, investigation, request for information, enforcement action, or proceeding conducted by a Regulatory Authority.
Regulatory Request
"Regulatory Request" means any request, demand, notice, subpoena, inquiry, directive, or communication received from a Regulatory Authority.
Regulatory Audit
"Regulatory Audit" means an audit, assessment, examination, inspection, or review conducted by a Regulatory Authority or authorized party to evaluate compliance with Applicable Regulations.
Regulatory Record
"Regulatory Record" means any document, report, log, communication, record, or evidence maintained to demonstrate compliance with Applicable Regulations.
Regulatory Records may include:
- audit records;
- security records;
- privacy records;
- consent records;
- training records;
- transaction records; and
- compliance documentation.
Regulatory Reporting
"Regulatory Reporting" means any required submission, notice, disclosure, filing, report, or communication provided to a Regulatory Authority.
Compliance Obligation
"Compliance Obligation" means any legal, regulatory, contractual, operational, or industry requirement applicable to a Party or the Services.
Compliance Obligations may include:
- privacy obligations;
- security obligations;
- consumer obligations;
- data handling requirements;
- documentation requirements; and
- operational controls.
2.21 Interpretation Terms
Agreement
"Agreement" means this Master Services Agreement together with all exhibits, schedules, appendices, attachments, apenda, Order Forms, Statements of Work, Data Processing Apenda, Service Level Agreements, Documentation, and other documents expressly incorporated by reference.
Affiliate
"Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with a Party. For purposes of this Agreement, control means ownership of, or the right to direct, more than fifty percent (50%) of the voting interests or equivalent ownership rights of an entity.
Applicable Law
"Applicable Law" means all applicable federal, state, local, foreign, and international laws, regulations, rules, ordinances, regulatory requirements, governmental orders, and legally binding standards applicable to a Party, the Services, Customer Data, Personal Information, or activities performed under this Agreement.
Business Day
"Business Day" means any day other than Saturday, Sunday, or a recognized banking holiday in the jurisdiction where Company maintains its principal place of business.
Calendar Day
"Calendar Day" means any day of the calendar year, including weekends and holidays.
Company
"Company" means Metzger Enterprises LLC d/b/a AutoRevolution, including its subsidiaries and Affiliates where applicable, acting as the Provider, Service Provider, Processor, software licensor, technology provider, and service operator under this Agreement.
Customer
"Customer" means the dealership, dealer group, automotive retailer, automotive business, automotive service provider, lender, vendor, partner, or other legal entity that enters into this Agreement and receives the Services. Where applicable under Privacy Laws, Customer acts as the Controller of Customer Data.
Controller
"Controller" means the entity that determines the purposes and means of Processing Personal Information.
For purposes of Customer Data controlled by Customer, Customer shall act as Controller where required by Applicable Law.
Processor
"Processor" means the entity that Processes Personal Information on behalf of a Controller pursuant to documented instructions.
Company may act as Processor or Service Provider when Processing Customer Data solely to provide the Services.
Provider
"Provider" means Company in its capacity as provider of the Services, Software, technology platform, integrations, support, professional services, and related offerings.
Party
"Party" means either Company or Customer individually.
Parties
"Parties" means Company and Customer collectively.
Including
"Including" means including without limitation and shall not be interpreted as restricting the scope of the preceding words or concepts.
Without Limitation
"Without Limitation" means that the listed examples are illustrative only and do not limit the broader meaning of the referenced term.
And / Or
"And / Or" means one or more of the listed items, individually or collectively, as the context requires.
Singular and Plural
Words used in the singular include the plural and words used in the plural include the singular, unless the context requires otherwise.
Gender Neutral Interpretation
References to any gender shall include all genders, and references to persons include individuals, entities, organizations, companies, governmental authorities, and other legal persons.
Person
"Person" means any individual, corporation, limited liability company, partnership, trust, association, governmental authority, or other legal entity.
Entity
"Entity" means any legally recognized organization, company, institution, governmental body, or other legal person.
Written Notice
"Written Notice" means any communication delivered in written form, including electronic mail, electronic notification, contractual messaging systems, or other authorized electronic communication methods permitted under this Agreement.
Electronic Signature
"Electronic Signature" means an electronic symbol, process, or method executed or adopted by a person with intent to authenticate or approve an electronic record.
Electronic signatures shall have the same legal effect as handwritten signatures where permitted by Applicable Law.
Documentation
"Documentation" means user guides, technical documentation, specifications, instructions, manuals, training materials, online resources, and other materials provided by Company describing the Services.
Service Description
"Service Description" means the description of Services, features, functionality, modules, integrations, and applicable service scope identified in an Order Form or applicable document.
Order Form
"Order Form" means an ordering document executed by the Parties describing subscriptions, Services, fees, implementation services, usage rights, term, and applicable commercial terms.
Statement of Work
"Statement of Work" or "SOW" means a written document describing professional services, implementation services, customization, consulting, integration, configuration, or other project-based services.
Effective Date
"Effective Date" means the date on which this Agreement becomes legally binding between the Parties.
Unless otherwise stated, the Effective Date is the date of the last signature of the Parties.
Term
"Term" means the period during which this Agreement remains in effect, including the initial subscription period and any renewal periods.
Renewal Term
"Renewal Term" means any apitional subscription period following expiration of an initial or prior term as provided in an Order Form or this Agreement.
Applicable Documents
"Applicable Documents" means documents incorporated into this Agreement by reference, including:
- Order Forms;
- Statements of Work;
- Service Level Agreements;
- Data Processing Addendum;
- Security Addendum;
- Privacy Addendum; and
- Exhibits and schedules.
Conflict
"Conflict" means any inconsistency, discrepancy, contradiction, or difference between provisions of this Agreement or incorporated documents.
Order of Precedence
"Order of Precedence" means the priority rules used to resolve conflicts between this Agreement and incorporated documents.
Unless otherwise stated, the order of precedence shall be:
- Data Processing Addendum and Security Addendum;
- executed Order Form;
- Statement of Work;
- Master Services Agreement;
- Documentation.
Interpretation
"Interpretation" means the process of determining the meaning, scope, and application of any provision of this Agreement.
Good Faith
"Good Faith" means honest, commercially reasonable conduct consistent with the intent and purpose of this Agreement.
Commercially Reasonable Efforts
"Commercially Reasonable Efforts" means efforts consistent with generally accepted industry practices, available resources, operational considerations, and the nature of the obligation.
Material
"Material" means significant, substantial, or reasonably likely to affect the rights, obligations, performance, or business interests of a Party.
Notice Period
"Notice Period" means the applicable period for providing advance notice before an action becomes effective.
Business Records
"Business Records" means records created, maintained, stored, transmitted, or processed in connection with the Services.
Business Records may include:
- transaction records;
- system records;
- audit records;
- usage records;
- communications records; and
- administrative records.
Survival
"Survival" means any provision that remains effective after expiration or termination of this Agreement.
