Login
Request a Demo

LOTLINX PRIVACY POLICY

 

Last Updated: December 29, 2025

1. Introduction & Scope

Lotlinx provides digital marketing, inventory optimization, analytics and AI-enabled decisioning tools used by automotive dealers, OEMs, agencies and in-market automotive shoppers. This Privacy Policy explains how we collect, use, disclose and protect Personal Information across our websites, dealer-integrated products and data-powered services.

This Policy applies to:

  • Visitors to Lotlinx websites or Lotlinx-managed landing pages
  • Consumers and automotive shoppers who interact with dealer inventory, advertisements or websites where a dealer has installed Lotlinx tags, pixels or integrations
  • Dealers, OEMs and business customers who use Lotlinx products and services, including their authorized agencies and users
  • Partners and service providers that support analytics, identity resolution, enrichment or advertising services
  • Job applicants applying for roles with Lotlinx

Lotlinx may act as either a Controller (for information we collect directly through Lotlinx-owned websites or properties) or a Service Provider / Processor (when processing Customer-supplied data under agreement with the applicable Customer). These roles are explained throughout this Policy.

Across all activities, Lotlinx follows four core principles: transparency, purpose limitation, data minimization and safeguarding personal information.

By using Lotlinx websites or interacting with Lotlinx-enabled dealer experiences, you acknowledge that you have reviewed this Privacy Policy. If you have any questions, please contact us [HYPERLINK to privacy@lotlinx.com].

2. Definitions

 

“Aggregated Data” Data combined into statistical or summary form that cannot identify any individual.

“AI Inputs” Prompts, text or data (including CRM and Interaction Data) submitted by a Customer or collected through Customer-authorized integrations for use in machine-learning systems.

“Customer” A dealer, dealer group, OEM, agency or other business that contracts with Lotlinx for products or services and controls the purposes for which Customer Data or CRM Data is processed.

“Customer Data” Inventory data, CRM records, attribution information or other data provided by—or collected for—a Customer under its agreement with Lotlinx.

“Controller” An entity that decides why and how Personal Information is processed.

“CRM Data” Lead and customer records stored in a Customer’s CRM system, including contact, communication, purchase and service information, as provided to Lotlinx or processed through Customer-authorized integrations and solely as permitted under the applicable agreement between Customer and Lotlinx.

“CRM Enrichment Data” CRM Data that a Customer provides that Lotlinx enhances using approved third-party attributes and returns to the Customer under its instructions.

“De-identified Data” Information that cannot reasonably be linked to an individual and is protected by safeguards against re-identification.

“DMP Data” Audience segments, behavioral classifications or marketing attributes supplied by a Customer through its data-management platform (DMP) or customer-data platform (CDP), and used by Lotlinx solely to support campaign activation, targeting, measurement or other purposes authorized under an agreement with the respective Customer.

“DMS Data” Vehicle inventory, sales, service and transaction-related data maintained in a Customer’s dealer management system and made available to Lotlinx by the Customer solely to support reporting, attribution, inventory analytics and other Services expressly authorized under an agreement with the respective Customer. DMS Data does not include payment card data, government identifiers or financing credentials unless expressly authorized in writing.

“Interaction Data” Behavioral signals collected through Customer-authorized Tags or Pixels, including page views, clicks, VIN-level activity, scroll behavior, referral paths and engagement metrics.

“Inferences” Predictions or insights generated from Personal Information or Interaction Data, such as shopper intent or potential vehicle interest.

“Tags or Pixels” Code-based tracking technologies and related functional elements, such as tags, scripts and pixels, deployed on a Customer’s website through tag management systems or integrations. Lotlinx deploys or manages these elements solely as a Service Provider, under agreement and at the Customer’s direction, to collect Interaction Data and to support analytics, optimization and Customer-authorized marketing services.

“Personal Information” Information that identifies or can reasonably be linked to an individual.

“Service Provider / Processor” The role Lotlinx plays when processing Personal Information solely on behalf of and at the direction of a Customer, pursuant to a written agreement and/or documented instructions, which may include written, electronic or verbally initiated instructions that are subsequently confirmed or memorialized in writing, and only for the purposes authorized by the Customer and permitted under applicable law.

“Sale or Sharing” Selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s Personal Information by the business acting as a Controller to a third party for monetary or other valuable consideration, under applicable law.

