Enterprise-grade — audited by design.
Dealer data is regulated on both sides of the Atlantic — TCPA, GLBA, DPPA and FTC in the US; UK GDPR, DPA 2018 and PECR in the UK. Most vendors bolt compliance on after a complaint. CarConnective is engineered to the SOC 2 control set from the first line, with the controls and the evidence trail to prove every action — and our connected-vehicle data layer is independently certified to SOC 2 Type 2, ISO 27001 and ISO 27701.
Built for both sides of the Atlantic.
Every message, data read and deal is measured against the rules that actually apply to a franchise store — in the market it operates in. The same compliance engine maps cleanly from US statute to UK and EU regulation.
Consent, DNC and contactable-hours enforced on every outbound message.
A lawful basis, purpose limitation and full data-subject rights on every record — engineered in, not retrofitted.
Safeguards for non-public financial information across the deal.
Fair-value and good-outcome evidence on regulated motor finance — commission disclosure captured per deal, in line with the FCA's post-DCA expectations.
Vehicle title, odometer and history only — never owner PII.
Electronic-marketing consent, and screening against the Telephone Preference Service before any proactive call.
Advertising and UDAP checks on listings, pricing and disclosures.
Records of processing, DPIAs and an immutable evidence trail — the documentation an ICO enquiry asks for, already kept.
Vehicle data on certified infrastructure.
Our platform is engineered to the SOC 2 control set with its Type II audit underway. The connected-vehicle data layer beneath it goes a step further: it is already independently certified — the assurance a data-conscious UK or EU group expects before a single vehicle is ever connected.
Owner-consented, OAuth-gated access
LiveVehicle owners review and accept detailed permissions through an OAuth 2.0 consent flow before a single signal is read. No dealer credentials, no stored owner logins.
AES-256 at rest, TLS in transit
LiveEvery signal is encrypted with industry-standard AES-256 at rest and travels only over HTTPS — the same bar the most security-conscious data infrastructure holds.
ISO 27701 privacy management
LiveThe connected-vehicle layer is certified to ISO 27701 — a formal privacy information management system on top of ISO 27001 — exactly the assurance UK and EU buyers ask for.
Annual independent penetration testing
LiveThe vehicle data layer undergoes annual third-party penetration testing, and unused vehicle data is purged rather than retained — privacy by default.
Certifications shown for the connected-vehicle data layer reflect the independently audited infrastructure CarConnective reads vehicle signals through. They are distinct from CarConnective’s own platform program, whose honest, live status is the control matrix below.
Every control, and its honest status.
This mirrors our internal control matrix — the same source of truth behind the live posture view in the console. Status reflects reality: what's live, what's in progress, and what's documented and being enabled.
Codes like CC6.1are the official SOC 2 “Common Criteria” — the standardized control categories an auditor checks (CC6 = access & security · CC7 = monitoring · CC8 = change management · A1 = availability).
Access control & isolation
CC6.1 – CC6.2Row-level security is enabled on every table, and the app reaches data only through a server-only privileged key. The browser's public key can never touch dealer data.
Each dealer-owned system runs in its own dedicated database — physical isolation — behind a control plane that never stores a tenant's keys, so cross-tenant access is structurally impossible. Provisioning automation is the remaining step.
Role-based access control and periodic access reviews are wired in, and switch on as multi-user access is rolled out to a dealer group.
Encryption & data protection
CC6.6 – CC6.8TLS everywhere; AES-256 encryption at rest. Secrets live only in server-side environment values — never shipped in the browser bundle.
HSTS (two-year, preload), X-Content-Type-Options, X-Frame-Options: DENY, Referrer-Policy and Permissions-Policy are served on every route.
A data-classification and handling standard governs restricted data — SSN, credit, financials: encrypted, never logged, access-scoped and retention-bound.
Change management & monitoring
CC7.1 – CC8.1Every change flows through git → main → CI build → deploy, with scoped CI permissions and no direct edits to production.
Automated secret-scanning, infrastructure-as-code review and security advisories run on changes; findings are logged and remediated.
Application and agent-run logging is in place today; centralized monitoring, anomaly alerting and a formal incident-response runbook are next.
Governance & risk
CC1 – CC3, CC9Information-security, access-control, change-management, incident-response, vendor-management and BCP/DR policies are documented and version-controlled.
A STRIDE threat model runs against changes, and identified risks are tracked in the compliance log.
Every sub-processor is inventoried and reviewed against its own SOC 2 / security posture before it touches data.
Availability
A1.2Automated daily backups and point-in-time recovery are in place; a documented restore drill and RTO/RPO targets complete this control.
Every message, checked before it sends.
Nothing goes out that shouldn't. Consent, Do-Not-Call, quiet hours and one-to-one intent are enforced on every outbound message — with the provenance logged on each send, so the compliance story is captured as the work happens, not reconstructed later.
Prior express written consent
LiveA number only becomes dialable through recorded prior express (written) consent — captured with full provenance: source, timestamp and IP.
Real-time DNC suppression
LiveThe instant a caller opts out it is written to Do-Not-Call and checked before every outbound dial.
Contactable-hours guard
LiveProactive messages respect an 8am–9pm window in the contact's own timezone, per TCPA / CTIA guidance.
Immutable consent trail
LiveConsent, revocation and every contact append to a tamper-evident event log — the answer the moment an auditor asks.
The deal jacket that proves itself.
F&I is where the regulatory risk concentrates. Every product presented, every decision, every rate is written to an immutable deal jacket — so the evidence an examiner asks for already exists, per deal.
Immutable deal jacket
LiveEvery F&I product presented and every customer decision is written as an immutable event — your compliance evidence, captured automatically.
Rate-spread monitoring
LiveDealer rate spread is measured against the tier average and flagged the moment it drifts past 50 basis points.
Per-state rule checks
LiveEach deal is checked against per-state UDAP and FTC rules, with the required disclosures enforced.
OFAC screening
LiveAn OFAC record is captured on the deal, so sanctions screening is part of the evidence trail.
Aligned today. Certified next.
CarConnective is built tothe SOC 2 control set — the statuses above are the real state of the program, not marketing. That is not the same as a completed certification: SOC 2 Type II requires an independent auditor and a full observation period, which is underway. We'd rather show you the honest control matrix than a badge we haven't earned yet.
See the evidence, not just the claim.
Book a walkthrough and we'll take your team through the control matrix, the consent trail and the deal-jacket evidence — live, in the console.