Headings
"Headings" are included for convenience only and shall not affect the interpretation or meaning of any provision of this Agreement.
Reference
"Reference" means any citation, mention, incorporation, or reliance upon another provision, document, exhibit, schedule, law, standard, or external material.
Business Use
"Business Use" means use of the Services for internal commercial, operational, administrative, analytical, customer relationship, dealership, automotive, or related business purposes.
2.22 Use & Conduct Terms
Acceptable Use
"Acceptable Use" means the authorized access, configuration, implementation, and use of the Services for legitimate business purposes consistent with Customer's automotive, dealership, operational, administrative, customer relationship management, marketing, analytics, communications, and technology needs.
Acceptable Use includes:
- managing dealership operations;
- managing customer relationships;
- processing dealership transactions;
- managing inventory and vehicle information;
- supporting customer communications;
- performing authorized reporting and analytics;
- integrating approved business systems;
- supporting internal workflows; and
- other permitted business activities described in the applicable Order Form.
Authorized Purpose
"Authorized Purpose" means the specific business purposes for which Customer is permitted to access and use the Services under this Agreement. Customer shall not use the Services for purposes outside the Authorized Purpose without Company's prior written approval.
Authorized User Conduct
Customer is responsible for ensuring that all Authorized Users:
- use the Services only as permitted by this Agreement;
- maintain confidentiality of credentials;
- follow applicable security procedures;
- protect Customer Data;
- comply with Applicable Law;
- maintain professional conduct; and
- follow dealership policies and procedures.
Account Responsibility
Customer is responsible for:
- creating and managing Authorized User access;
- assigning appropriate permissions;
- terminating access when no longer authorized;
- maintaining account accuracy;
- protecting authentication credentials; and
- monitoring account activity.
Customer shall promptly notify Company of suspected unauthorized access.
Prohibited Use
Customer shall not, and shall not permit any third party to:
- use the Services for unlawful purposes;
- violate Applicable Law;
- infringe intellectual property rights;
- circumvent security controls;
- attempt unauthorized access;
- interfere with Service operation;
- introduce malicious code;
- damage or disrupt systems;
- reverse engineer or decompile the Services except as expressly permitted by law;
- copy, reproduce, resell, sublicense, or distribute the Services without authorization;
- use the Services to create competing products or services;
- scrape, harvest, or extract data through unauthorized methods;
- conduct security testing without authorization;
- impersonate another person or entity;
- misrepresent identity or authorization;
- use the Services to transmit unlawful content; or
- engage in fraudulent, deceptive, abusive, or harmful activities.
Security Misuse
Customer shall not:
- probe, scan, or test vulnerabilities;
- circumvent authentication mechanisms;
- attempt unauthorized penetration testing;
- access systems outside authorized permissions;
- disable security features;
- interfere with monitoring tools; or
- attempt to compromise availability or integrity of the Services.
Authorized security assessments require Company's prior written authorization.
Credential Sharing
Customer shall not share individual login credentials, authentication tokens, API keys, passwords, or security credentials among users unless expressly supported by the Services.
Customer shall maintain unique user identities where available.
Fraud Prevention
Customer shall not use the Services to facilitate, support, conceal, or conduct fraudulent activities.
Prohibited activities include:
- identity fraud;
- payment fraud;
- consumer deception;
- false dealership representation;
- unauthorized transactions;
- misleading communications; and
- improper data collection.
Automotive Compliance Use
Customer acknowledges that dealership operations may be subject to specialized automotive laws, regulations, OEM requirements, lender requirements, and industry standards.
Customer is responsible for ensuring that its use of the Services complies with:
- dealer licensing requirements;
- consumer protection requirements;
- advertising standards;
- vehicle transaction requirements;
- financing obligations;
- recordkeeping obligations; and
- OEM program requirements.
Consumer Communications Compliance
Where Customer uses communications functionality, Customer is solely responsible for ensuring compliance with applicable communications laws and requirements.
Customer shall obtain required permissions and maintain appropriate records for:
- SMS messages;
- MMS messages;
- emails;
- telephone communications;
- automated messaging;
- marketing campaigns; and
- consumer outreach.
Content Responsibility
Customer is solely responsible for content, information, messages, materials, records, and communications submitted through the Services.
Customer represents that Customer has the necessary rights, permissions, and authority to submit such content.
Customer Data Responsibility
Customer remains responsible for:
- lawful collection of Customer Data;
- accuracy of Customer Data;
- consumer notices;
- required consents;
- data ownership rights;
- data retention requirements; and
- appropriate use of Personal Information.
Company processes Customer Data according to Customer instructions and this Agreement.
Sensitive Data Restrictions
Customer shall not upload, transmit, or process Sensitive Personal Information through the Services except where:
- the functionality expressly supports such information;
- Customer has legal authority to do so;
- appropriate safeguards are implemented; and
- such processing complies with Applicable Law.
Malicious Code
"Malicious Code" includes any software, code, script, routine, or mechanism intended to:
- damage systems;
- interrupt operations;
- gain unauthorized access;
- destroy data;
- exfiltrate information; or
- compromise security.
Customer shall not introduce Malicious Code into the Services.
Artificial Intelligence Use
Customer shall use AI-enabled features only for authorized business purposes and shall not:
- submit unlawful content;
- attempt to extract confidential model information;
- use AI outputs as a substitute for required professional judgment;
- make unlawful automated decisions; or
- violate Applicable Law through AI usage.
Customer remains responsible for reviewing AI-generated outputs before reliance or external use.
Automation Restrictions
Customer shall not use automated tools, bots, scripts, crawlers, or similar mechanisms to access or interact with the Services except through Company-approved APIs, integrations, or documented methods.
API Use
Where Company provides APIs, Customer shall:
- use APIs according to Documentation;
- protect API credentials;
- maintain reasonable security controls;
- respect usage limits;
- avoid excessive requests; and
- not misuse integration capabilities.
Third-Party Integrations
Customer is responsible for third-party systems connected to the Services.
Customer acknowledges:
- third-party systems may have separate terms;
- Company does not control third-party platforms;
- integration availability may change; and
- third-party data accuracy remains the responsibility of the third party.
Compliance With Policies
Customer agrees to comply with:
- this Agreement;
- Documentation;
- Company security requirements;
- applicable usage guidelines;
- privacy requirements; and
- reasonable operational instructions.
Monitoring Rights
Company may monitor usage of the Services for:
- security;
- performance;
- fraud prevention;
- compliance;
- service improvement; and
- operational purposes.
Company shall not access Customer Data except as permitted under this Agreement.
Suspension Rights
Company may suspend access to the Services where reasonably necessary to:
- protect security;
- prevent misuse;
- address violations;
- comply with Applicable Law;
- protect customers or systems; or
- prevent material harm.
Company will provide notice where reasonably practicable.
Violation
"Violation" means any breach of this Acceptable Use & Conduct Terms section, including unauthorized access, prohibited activities, misuse of Services, security violations, or unlawful conduct.
