Compliance & Governance

Enterprise Data Security Controls

MyDealerKPI applies layered security controls across all environments:

• Encryption in Transit using industry-standard secure communication protocols
• Encryption at Rest utilizing advanced encryption standards
• Managed Encryption Key Lifecycle Controls
• Role-Based Access Control (RBAC) with strict least-privilege enforcement
• Multi-Factor Authentication (MFA) for administrative and privileged accounts
• Continuous System Monitoring and administrative activity logging
• Periodic Access Reviews supported by documented governance policies

All security controls are structured to meet enterprise-level operational and audit expectations.

DMS Integration & Access Alignment

MyDealerKPI integrates exclusively through dealership-authorized channels and DMS-approved endpoints. We do notrequire elevated administrative control or shared credentials.

Our integration framework includes:

• Encrypted API-based integrations
• Approved DMS endpoints (Reynolds & Reynolds, CDK, Tekion, CDK)
• Scoped, read-level permissions
• Encrypted SFTP channels where applicable

All ingestion activity is logged, timestamped, and monitored to maintain integrity and traceability.

Infrastructure & High Availability

Our infrastructure is engineered for resilience and uptime:

• Enterprise-grade cloud architecture
• Geographic redundancy
• Segregated production and backup environments
• Fault-tolerant design to reduce single points of failure
• Documented Business Continuity and Disaster Recovery (BC/DR) framework

This structure supports operational reliability across dealership groups of any size.

Operational Continuity Framework

Where contractually and technically permitted, MyDealerKPI supports dealership workflow stability during temporary DMS or external system disruptions.

Capabilities include:

• Continued operational visibility
• Structured data synchronization procedures post-restoration
• Controlled continuity workflows to minimize operational disruption

Our goal is to protect dealership productivity and financial reporting accuracy during system interruptions.

Cyber Insurance & Risk Management Alignment

MyDealerKPI's security governance model aligns with common cyber insurance underwriting standards and risk management expectations, including:

• Documented Incident Response Plan
• Vulnerability Management Procedures
• Security Awareness Training
• Vendor Risk Management Oversight
• Security Event Logging and Retention Policies
• Backup Validation Testing and Recovery Procedures
• Segregation of Production and Non-Production Environments

Compliance materials and supporting documentation are available under NDA.

Backup & Disaster Recovery

We implement a layered and validated backup strategy:

• Encrypted, multi-layer backup architecture
• Segregated backup environments
• Periodic recovery testing and validation
• Defined Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) available under NDA

Our recovery framework is structured to preserve financial data integrity and minimize operational downtime.

Data Ownership & Dealer Rights

Dealerships retain full ownership of their data at all times.

Upon written request:

• Structured data exports are provided
• Secure transfer methods are utilized

Upon service termination:

• Production data is removed pursuant to retention policy
• Backup data is purged according to documented schedules
• Deletion certification is available upon request

MyDealerKPI does not claim ownership of dealership data.

Governance Commitment

Our security and governance framework is designed to meet the expectations of:

• Dealer Principals
• CFOs & Controllers
• IT Directors
• DMS Compliance Teams
• Cyber Insurance Carriers

MyDealerKPI is built around financial accuracy, operational stability, and regulatory responsibility—ensuring dealership data remains protected, governed, and continuously accessible.