“Sensitive Personal Information” Categories defined by law, including precise geolocation, account access data or highly personal behavioral signals.

“Sub-Processor” A third-party service provider engaged by Lotlinx to process information on Lotlinx’s or a Customer’s behalf and only under Lotlinx’s written instruction.

“Third-Party Data” Data provided by external partners that may be combined with Customer Data for analytics or enrichment purposes.

“Unique Identifiers” Persistent identifiers such as hashed emails, cookie IDs, device IDs.

  1. How We Collect and Use Data

Lotlinx collects information in a few ways. We receive data you provide directly, information collected automatically through cookies and similar technologies on Lotlinx-owned pages, and data supplied by Customers or collected through Customer-authorized integrations. 

Lotlinx acts as a Controller only when we collect information on Lotlinx-owned websites, Lotlinx-managed landing pages, Lotlinx support channels or through our own analytics and product improvement activities that use aggregated or de-identified data. Lotlinx acts as a Service Provider when we process Customer-supplied CRM data, DMS data, inventory data or Interaction Data collected through Customer-installed tags or pixels, and we process that data only under the Customer’s instructions. Lotlinx may use Sub-Processors to process information on Lotlinx’s or a Customer’s behalf.

This Section 3 describes the data Lotlinx collects as a Controller, the data it processes as a Service Provider under Customer instructions and the role of Sub-Processors in supporting those activities.

  • Data We Collect Directly from You as a Controller 

We collect information that you voluntarily provide when you visit our website, such as:

  • Contact information when you request a demo, download materials or communicate with us
  • Business account details from dealers, dealer groups, OEMs or agencies setting up or managing Lotlinx products
  • Communications sent to our support or product teams
  • Your engagement with any online chat or support features
  • Job applicant information submitted to us

 

We use this information to respond to requests, support the services we offer, communicate about updates and manage business relationships.  

3.2 Data We Collect Indirectly from You as a Controller

We collect certain information automatically when you visit Lotlinx websites or interact with Lotlinx-managed pages or online services.  This Section 3.2 outlines the information that we collect indirectly from you as a Controller.

3.2.1 Cookies and Similar Technologies

We use cookies, pixels and similar technologies to understand how our websites and digital campaigns perform. These technologies help us measure traffic, personalize experiences and improve our site.

  • Interaction Data

When you interact with Lotlinx websites, Lotlinx-managed landing pages or Lotlinx-managed digital advertisements, we may collect certain Interaction Data, such as: 

  • Page views and browsing paths 
  • Clicks on ads, links or navigational elements
  • Referral sources showing how you arrived at our site
  • Time spent on site, scroll behavior, dwell time and engagement patterns 
  • Device type, browser information and IP address
  • Hashed identifiers used for analytics or attribution

We use this information to understand how visitors use our pages, measure performance and improve the relevance and effectiveness of our content. For this data, we act as a Controller. 

3.2.3 Log and Device Data

Log and device data is technical information automatically generated when you access Lotlinx websites or services, such as IP address, browser type, device identifiers, operating system details, error logs, performance metrics and similar system-level information.

We use this information to maintain security, troubleshoot issues and improve reliability.  Lotlinx collects only approximate location information based on IP address to support fraud detection and performance measurement. We do not collect or use precise geolocation unless we are acting as a Service Provider on behalf of a Customer.

3.3 Data We Collect Through Customer-Authorized Integrations as a Service Provider

Lotlinx processes Customer Data that is provided directly by Customers or collected on their behalf through authorized integrations as a Service Provider. This may include inventory feeds, CRM Data, DMS Data, DMP segments, Interaction Data, sales and attribution records and data supplied through Customer-approved third-party integrations. 

In this role, Lotlinx uses Customer Data to operate and support the services contracted by each Customer. Lotlinx may also generate aggregated or de-identified analytics from Customer Data and Customer-authorized or de-identified measurement signals. These non-identifiable outputs may be used solely in de-identified or aggregated form to maintain and improve Lotlinx’s anonymized datasets, which support model accuracy and overall platform performance and do not identify any individual consumer or Customer.

This Section 3.3 provides further detail about specific processing activities—including CRM enrichment, machine-learning uses, Interaction Data collection and the handling of third-party data.