2.23 Vendor & System Terms
Vendor Governance
"Vendor Governance" means the policies, procedures, controls, standards, and operational practices governing the selection, authorization, integration, management, monitoring, and use of third-party vendors, suppliers, service providers, technology providers, and business partners interacting with the Services.
Vendor Governance may include:
- vendor approval processes;
- security reviews;
- access management;
- data sharing controls;
- contract requirements;
- performance monitoring;
- compliance management; and
- risk management procedures.
Vendor
"Vendor" means any third-party company, provider, supplier, contractor, technology provider, platform, service provider, or business partner that provides products, services, integrations, data, software, infrastructure, or functionality used by Customer or Company.
A Vendor may include:
- OEM providers;
- dealer technology providers;
- CRM providers;
- DMS providers;
- inventory providers;
- marketing platforms;
- payment providers;
- communication providers;
- analytics providers;
- hosting providers; and
- other technology providers.
Authorized Vendor
"Authorized Vendor" means a Vendor approved by Customer or Company to access, exchange data with, integrate with, or otherwise interact with the Services.
Customer shall remain responsible for Vendors selected by Customer.
Third-Party Service
"Third-Party Service" means any product, platform, application, software, service, system, or technology not owned or controlled by Company that interoperates with or connects to the Services.
Third-Party Services may include:
- dealer management systems;
- customer relationship management systems;
- advertising platforms;
- payment systems;
- OEM systems;
- inventory systems;
- financial systems; and
- communication services.
System Interoperability
"System Interoperability" means the ability of the Services to exchange information, communicate, integrate, or function with other authorized systems, applications, platforms, or technologies.
Interoperability may occur through:
- APIs;
- Webhooks;
- data exports;
- data imports;
- connectors;
- integrations;
- file transfers;
- authentication protocols; and
- approved technical interfaces.
Integration
"Integration" means any technical connection, interface, configuration, workflow, data exchange, or operational relationship enabling the Services to communicate with another system.
An Integration may include:
- API connections;
- single sign-on connections;
- data synchronization;
- automated workflows;
- system connectors; and
- third-party applications.
Integration Partner
"Integration Partner" means any third party authorized to provide, maintain, support, or operate an integration between the Services and another system.
Integration Partners may include Vendors, OEMs, technology providers, or Customer-selected providers.
Interoperability Standards
"Interoperability Standards" means technical standards, protocols, formats, specifications, and practices used to enable reliable communication and data exchange between systems.
Interoperability Standards may include:
- API standards;
- authentication standards;
- data formats;
- security protocols;
- integration specifications; and
- industry practices.
Data Exchange
"Data Exchange" means the transmission, receipt, transfer, synchronization, import, export, or sharing of information between the Services and another system.
Data Exchange may include:
- Customer Data;
- Vehicle Data;
- Inventory Data;
- Customer records;
- transaction data;
- communications data; and
- operational information.
Data Mapping
"Data Mapping" means the process of aligning data fields, structures, formats, definitions, and relationships between systems.
Customer is responsible for ensuring that Customer Data provided for mapping is accurate and authorized.
Data Transformation
"Data Transformation" means the conversion, formatting, normalization, modification, or restructuring of data to enable compatibility between systems.
Data Transformation may include:
- format conversion;
- field mapping;
- data normalization;
- validation;
- enrichment; and
- standardization.
Data Connector
"Data Connector" means a software component, integration tool, API, interface, or technical mechanism used to connect systems and facilitate data exchange.
API Integration
"API Integration" means an integration using documented application programming interfaces to exchange information or enable functionality between systems.
API Integrations shall be subject to:
- authentication requirements;
- rate limits;
- security requirements;
- documentation;
- technical limitations; and
- applicable Vendor requirements.
Webhook
"Webhook" means an automated electronic notification mechanism allowing one system to send event-based information to another system.
Webhooks may transmit:
- events;
- status changes;
- transaction updates;
- workflow notifications; and
- other authorized information.
Interoperability Dependency
"Interoperability Dependency" means any external system, Vendor, platform, service, API, infrastructure component, or technology required for an Integration to function.
Company does not control third-party Interoperability Dependencies.Vendor Access
"Vendor Access" means any access granted to a Vendor or third party to systems, accounts, integrations, environments, APIs, or data.
Vendor Access shall be limited to:
- authorized purposes;
- minimum necessary permissions;
- approved workflows; and
- security requirements.
Vendor Credentials
"Vendor Credentials" means usernames, passwords, tokens, API keys, certificates, authentication credentials, or other access mechanisms used by Vendors to connect to the Services.
Vendor Credentials must be protected and managed securely.
Vendor Data
"Vendor Data" means information provided by, received from, or generated through a Vendor, Integration Partner, or Third-Party Service.
Vendor Data remains subject to applicable ownership and licensing rights.
Vendor Risk Management
"Vendor Risk Management" means processes designed to identify, evaluate, monitor, and mitigate risks associated with Vendors and Third-Party Services.
Vendor Risk Management may include:
- security reviews;
- compliance assessments;
- contract reviews;
- performance reviews;
- access reviews; and
- termination procedures.
System Compatibility
"System Compatibility" means the ability of the Services and another system to operate together based on supported technical requirements.
Company does not guarantee compatibility with unsupported systems.
Supported Integration
"Supported Integration" means an Integration officially supported, documented, maintained, or approved by Company.
Unsupported integrations may not receive support or warranty coverage.
Unsupported Integration
"Unsupported Integration" means any connection, customization, modification, integration, or technical interaction not approved or maintained by Company.
Unsupported Integrations may:
- impact performance;
- create security risks;
- cause data issues;
- affect availability; or
- limit Company's support obligations.
Interoperability Limitation
"Interoperability Limitation" means any technical, contractual, operational, security, regulatory, or third-party restriction affecting an Integration.
Interoperability Limitations may result from:
- Vendor restrictions;
- API changes;
- system limitations;
- security requirements;
- OEM requirements; or
- Applicable Law.
OEM Integration
"OEM Integration" means an Integration involving an original equipment manufacturer, automotive brand, manufacturer-affiliated system, or OEM-approved technology platform.
OEM Integrations may be subject to separate requirements imposed by the applicable OEM.
Dealer Technology Ecosystem
"Dealer Technology Ecosystem" means the collection of systems, applications, vendors, platforms, integrations, and technologies used by Customer in connection with dealership operations.
The Dealer Technology Ecosystem may include:
- DMS platforms;
- CRM systems;
- inventory systems;
- websites;
- marketing platforms;
- finance systems;
- communication systems; and
- analytics platforms.
Interoperability Responsibility
"Interoperability Responsibility" means the obligation of each Party to maintain its own systems, credentials, configurations, Vendors, and technology environment necessary for supported integrations.
Vendor Change
"Vendor Change" means any modification, replacement, suspension, termination, or alteration of a Vendor, Third-Party Service, Integration, or technology dependency.
