This Privacy Policy explains what personal information LLnet Inc. ("we")
collects when you use the Dealer Bosses Service, how we use it, and the choices you have.
It applies to the marketing site at dealerbosses.com,
the admin control panel at admin.dealerbosses.com, and your provisioned workspace
at <your-slug>.dealerbosses.com.
When you sign up we collect: your name, your business name, the email address you designate as workspace administrator, and your chosen workspace subdomain ("slug"). Payment information (card details, billing address, tax ID) is collected and stored by our payment processor, Stripe; we receive only a customer reference and limited metadata (last 4 digits, brand) — never your full card number.
Data you and your authorized users enter into your workspace — clients, products, orders, attachments, messages, etc. — is stored on our infrastructure in a database dedicated to your workspace. We treat this as confidential to you. We do not sell it, share it with third parties for marketing, or use it to train machine-learning models.
Our servers automatically log request metadata: IP address, user agent, timestamps, referrer, and the URL accessed. We use this data for security monitoring, debugging, and capacity planning. Web-server logs are retained for 30 days.
We use first-party cookies strictly necessary to operate the Service (session cookies for login, CSRF protection). We do not use third-party advertising trackers or analytics that share identifiable data with external parties. If we add web analytics in the future, it will be a self-hosted, privacy-respecting solution (currently Umami, which collects no personal data and uses no cookies).
We send transactional email (welcome, billing notifications, security alerts) to your account address using our own SMTP infrastructure. We do not add you to marketing lists without opt-in.
We process data on the legal bases of (a) performance of our contract with you, (b) our legitimate interests in operating a secure service, and (c) compliance with applicable laws.
We use a small number of vendors to operate the Service:
All Customer Data is stored on infrastructure we operate directly in Canada. We do not use US-hosted SaaS products to store Customer Data.
Customer Data is retained while your subscription is active and for 30 days after cancellation or suspension, during which you may request an export or reactivate. After 30 days, we may permanently delete your workspace database, files, and backups.
Account billing records are retained for seven (7) years to comply with Canadian tax-law record-keeping requirements.
We follow industry-standard practices: TLS 1.2+ on all public endpoints, per-tenant database isolation, encrypted off-host backups, principle of least privilege for staff access, and password hashing with bcrypt (cost 12). No system is perfectly secure; in the event of a breach affecting your data we will notify you within 72 hours of confirmed discovery.
You have the right to:
To exercise any of these rights, email privacy@dealerbosses.com. We respond within 30 days.
If you are in Canada, our processing is governed by the federal Personal Information Protection and Electronic Documents Act (PIPEDA). You may make a complaint to the Office of the Privacy Commissioner of Canada at priv.gc.ca.
The Service is hosted in Canada. If you are outside Canada and use the Service, your personal information is transferred to and processed in Canada under the laws of Alberta and Canada.
The Service is intended for business use and not for individuals under 16. We do not knowingly collect personal information from children.
We may update this Privacy Policy from time to time. Material changes will be announced by email to your account address at least 30 days before they take effect, and the "Last updated" date will be revised.
Privacy inquiries: privacy@dealerbosses.com. For general support: support@dealerbosses.com.