3.3.1 Use of CRM Enrichment Data

When Customers provide CRM Data for enrichment, Lotlinx may enhance records that are incomplete by appending Customer-authorized third-party attributes to create CRM Enrichment Data. Depending on the configuration of the Customer’s services and documented instructions, enriched records may be returned to or reinjected into the Customer’s CRM system, including where such records are matched to de-anonymized website traffic associated with that Customer. At present, CRM Enrichment Data is returned to the Customer’s CRM only when such a match occurs.

3.3.2 AI and Machine-Learning Use

Lotlinx uses machine learning to improve recommendations and platform performance. Lotlinx uses only aggregated or de-identified analytics and Customer-authorized AI Inputs to train and improve machine-learning systems. These models help generate recommendations about marketing performance, inventory demand, audience targeting and ad spend. 

When Customer Data is processed in identifiable form for artificial intelligence or machine-learning–related activities, Lotlinx acts solely as a Service Provider and does not use identifiable Customer Data to train models that benefit other Customers.

Only after such data has been aggregated or de-identified such that it cannot reasonably identify a consumer or Customer may Lotlinx use that non-identifiable information to inform model accuracy or platform performance in which case Lotlinx acts as a Controller of that non-identifiable information, consistent with Sections 4.2 and 4.3.   

3.3.3 Interaction Data Collected Through Customer Websites

When a Customer installs Tags or Pixels—including Lotlinx-issued Google tags—on their website, Lotlinx may collect Interaction Data under that Customer’s instructions. This Interaction Data may include:

  • Page views and browsing paths
  • Clicks on inventory units, ads or referral links
  • VIN-level activity and vehicle detail page interactions
  • Scroll behavior, dwell time and engagement patterns on inventory units, ads or Customer websites
  • Device type, browser information and IP address
  • Hashed identifiers used for analytics or attribution

When Tags or Pixels are installed on a Customer’s website, we collect behavioral data such as pages viewed, referral paths and VIN-level engagement to measure performance and support the Customer’s marketing activities. We do not use this data to track a person across unrelated websites or for Lotlinx marketing. Rather, we use this Interaction Data to measure performance, improve relevance, understand shopper behavior and support features to the benefit of an individual Customer under contract. In this context, Lotlinx acts solely as a Service Provider and does not use this data to identify individuals across Customers.

Interaction Data from Customer websites may also contribute to aggregated or de-identified insights used to strengthen Lotlinx’s anonymized dataset, consistent with Section 4.2, and subject to safeguards preventing re-identification.

  •  Data We Receive from Third Parties   

This Section 3.4 outlines how we use data received from third parties.  We may receive information about vehicles, audiences or campaign performance from authorized third-party sources. These sources may include:

  • Identity and data enrichment partners that help match or supplement Customer Data under instruction with such Customer
  • Analytics or measurement providers that support campaign reporting and attribution
  • OEM program partners that supply inventory, performance or attribution data
  • Marketplace or inventory platforms that provide vehicle data or activity signals
  • Ad networks or media partners that deliver impression, click or placement information

We use this information to:

  • Improve the accuracy of Customer Data in accordance as a Service Provider
  • Enhance reporting and campaign measurement
  • Support attribution and inventory insights using Customer Data and aggregated analytics that do not identify any individual or Customer
  • Enable features such as CRM Enrichment Data as a Service Provider
  • Contribute to aggregated or de-identified insights that strengthen our dataset

Any information we receive from third parties is used only in the manner allowed by our agreements with each Customer. When the information includes Personal Information supplied by or on behalf of a Customer, Lotlinx processes it as a Service Provider. When the information is provided to Lotlinx directly by third parties for Lotlinx’s own analytics or product improvement and does not identify individuals, Lotlinx may act as a Controller of that data.

  •  How We Use the Data We Collect

This Section 3.5 provides additional detail about how we use the information collected across our products and services.

3.5.1 To Provide and Improve Lotlinx Products and Services

We use Customer Data, Interaction Data and aggregated or de-identified analytics to deliver and improve our products. This includes using information to:

  • Run campaigns and deliver VIN-level advertising recommendations
  • Optimize performance using behavioral signals collected through Customer-authorized integrations
  • Provide reporting, attribution and inventory insights
  • Maintain, secure and improve our websites, tools and platform features
  • Detect, prevent and investigate fraud or misuse

When processing Customer Data or Interaction Data collected through Customer-authorized integrations, Lotlinx acts as a Service Provider.

When using aggregated or de-identified analytics to improve the quality, accuracy or performance of our products, Lotlinx acts as a Controller of that non-identifiable information.