Vendor Changes may affect functionality, availability, or performance.
2.24 Retailing & Merchandising Terms
Digital Retailing
"Digital Retailing" means technology-enabled automotive retail functionality that allows Consumers to research, configure, evaluate, communicate about, apply for, transact, or engage with a dealership regarding a vehicle purchase, lease, trade-in, financing option, service, or related automotive transaction.
Digital Retailing may include:
- vehicle browsing;
- inventory search;
- payment estimation;
- trade-in workflows;
- finance workflows;
- deal configuration;
- consumer messaging;
- appointment scheduling;
- lead capture;
- online purchase workflows; and
- dealer follow-up processes.
Digital Showroom
"Digital Showroom" means an online or digital representation of Customer's dealership inventory, vehicles, services, offers, and automotive retail experience.
A Digital Showroom may be displayed through:
- Customer websites;
- mobile applications;
- embedded widgets;
- third-party platforms;
- marketplaces; and
- other digital channels.
Inventory Data
"Inventory Data" means information relating to vehicles available for sale, lease, service, or display, including:
- vehicle identification numbers (VINs);
- make;
- model;
- year;
- trim;
- color;
- options;
- features;
- mileage;
- availability status;
- photos;
- descriptions;
- pricing information;
- vehicle history information; and
- related merchandising information.
Inventory Feed
"Inventory Feed" means an automated or manual transmission of Inventory Data between Customer, Company, or a third-party system.
Inventory Feeds may occur through:
- APIs;
- data files;
- feeds;
- connectors;
- imports;
- exports; or
- other approved methods.
Vehicle Data
"Vehicle Data" means information associated with a specific vehicle, including:
- VIN;
- vehicle specifications;
- ownership information;
- maintenance records;
- service information;
- warranty information;
- vehicle history;
- inspection information;
- valuation information; and
- availability information.
VIN
"VIN" means the vehicle identification number assigned to a vehicle by the manufacturer or applicable authority.
A VIN may be used to identify:
- vehicle specifications;
- inventory records;
- vehicle history;
- recall information;
- ownership records; and
- related automotive data.
Inventory Merchandising
"Inventory Merchandising" means the creation, management, optimization, presentation, enhancement, distribution, and promotion of vehicle inventory information through digital channels.
Inventory Merchandising may include:
- vehicle descriptions;
- images;
- videos;
- feature highlights;
- search optimization;
- pricing presentation;
- vehicle comparisons;
- consumer engagement tools; and
- advertising content.
Vehicle Listing
"Vehicle Listing" means any digital representation of a vehicle offered by Customer through the Services.
A Vehicle Listing may include:
- vehicle details;
- photos;
- pricing;
- availability;
- disclosures;
- offers;
- dealer information; and
- consumer engagement options.
Merchandising Content
"Merchandising Content" means any content used to present, promote, advertise, or describe vehicles or automotive products.
Merchandising Content may include:
- text descriptions;
- photographs;
- videos;
- vehicle features;
- promotional statements;
- pricing displays;
- incentives;
- manufacturer information; and
- dealer-generated content.
Vehicle Images
"Vehicle Images" means photographs, videos, digital renderings, graphics, or visual representations of vehicles.
Customer is responsible for ensuring it has rights to use all Vehicle Images.
Pricing Data
"Pricing Data" means information relating to vehicle pricing, including:
- MSRP;
- dealer pricing;
- discounts;
- rebates;
- incentives;
- fees;
- payments;
- lease terms;
- finance estimates; and
- customer-specific offers.
Dealer Offer
"Dealer Offer" means any pricing, incentive, promotion, financing option, discount, trade value, or commercial proposal presented by Customer through the Services.
Customer is solely responsible for the accuracy and legality of Dealer Offers.
Consumer Configuration
"Consumer Configuration" means a Consumer-selected combination of vehicle options, features, pricing preferences, financing selections, trade information, or transaction preferences.
Vehicle Availability
"Vehicle Availability" means the status of a vehicle as available, unavailable, reserved, sold, pending, transferred, serviced, or otherwise restricted. Customer is responsible for maintaining accurate Vehicle Availability information.
Inventory Accuracy
"Inventory Accuracy" means the completeness, correctness, timeliness, and reliability of Inventory Data displayed through the Services.
Customer acknowledges inventory information may change rapidly and must be regularly updated.
Inventory Synchronization
"Inventory Synchronization" means the automated or manual process of updating Inventory Data across systems.
Synchronization may involve:
- DMS systems;
- CRM systems;
- OEM systems;
- marketplaces;
- dealer websites; and
- advertising platforms.
Digital Transaction Workflow
"Digital Transaction Workflow" means an online process supporting a potential automotive transaction.
Workflows may include:
- vehicle selection;
- consumer qualification;
- trade evaluation;
- finance application;
- payment estimation;
- appointment scheduling;
- document preparation; and
- dealer handoff.
Trade-In Information
"Trade-In Information" means information relating to a vehicle offered by a Consumer as part of a potential transaction.
Trade-In Information may include:
- VIN;
- condition;
- mileage;
- history;
- ownership information;
- valuation inputs; and
- consumer-provided details.
Vehicle Valuation
"Vehicle Valuation" means an estimated value, appraisal, pricing analysis, or assessment relating to a vehicle.
Vehicle Valuations are estimates only unless expressly stated otherwise.
Market Data
"Market Data" means information relating to automotive market conditions, vehicle pricing trends, inventory trends, consumer behavior, regional information, or industry analysis.
OEM Data
"OEM Data" means information received from or relating to an original equipment manufacturer, including vehicle specifications, incentives, programs, product information, and manufacturer-provided data.
Recall Information
"Recall Information" means information relating to vehicle safety recalls, manufacturer campaigns, service campaigns, repair notices, or other vehicle-related safety information.
Customer remains responsible for complying with applicable recall obligations.
Consumer Lead
"Consumer Lead" means information submitted by or collected from a Consumer indicating interest in a vehicle, dealership service, transaction, offer, or automotive product.
Retailing Content
"Retailing Content" means all information, materials, configurations, disclosures, pricing, communications, and workflows presented to Consumers through Digital Retailing functionality.
Dealer Responsibility
"Dealer Responsibility" means Customer's responsibility for:
- inventory accuracy;
- vehicle descriptions;
- pricing;
- taxes;
- fees;
- legal disclosures;
- advertising compliance;
- consumer communications;
- transaction approvals; and
- final sales decisions.
Consumer Decision
"Consumer Decision" means any decision made by a Consumer regarding a vehicle, transaction, financing option, service, or dealership interaction.
Company does not make dealership sales decisions on Customer's behalf.
Digital Retailing Disclaimer
"Digital Retailing Disclaimer" means any required disclosure indicating that digital estimates, pricing, availability, payments, valuations, or transaction information may be subject to verification, change, approval, and final agreement.
