We built Verdipidy with security at its core. Read-only access, industry-standard encryption, and zero data storage mean your dealership data stays exactly where it belongs - with you.
Verdipidy only reads your DMS data. We cannot modify, delete, or alter any information in your system. Your data integrity is never at risk.
We query your data in real-time without storing copies. When you ask a question, we fetch the answer and discard the raw data immediately.
Connection credentials are stored encrypted with keys you control. Revoke access instantly at any time through your admin dashboard.
Every piece of data is protected with the same encryption standards used by banks and government agencies.
All stored credentials and configuration data are encrypted using AES-256, the industry gold standard for data protection.
All data transmission uses TLS 1.3, the latest transport security protocol, ensuring your data can't be intercepted.
We use hardware security modules (HSMs) for cryptographic key management. Keys never leave the secure enclave.
You decide who sees what. Role-based permissions ensure team members only access the data they need.
Role-based permissions (owner, admin, member, viewer) with department-level data isolation. AI agents respect access boundaries.
Complete audit trail of every query, action, and configuration change. Filter by user, resource type, and date range for compliance.
Passwordless login with FIDO2 security keys, biometrics, and passkeys. Google OAuth SSO for seamless access.
TOTP-based multi-factor authentication with trusted device management. Remember devices for 30 days with instant revocation.
We maintain rigorous compliance standards to meet the requirements of dealerships and their partners.
Our systems and processes are audited annually by an independent third party to verify security, availability, and confidentiality controls.
We implement safeguards required by the Gramm-Leach-Bliley Act to protect customer financial information handled by dealerships.
Full support for California Consumer Privacy Act requirements, including data access requests and deletion capabilities.
Our security program meets the updated FTC Safeguards Rule requirements for automotive dealerships handling customer data.
Transparency is key. Here's exactly what happens when you use Verdipidy.
You provide read-only credentials to your DMS. These are encrypted and stored securely. We never have write access to your systems.
When you ask a question, we translate it to a database query and execute it against your DMS in real-time. The raw data passes through our system but is never stored.
Results are formatted and displayed in your browser. We may cache aggregated, non-sensitive results briefly for performance, but PII is never cached.
Query logs (what was asked, not the results) are retained for 90 days for debugging and audit purposes. You can request deletion at any time.
Security isn't just a feature - it's embedded in everything we do.
Third-party security experts test our systems quarterly
Code reviews, static analysis, and security testing on every release
All employees undergo thorough background verification
Annual security awareness training for all team members
Documented procedures for security events with 24/7 on-call team
Responsible disclosure process for security researchers
No. Verdipidy uses strictly read-only connections. We cannot create, update, or delete any records in your DMS.
Your data stays in your DMS. We store only encrypted connection credentials and query logs (not results) in US-based AWS data centers.
We immediately revoke all access and delete your connection credentials. Query logs are purged within 30 days. Your DMS data is never affected.
Never. Your data is never sold, shared, or used for any purpose other than providing you with Verdipidy services.
We're happy to discuss our security practices in detail. Contact us for a security review or to request our SOC 2 report.