Trust
Security & Data Protection
Your dealership data is yours. Automo Soft protects it with tenant isolation, encryption in transit and at rest, daily encrypted backups to a separate storage region, role-based access controls, and a clear export-and-delete policy.
Tenant isolation
Every customer is a separate tenant inside Automo Soft. Every database query and storage read carries a tenant identifier, and the application enforces tenant boundaries at the API layer so one dealership cannot read or modify another dealership's data — even by accident.
Encryption
All traffic between your browser and Automo Soft is encrypted in transit using TLS 1.2 or higher. Database storage is on encrypted volumes, and all uploaded files — vehicle photos, documents, signed bills of sale — are stored in Cloudflare R2 with AES-256 encryption at rest.
Backups
Your database is backed up automatically every day at 2 AM UTC. Backups are stored locally on the production server for 1 day, and uploaded to a separate Cloudflare R2 bucket for 7 days of off-site retention. Backups are encrypted at rest. We test backup restores periodically.
Access control
Inside your account, every user has a role (owner, manager, salesperson, etc.) that controls what they can see and edit. Owners can revoke access at any time. A small number of Automo Soft engineers have production access for support and incident response — all access is logged.
Payments
Automo Soft is not in PCI scope. Subscription billing is handled by Razorpay (or Stripe in some markets), and customer payment links are processed by the payment provider directly. We never see, store, or transmit raw credit card numbers.
You own your data
You can export inventory, leads, deals, and customer records at any time from inside Automo Soft. After cancellation, your account stays accessible for the rest of your billing period, followed by a 30-day grace period — after that, your data is permanently deleted from our database and storage.
Reporting a vulnerability
If you believe you've found a security vulnerability in Automo Soft, please report it directly to security@automosoft.com. We take every report seriously and will respond within one business day.
Frequently asked questions
Is my dealership data isolated from other tenants?
Yes. Every Automo Soft customer is a separate tenant with its own scoped data. Every database query and storage read carries a tenant identifier, and the application enforces tenant boundaries at the API layer so one dealership cannot read or modify another dealership's data.
How is my data encrypted?
All traffic between your browser and Automo Soft is encrypted in transit using TLS 1.2 or higher. Data at rest in our PostgreSQL database is stored on encrypted volumes, and all uploaded files (vehicle photos, documents) are stored in Cloudflare R2 with AES-256 encryption at rest.
How often is my data backed up?
Your database is backed up automatically every day at 2 AM UTC. Backups are stored locally on the production server for 1 day and uploaded to a separate Cloudflare R2 bucket for 7 days of off-site retention. Backups are encrypted at rest in R2.
Can I export my data?
Yes. You own your data. You can export inventory, leads, deals, and customer records at any time from inside Automo Soft. After cancellation, you have a 30-day grace period to export anything you still need before your data is permanently deleted.
Does Automo Soft handle credit card data?
No. Automo Soft is not in PCI scope. All subscription billing is handled by Razorpay (or Stripe in some markets), and all customer-facing payment links are processed by the payment provider directly. We never see, store, or transmit raw credit card numbers.
Who can access my data inside Automo Soft?
Only the people you invite to your account. Each user has a role (owner, manager, salesperson, etc.) that controls what they can see and edit. A small number of trusted Automo Soft engineers have administrative access to the production environment for support and incident response, with all access logged.
What happens to my data if I cancel?
Your account remains accessible for the rest of your billing period after cancellation, so you can export everything you need. After that, there is a 30-day grace period during which we can restore your account if you change your mind, after which your data is permanently deleted from our database and storage.
Have a security or compliance question?
Our team is happy to walk you through how Automo Soft handles data, compliance, and incident response. We can also share our standard data processing terms.