Merchandising Services
"Merchandising Services" means Services provided by Company to assist Customer with vehicle presentation, inventory management, content organization, digital display, and consumer engagement.
Automotive Marketplace
"Automotive Marketplace" means any third-party website, platform, application, or service where vehicles may be displayed, advertised, compared, or promoted.
Digital Channel
"Digital Channel" means any electronic location where Customer inventory, offers, or automotive content may be displayed, including:
- websites;
- mobile applications;
- marketplaces;
- social platforms;
- advertising networks; and
- dealer platforms.
Merchandising Enhancement
"Merchandising Enhancement" means Company-provided tools or features designed to improve presentation, organization, discoverability, or consumer engagement relating to inventory.
Inventory Exception
"Inventory Exception" means any inconsistency, delay, mismatch, missing information, outdated information, or error relating to Inventory Data.
Inventory Dispute
"Inventory Dispute" means any disagreement regarding ownership, availability, pricing, representation, condition, or presentation of a vehicle. Customer remains responsible for resolving Inventory Disputes.
2.25 Marketing Automation Terms
Marketing Automation
"Marketing Automation" means technology-enabled functionality that allows Customer to create, manage, schedule, deliver, monitor, analyze, and optimize marketing, sales, and customer engagement activities.
Marketing Automation may include:
- campaign management;
- customer segmentation;
- lead nurturing;
- workflow automation;
- communications scheduling;
- customer journey management;
- behavior-based messaging;
- reporting;
- analytics; and
- performance measurement.
Marketing Campaign
"Marketing Campaign" means a coordinated set of communications, activities, content, advertisements, workflows, or outreach efforts designed to promote products, services, offers, events, vehicles, dealership activities, or customer engagement objectives.
A Marketing Campaign may include:
- email campaigns;
- SMS campaigns;
- MMS campaigns;
- voice communications;
- advertising campaigns;
- customer retention campaigns;
- service reminders; and
- sales follow-up activities.
Campaign Content
"Campaign Content" means all text, images, graphics, videos, offers, messages, advertisements, templates, disclosures, scripts, and other materials used in connection with a Marketing Campaign.
Customer is responsible for ensuring Campaign Content complies with Applicable Law.
Marketing Communication
"Marketing Communication" means any communication intended to promote, advertise, inform, engage, retain, or encourage interaction with a Consumer or business contact.
Marketing Communications may include:
- promotional messages;
- sales messages;
- service reminders;
- event invitations;
- newsletters;
- product announcements;
- offers;
- surveys; and
- customer outreach.
Customer Journey
"Customer Journey" means the sequence of interactions, communications, activities, and experiences between a Consumer and Customer.
Customer Journeys may include:
- lead acquisition;
- vehicle research;
- purchase consideration;
- sales follow-up;
- service engagement;
- retention activities; and
- re-engagement efforts.
Lead
"Lead" means an individual, business, or entity that has expressed interest in a vehicle, automotive product, service, dealership, offer, or related business activity.
A Lead may include:
- website visitors;
- vehicle inquiries;
- form submissions;
- phone inquiries;
- chat interactions;
- service inquiries; and
- sales opportunities.
Lead Management
"Lead Management" means the processes, tools, and workflows used to capture, organize, qualify, assign, track, communicate with, and manage Leads.
Lead Management may include:
- lead capture;
- lead routing;
- lead scoring;
- follow-up workflows;
- conversion tracking; and
- performance reporting.
Prospect
"Prospect" means a Consumer who has demonstrated interest in purchasing, leasing, financing, servicing, or otherwise engaging with Customer.
Customer Record
"Customer Record" means information maintained by Customer relating to a Consumer, Lead, Prospect, customer, vehicle owner, service customer, or business contact.
Customer Records may include:
- contact information;
- communication history;
- preferences;
- transaction history;
- vehicle information;
- service history;
- engagement history; and
- marketing preferences.
Audience
"Audience" means a defined group of individuals, businesses, customers, prospects, vehicles, or records selected for a Marketing Campaign or communication.
Audiences may be created using:
- demographic attributes;
- vehicle ownership;
- purchase history;
- service history;
- behavior;
- engagement;
- preferences; and
- Customer-defined criteria.
Segmentation
"Segmentation" means the process of organizing Contacts, Consumers, Leads, or Customer Records into groups for targeted communication, analysis, or workflow automation.
Personalization
"Personalization" means the customization of communications, experiences, offers, content, or workflows based on available information.
Personalization may use:
- Consumer preferences;
- vehicle information;
- interaction history;
- Customer-provided data; and
- behavioral information.
Trigger
"Trigger" means an event, condition, activity, or data change that initiates an automated workflow or communication.
Triggers may include:
- website activity;
- form completion;
- vehicle purchase anniversary;
- service intervals;
- inventory events;
- lead creation;
- customer activity; and
- specified dates.
Workflow
"Workflow" means an automated sequence of actions, tasks, communications, decisions, or processes performed based on defined rules or triggers.
Workflows may include:
- automated emails;
- SMS messages;
- notifications;
- tasks;
- lead assignments;
- customer follow-ups; and
- reporting actions.
Automation Rule
"Automation Rule" means a defined condition, instruction, or configuration that determines when an automated action occurs.
Template
"Template" means a reusable communication format, message structure, workflow design, content framework, or campaign configuration.
Communication Preference
"Communication Preference" means an individual's stated or legally applicable preference regarding how they may be contacted.
Communication Preferences may include:
- email preferences;
- SMS preferences;
- voice preferences;
- marketing preferences; and
- opt-out selections.
Consent Record
"Consent Record" means documentation demonstrating that an individual provided required permission or authorization for a communication, processing activity, or marketing purpose.
Consent Records may include:
- date and time;
- method of consent;
- scope of consent;
- source;
- associated communication channel; and
- withdrawal records.
Opt-Out
"Opt-Out" means a request by an individual to stop receiving certain communications, marketing messages, or outreach.
Customer is responsible for honoring Opt-Out requests as required by Applicable Law.
Suppression List
"Suppression List" means a list of individuals, contacts, or records excluded from receiving specific communications.
Suppression Lists may include:
- opt-outs;
- do-not-contact requests;
- invalid contacts;
- complaints;
- regulatory restrictions; and
- Customer-defined exclusions.
Engagement Data
"Engagement Data" means information relating to how individuals interact with Marketing Communications.
Engagement Data may include:
- opens;
- clicks;
- responses;
- appointments;
- conversions;
- deliveries;
- bounces; and
- interaction history.
Attribution Data
"Attribution Data" means information used to associate customer activity, transactions, conversions, or outcomes with specific campaigns, channels, communications, or marketing efforts.
Marketing Analytics
"Marketing Analytics" means reporting, measurement, insights, metrics, and analysis relating to Marketing Campaign performance.
Marketing Analytics may include:
- campaign performance;
- conversion rates;
- engagement metrics;
- customer trends;
- ROI analysis; and
- operational reporting.
