Out The Lot ("we", "us", "our") is committed to protecting the privacy of dealership staff and the customer information entrusted to us through the platform. This Privacy Policy explains what data we collect, how we use it, and your rights in relation to that data.
This policy applies to all users of the Out The Lot platform, including General Managers, Finance Managers, Salespeople, Service Advisors, Detailers, and Platform Administrators.
| Category | Data Collected | Why |
|---|---|---|
| Account Information | Full name, email address, employee number, phone number, role | To create and manage your user account |
| Authentication Data | Hashed password, 2FA codes (temporary), login timestamps | To verify your identity and secure your account |
| Login Activity | IP address, failed login attempts, session timestamps | To protect against unauthorised access and account lockouts |
| Delivery Records | Vehicle details, delivery dates, status updates, service requests, accessories, notes, photos | Core platform functionality — managing vehicle deliveries |
| Customer Information | Customer name (as entered by dealership staff) | To associate deliveries with customers for tracking purposes |
| Audit Logs | Record of every change made, by whom, and when | Accountability, dispute resolution, and compliance |
| Notification Preferences | Email notification settings per event type | To send only the notifications you have requested |
| Uploaded Photos | Images attached to delivery records | Vehicle condition documentation and prep verification |
We do not collect payment card details, Social Insurance Numbers, driver's licence numbers, or any sensitive government-issued identification.
We use the information collected solely to:
We do not use your data for advertising, profiling, or marketing purposes. We do not sell, rent, or trade your data to any third party.
Server location. All data is stored on dedicated servers located in Ashburn, Virginia, United States, hosted by Hetzner Online GmbH. The servers are not shared with other customers.
Data isolation. Each dealership operates on its own dedicated database. There is no commingling of data between dealerships — a user at one dealership cannot access any data belonging to another dealership.
Encryption. All data transmitted between your browser and the platform is encrypted using TLS (HTTPS). Passwords are never stored in plain text — they are stored as bcrypt hashes with a cost factor of 10.
Access controls. Platform-level access is protected by a separate administrator login. Database credentials are not exposed to end users. Server access is restricted to authorised administrators via SSH key authentication.
Backups. Server backups are performed automatically by Hetzner. Backups are retained for a minimum of 7 days.
While we implement industry-standard security measures, no system can guarantee absolute security. In the event of a data breach that is likely to result in risk to your rights, we will notify affected parties as required by applicable law.
We do not sell or share your personal data with third parties except in the following limited circumstances:
We do not use Google Analytics, Facebook Pixel, or any advertising tracking technology on the platform.
The platform uses a single session cookie to keep you logged in during your browser session. This cookie:
We do not use tracking cookies, advertising cookies, or any third-party cookies. No cookie consent banner is required because we use only a strictly necessary session cookie.
The platform stores customer names as entered by dealership staff in connection with vehicle delivery records. This is the extent of customer personal data stored in the platform.
Responsibility. The dealership is the data controller for customer information entered into the platform. Out The Lot acts as a data processor on behalf of the dealership. Dealerships are responsible for ensuring they have appropriate legal basis to enter customer names into the platform, and for complying with applicable privacy laws (including PIPEDA in Canada) in their handling of customer data.
Customer rights requests. If a customer requests access to, correction of, or deletion of their personal information, the dealership is responsible for responding to that request. Dealership administrators can locate and update or delete customer names from delivery records using the platform's archive and search functions.
We retain data for as long as your dealership's account is active. Specifically:
Upon account termination, all dealership data is retained for 30 days to allow for data export, after which it is permanently deleted from our servers.
Depending on your location, you may have the following rights with respect to your personal data:
To exercise any of these rights, contact your dealership administrator or reach us directly at admin@outthelot.com. We will respond within 30 days.
The Out The Lot platform is intended for use by dealership employees only. It is not directed at individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have inadvertently collected personal information from a minor, we will delete it promptly.
We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page. We may also notify dealership administrators by email when significant changes are made.
Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.
For any questions, concerns, or data rights requests related to this Privacy Policy, please contact us:
If you are a Canadian resident and have concerns about our privacy practices that we have not resolved, you may contact the Office of the Privacy Commissioner of Canada at priv.gc.ca.