Marketing Compliance
"Marketing Compliance" means compliance with Applicable Laws governing marketing, advertising, communications, consumer rights, privacy, and data protection.
Marketing Compliance may include requirements relating to:
- consent;
- disclosures;
- opt-outs;
- advertising accuracy;
- consumer protection;
- data privacy; and
- recordkeeping.
Automated Communication
"Automated Communication" means any communication sent through automated technology, scheduling, workflow logic, or software-based processes.
Dealer Marketing Responsibility
"Dealer Marketing Responsibility" means Customer's responsibility for:
- lawful marketing practices;
- message accuracy;
- consumer consent;
- contact list ownership;
- advertising compliance;
- offers and promotions;
- communications records; and
- regulatory compliance.
Campaign Performance
"Campaign Performance" means measurable outcomes associated with a Marketing Campaign, including delivery, engagement, response, conversion, and business results.
Marketing Data
"Marketing Data" means data used, generated, or processed in connection with Marketing Automation.
Marketing Data may include:
- contact information;
- campaign history;
- preferences;
- analytics;
- engagement records;
- customer interactions; and
- performance data.
2.26 DMS Integration Terms
Dealer Management System
"Dealer Management System" or "DMS" means a dealership operations management platform used by automotive dealerships to manage business activities, including sales, service, parts, accounting, inventory, customer records, transactions, reporting, and operational workflows.
A DMS may include:
- sales management;
- service management;
- parts management;
- accounting functions;
- customer records;
- vehicle records;
- inventory records;
- deal processing;
- reporting; and
- workflow management.
DMS Integration
"DMS Integration" means the technical connection between the Services and a Dealer Management System that enables authorized data exchange, synchronization, workflow automation, reporting, or related functionality.
DMS Integration may occur through:
- APIs;
- approved connectors;
- vendor interfaces;
- file exchanges;
- middleware;
- data feeds; or
- other supported methods.
DMS Provider
"DMS Provider" means the third-party company, vendor, software provider, or technology provider that owns, operates, licenses, maintains, or controls a Dealer Management System.
The DMS Provider may establish:
- access requirements;
- licensing restrictions;
- API requirements;
- security standards;
- usage limitations; and
- integration approvals.
DMS Data
"DMS Data" means information received from, transmitted to, synchronized with, or processed through a Dealer Management System.
DMS Data may include:
- customer records;
- vehicle information;
- inventory information;
- sales records;
- service records;
- parts information;
- deal information;
- appointments;
- communications history;
- financial records;
- reports; and
- operational information.
DMS Record
"DMS Record" means any record maintained within a Dealer Management System relating to dealership operations, consumers, vehicles, transactions, services, or business activities.
DMS Connection
"DMS Connection" means the authentication method, technical configuration, credentials, interface, or communication channel used to connect the Services to a DMS.
DMS Credentials
"DMS Credentials" means usernames, passwords, API keys, tokens, certificates, authentication credentials, security keys, or other access mechanisms required to connect to a DMS.
Customer is responsible for maintaining authorization and security of Customer-controlled DMS Credentials.
DMS Access Authorization
"DMS Access Authorization" means Customer's authorization allowing Company to access, retrieve, transmit, process, or synchronize information from Customer's DMS environment.
Customer represents it has authority to provide such access.
DMS Synchronization
"DMS Synchronization" means the automated or manual process of updating information between the Services and a DMS.
Synchronization may include:
- data transfers;
- record updates;
- status changes;
- workflow updates;
- reporting updates; and
- operational exchanges.
Real-Time Synchronization
"Real-Time Synchronization" means data exchange occurring with minimal delay after an event or update.
Real-Time Synchronization depends on:
- DMS availability;
- integration capability;
- network performance;
- vendor limitations; and
- technical conditions.
Batch Synchronization
"Batch Synchronization" means scheduled or periodic exchange of information between systems.
Batch Synchronization may occur hourly, daily, or according to configured schedules.
Data Mapping
"Data Mapping" means the process of matching, aligning, translating, and configuring data fields between the Services and a DMS.
Customer is responsible for ensuring mapped information is accurate and appropriate.
DMS Field Mapping
"DMS Field Mapping" means the configuration identifying how specific data fields in a DMS correspond to fields within the Services.
DMS Data Transformation
"DMS Data Transformation" means the conversion, formatting, normalization, validation, or restructuring of DMS Data to enable compatibility with the Services.
Source System
"Source System" means the system designated as the originating source of a particular data element or record.
System of Record
"System of Record" means the authoritative system designated for maintaining official information. Customer determines which systems serve as Systems of Record unless otherwise agreed.
Data Conflict
"Data Conflict" means any inconsistency, mismatch, duplication, discrepancy, or disagreement between records stored in different systems.
Data Conflicts may arise from:
- timing differences;
- manual changes;
- integration failures;
- incorrect configuration;
- third-party limitations; or
- duplicate records.
Data Reconciliation
"Data Reconciliation" means the process of identifying, reviewing, correcting, and resolving differences between systems.
Integration Configuration
"Integration Configuration" means technical settings, rules, mappings, permissions, workflows, and preferences used to operate a DMS Integration.
Integration Error
"Integration Error" means a failure, interruption, delay, incorrect transfer, or inability to exchange information between the Services and a DMS.
Integration Errors may result from:
- DMS changes;
- vendor outages;
- invalid credentials;
- network issues;
- configuration errors;
- unsupported changes; or
- data quality issues.
DMS Downtime
"DMS Downtime" means any period during which a DMS is unavailable, degraded, restricted, or unable to support integration activity.
DMS Downtime is outside Company's control.
DMS Upgrade
"DMS Upgrade" means any modification, update, enhancement, migration, replacement, or version change performed by a DMS Provider.
DMS Upgrades may require integration changes.
DMS Migration
"DMS Migration" means the transfer of dealership data or operations from one DMS platform to another.
Customer is responsible for coordinating migration activities with applicable vendors.
DMS Vendor Dependency
"DMS Vendor Dependency" means any third-party requirement, limitation, service, approval, or functionality necessary for a DMS Integration.
Company does not control DMS Vendor Dependencies.
DMS API
"DMS API" means an application programming interface provided by a DMS Provider or third party to permit authorized software systems to exchange information.
DMS APIs may be subject to:
- rate limits;
- fees;
- licensing requirements;
- approval processes;
- security requirements; and
- technical limitations.
Integration License
"Integration License" means any license, permission, subscription, or authorization required by a DMS Provider to enable integration access.
Customer is responsible for obtaining required third-party licenses.
Dealer Responsibility
"Dealer Responsibility" means Customer's responsibility for:
- maintaining DMS access;
- authorizing integrations;
- maintaining vendor relationships;
- ensuring data accuracy;
- reviewing synchronized data;
- maintaining permissions;
- complying with DMS requirements; and
- managing dealership operations.
Integration Support
"Integration Support" means assistance provided by Company relating to supported DMS integrations.
Integration Support does not include:
- DMS vendor support;
- third-party system troubleshooting;
- Customer internal system administration;
- unsupported customization; or
- vendor-required implementation services.
Unsupported DMS Integration
"Unsupported DMS Integration" means any DMS connection, modification, workaround, customization, or integration method not approved, documented, or maintained by Company.
Unsupported integrations may affect:
- security;
- performance;
- data integrity;
- availability; and
- support obligations.
DMS Compliance
"DMS Compliance" means compliance with applicable DMS Provider requirements, dealership obligations, Applicable Law, security standards, and operational requirements related to DMS usage.
DMS Data Ownership
"DMS Data Ownership" means ownership rights relating to DMS Data.
Customer retains ownership of Customer Data and DMS Data provided by Customer, subject to applicable third-party rights.
2.27 Access & Security Terms
Access Control
"Access Control" means the policies, procedures, technologies, and security mechanisms used to regulate, restrict, authorize, monitor, and manage access to the Services, systems, applications, accounts, data, and environments.
Access Control includes:
- authentication;
- authorization;
- identity verification;
- permissions management;
- role assignments;
- access reviews;
- logging; and
- security enforcement.
Access Credential
"Access Credential" means any authentication information used to access the Services, including:
- usernames;
- passwords;
- API keys;
- tokens;
- certificates;
- security codes;
- authentication devices; and
- other access mechanisms.
Customer is responsible for protecting Customer-controlled Access Credentials.
Account
"Account" means an authorized user profile, organizational profile, dealership account, administrator account, service account, or other registered access point used to access the Services.
Authorized User
"Authorized User" means an individual permitted by Customer to access or use the Services.
Authorized Users may include:
- employees;
- dealership personnel;
- managers;
- sales representatives;
- service personnel;
- contractors;
- agents;
- administrators; and
- approved third parties.
Identity
"Identity" means the unique representation of an individual, organization, application, device, or system accessing the Services.
An Identity may include:
- name;
- email address;
- user identifier;
- organization identifier;
- role information; and
- authentication information.
Identity Management
"Identity Management" means the processes and technologies used to create, maintain, verify, modify, and remove user identities and access permissions.
Identity Management includes:
- user provisioning;
- deprovisioning;
- authentication;
- authorization;
- identity verification; and
- access lifecycle management.
Authentication
"Authentication" means the process of verifying the identity of a user, system, application, or device attempting to access the Services.
Authentication may include:
- password authentication;
- multi-factor authentication;
- security tokens;
- certificates;
- single sign-on; and
- biometric verification where applicable.
Multi-Factor Authentication
"Multi-Factor Authentication" or "MFA" means an authentication method requiring two or more independent verification factors.
Factors may include:
- something the user knows;
- something the user possesses;
- something the user is.
Single Sign-On
"Single Sign-On" or "SSO" means an authentication process allowing Authorized Users to access multiple systems using a centralized identity provider.
Authorization
"Authorization" means the process of determining whether an authenticated user, system, or application has permission to access a specific resource, function, or data set.
Permission
"Permission" means a specific authorization allowing access to a feature, function, system, record, file, application, or data category.
User Role
"User Role" means a defined set of permissions assigned to an Authorized User based on job function, responsibilities, or access requirements.
User Roles may include:
- administrator;
- manager;
- sales user;
- service user;
- reporting user;
- read-only user; and
- custom roles.
Role-Based Access Control
"Role-Based Access Control" or "RBAC" means a security model where access permissions are assigned according to defined User Roles rather than individually assigned permissions.
Least Privilege
"Least Privilege" means the security principle requiring users, systems, applications, and vendors to receive only the minimum access necessary to perform authorized functions.
Administrative Access
"Administrative Access" means elevated permissions allowing management, configuration, security administration, system changes, user management, or other privileged activities.
Privileged Access
"Privileged Access" means access rights exceeding standard user permissions.
Privileged Access may include:
- system configuration;
- security settings;
- data management;
- user administration; and
- technical controls.
Privileged User
"Privileged User" means an individual or system account with elevated access rights.
Service Account
"Service Account" means a non-human account used by software, integrations, APIs, automation processes, or system services.
API Credential
"API Credential" means authentication information used to authorize software-to-software communication.
API Credentials may include:
- API keys;
- tokens;
- client identifiers;
- certificates; and
- secrets.
Credential Management
"Credential Management" means the processes used to create, store, protect, rotate, revoke, and monitor Access Credentials.
Password Policy
"Password Policy" means security requirements governing password creation, complexity, expiration, storage, and protection.
Access Review
"Access Review" means periodic evaluation of user permissions, accounts, roles, and access rights to confirm continued authorization.
User Provisioning
"User Provisioning" means the process of creating and activating Authorized User access.
User Deprovisioning
"User Deprovisioning" means the process of disabling or removing user access when authorization ends.
Customer shall promptly deactivate former employees and unauthorized users.
Security Controls
"Security Controls" means technical, administrative, and organizational safeguards designed to protect the Services and information processed through the Services.
Security Controls may include:
- encryption;
- firewalls;
- monitoring;
- logging;
- access restrictions;
- security testing; and
- incident response procedures.
Encryption
"Encryption" means the process of transforming information into an unreadable format to protect confidentiality and integrity.
Encryption may apply:
- in transit;
- at rest;
- during transmission; and
- during storage.
Encryption Key
"Encryption Key" means a cryptographic value used to encrypt or decrypt information.
Security Monitoring
"Security Monitoring" means activities designed to detect, analyze, investigate, and respond to security events.
Security Monitoring may include:
- system monitoring;
- log analysis;
- alerting;
- threat detection; and
- security reviews.
Audit Log
"Audit Log" means a record of activities, events, changes, access attempts, transactions, or security-related actions performed within the Services.
Audit Logs may include:
- user activity;
- timestamps;
- authentication events;
- data changes;
- administrative actions; and
- system events.
Security Event
"Security Event" means any occurrence affecting confidentiality, integrity, availability, or security of systems, applications, accounts, or information.
Security Incident
"Security Incident" means an actual or reasonably suspected event involving unauthorized access, disclosure, alteration, destruction, loss, misuse, or compromise of information or systems.
Data Breach
"Data Breach" means unauthorized access to, acquisition of, disclosure of, or loss of Personal Information or protected information requiring notification under Applicable Law.
Security Vulnerability
"Security Vulnerability" means a weakness, flaw, configuration issue, or condition that may negatively impact security.
Security Patch
"Security Patch" means an update, modification, or correction designed to address security vulnerabilities.
Security Framework
"Security Framework" means a documented set of security principles, policies, procedures, and controls used to manage cybersecurity risks.
Customer Security Responsibility
"Customer Security Responsibility" means Customer's responsibility for:
- Authorized User management;
- credential protection;
- permission configuration;
- internal security procedures;
- device security;
- access approvals; and
- employee access termination.
2.28 F&I Terms
Finance & Insurance
"Finance & Insurance" or "F&I" means dealership activities relating to vehicle financing, leasing, credit processing, insurance products, protection products, documentation, contracting, and related transaction services.
F&I activities may include:
- credit applications;
- finance approvals;
- loan and lease workflows;
- payment calculations;
- lender submissions;
- insurance products;
- warranty products;
- vehicle protection products;
- contract documentation; and
- consumer disclosures.
F&I Workflow
"F&I Workflow" means any digital or operational process supporting finance, insurance, lending, contracting, or related dealership activities.
F&I Workflows may include:
- application intake;
- credit submissions;
- document preparation;
- consumer communications;
- approval tracking;
- deal structuring;
- product presentation; and
- transaction completion.
Finance Application
"Finance Application" means information submitted by or on behalf of a Consumer requesting credit, financing, leasing, or other financial accommodations.
A Finance Application may include:
- identity information;
- contact information;
- employment information;
- income information;
- residential information;
- credit-related information;
- vehicle information; and
- financial disclosures.
Credit Information
"Credit Information" means information relating to an individual's creditworthiness, credit history, credit capacity, financial obligations, or credit-related activity.
Credit Information may include:
- credit reports;
- credit scores;
- credit history;
- payment history;
- debt obligations;
- credit applications; and
- lending decisions.
Financial Information
"Financial Information" means information relating to a Consumer's financial circumstances, accounts, obligations, payments, or transactions.
Financial Information may include:
- income information;
- employment information;
- banking information;
- payment information;
- account information;
- transaction history; and
- billing information.
Applicant
"Applicant" means an individual who submits or participates in a Finance Application or credit-related transaction.
An Applicant may include:
- vehicle purchasers;
- lessees;
- borrowers;
- co-borrowers;
- co-buyers; and
- guarantors.
Co-Buyer
"Co-Buyer" means an individual jointly participating in a vehicle purchase, financing arrangement, lease, or credit transaction.
Guarantor
"Guarantor" means an individual or entity agreeing to guarantee financial obligations associated with a credit transaction.
Borrower
"Borrower" means an individual or entity obtaining or applying for financing.
Lender
"Lender" means a financial institution, finance company, credit union, bank, captive finance provider, or other entity providing credit or financing.
Finance Source
"Finance Source" means any lender, financial institution, or funding source to which a dealership submits financing information.
Credit Decision
"Credit Decision" means any determination regarding approval, denial, terms, pricing, conditions, or availability of credit.
Company does not make Credit Decisions.
Credit Decisions are made by authorized lenders or financial institutions.
Credit Underwriting
"Credit Underwriting" means the evaluation process used by lenders to assess credit risk and determine financing terms.
Credit Application Data
"Credit Application Data" means information submitted in connection with a Finance Application.
Credit Application Data may include:
- Applicant information;
- financial information;
- vehicle information;
- transaction details;
- supporting documentation; and
- application status.
Deal Jacket
"Deal Jacket" means the collection of documents, records, information, and transaction materials associated with a vehicle sale, lease, financing, or related transaction.
Transaction Data
"Transaction Data" means information relating to a vehicle transaction, including:
- vehicle information;
- purchase price;
- trade information;
- financing information;
- fees;
- products selected;
- contract information; and
- deal status.
Insurance Product
"Insurance Product" means any insurance-related offering, coverage, protection plan, or insurance-related product presented or administered through dealership processes.
Protection Product
"Protection Product" means optional vehicle-related products or services offered in connection with a transaction.
Protection Products may include:
- service contracts;
- vehicle service agreements;
- maintenance plans;
- GAP products;
- appearance protection;
- theft protection;
- tire and wheel protection; and
- other automotive products.
Warranty Product
"Warranty Product" means a warranty, service contract, mechanical protection product, or related coverage offered in connection with a vehicle.
GAP Product
"GAP Product" means a guaranteed asset protection product designed to address certain differences between a vehicle's value and outstanding financial obligations.
F&I Disclosure
"F&I Disclosure" means any disclosure, notice, explanation, acknowledgment, or consumer communication required by Applicable Law or industry requirements.
F&I Disclosures may include:
- pricing disclosures;
- credit notices;
- privacy notices;
- consent disclosures;
- product disclosures; and
- contractual notices.
Adverse Action Notice
"Adverse Action Notice" means a notice required when credit is denied, limited, or otherwise adversely affected under Applicable Law.
Customer and applicable lenders remain responsible for compliance with notice requirements.
Regulatory Requirement
"Regulatory Requirement" means any applicable law, regulation, rule, guidance, order, standard, or requirement governing dealership, lending, finance, insurance, privacy, consumer protection, or automotive transactions.
Regulatory Authority
"Regulatory Authority" means any governmental, administrative, supervisory, enforcement, or regulatory body with jurisdiction over F&I activities.
Consumer Disclosure
"Consumer Disclosure" means information provided to Consumers to explain rights, obligations, terms, costs, conditions, risks, or transaction details.
Electronic Signature
"Electronic Signature" means an electronic method used to indicate acceptance, approval, authorization, or execution of a document or transaction.
Electronic Records
"Electronic Records" means digitally stored documents, agreements, forms, disclosures, applications, communications, or transaction records.
Compliance Documentation
"Compliance Documentation" means records maintained to demonstrate compliance with Applicable Law, policies, procedures, disclosures, and regulatory obligations.
Regulatory Compliance
"Regulatory Compliance" means adherence to all Applicable Laws and regulatory obligations applicable to Customer's business activities.
Customer remains responsible for:
- dealer licensing;
- finance practices;
- insurance activities;
- consumer disclosures;
- advertising practices;
- contracting practices;
- recordkeeping; and
- employee training.
Fair Lending
"Fair Lending" means compliance with laws and requirements prohibiting unlawful discrimination in credit-related activities.
Customer and lenders are responsible for Fair Lending compliance.
Equal Credit Opportunity Requirements
"Equal Credit Opportunity Requirements" means laws and regulations governing equal access to credit and prohibiting unlawful discrimination in credit transactions.
Consumer Financial Protection Requirements
"Consumer Financial Protection Requirements" means laws and regulations protecting consumers in financial transactions.
Privacy Compliance
"Privacy Compliance" means compliance with privacy obligations relating to the collection, use, disclosure, storage, and protection of Consumer and financial information.
F&I Responsibility
"F&I Responsibility" means Customer's responsibility for:
- accurate consumer information;
- lawful financing practices;
- proper disclosures;
- obtaining required approvals;
- licensed activities;
- consumer communications;
- product representations;
- contract accuracy; and
- regulatory compliance.
Company F&I Role
"Company F&I Role" means Company's role as a technology provider providing software functionality, automation, integrations, and processing support.
Company does not:
- extend credit;
- make lending decisions;
- approve applications;
- act as an insurer;
- provide legal advice;
- determine compliance obligations; or
- replace Customer's compliance responsibilities.