3.5.2 To Process Customer Data Under instructions

Lotlinx processes Customer Data — including CRM, DMS Data, DMP, attribution and sales records — as a Service Provider and only as permitted under the Customer’s written agreement and documented instructions. We use this information to:

  • Activate and manage campaigns
  • Support inventory distribution and syndication
  • Measure performance and attribution
  • Generate Customer-specific reporting and insights
  • Provide customer support and operational services

With the Customer’s permission, Lotlinx may use Tags or Pixels on the Customer’s website to collect Interaction Data, support Customer-authorized enrichments of CRM Data and/or help run and measure the Customer’s marketing and advertising efforts.

Lotlinx honors each consent, opt-out or preference signals supplied or collected by the Customer, and processes these signals solely as instructed.

For all such activity, Lotlinx acts only as a Service Provider, does not determine independent purposes for the data and does not use Customer Data to identify individuals across Customers or for any purpose outside the Customer’s agreement.

3.5.3 To Support CRM Enrichment and Authorized Data Enhancements

When a Customer provides CRM Data for enrichment or verification, Lotlinx may combine that information with Customer-authorized third-party attributes to create CRM Enrichment Data. We use this information to:

  • Improve the accuracy or completeness of Customer CRM records
  • Support attribution, follow-up actions and lead management
  • Reintegrate enhanced records into the Customer’s CRM system

Lotlinx processes CRM Data and CRM Enrichment Data solely under the Customer’s instructions. We do not use CRM Data to support any cross-Customer insights, marketing or profiling.  

3.5.4 To Train and Improve Machine-Learning Models

Lotlinx uses aggregated or de-identified analytics, as well as Customer-authorized AI Inputs, to train and improve machine-learning systems. These models help:

  • Provide inventory, audience and marketing recommendations
  • Support campaign optimization
  • Generate performance insights
  • Improve the accuracy and relevance of platform features

Lotlinx may use these models to generate predictive insights, including recommended inventory units, buyer–vehicle matching signals and campaign strategies likely to align with a shopper’s demonstrated interests. These automated outputs are designed to support dealer decision-making but do not replace human judgment. Lotlinx maintains internal governance practices to ensure its models operate as intended, are tested for accuracy and are not used in ways that conflict with Customer agreements or applicable law. Customers may then use these model outputs to tailor which inventory units, marketing messages or campaign strategies are presented to particular shoppers or audience segments, consistent with the Customer’s authorized use of Lotlinx products and applicable privacy requirements.

Lotlinx does not use identifiable Customer Data to train models that would benefit other Customers, build profiles across Customers or support Lotlinx marketing. Lotlinx does not attempt to re-identify aggregated or de-identified information to benefit other Customers, build profiles across Customers or support Lotlinx marketing. 

When using aggregated or de-identified information that cannot identify a consumer or Customer, Lotlinx acts as a Controller of that non-identifiable data.

3.5.5 To Support Security, Compliance and Safety

We use certain information to protect the integrity of our platform, maintain compliance and ensure the security of Customer Data. This includes:

  • Detecting, preventing and investigating fraud, misuse or unauthorized access
  • Maintaining system reliability and performance
  • Monitoring for security threats or vulnerabilities
  • Meeting legal, regulatory or audit requirements

When this information includes Customer Data or Interaction Data collected through Customer-authorized integrations, Lotlinx processes it as a Service Provider.

When we use system-level logs or aggregated security data that cannot identify a consumer or Customer, Lotlinx acts as a Controller of that non-identifiable information.  

3.5.6 To Communicate With You

We may use contact information you provide directly to Lotlinx to:

  • Respond to questions and support requests
  • Send updates about platform features or changes
  • Share information about events, resources or product news

You may opt out of non-essential communications at any time.

For all direct communications, Lotlinx acts as a Controller of the information you provide.  

3.5.7 How We Do Not Use Data

To provide additional clarity and transparency, we also explain how we do not use information:

  • We do not sell or share CRM Data or Customer Data
  • We do not use identifiable Customer Data to build cross-Customer profiles or benchmarks
  • We do not use Client Data or Interaction Data collected through Client-authorized integrations to market or advertise Lotlinx products or services.
  • We do not use precise geolocation unless we are acting as a Service Provider 
  • We do not use data in ways that conflict with applicable Customer agreements
  • We do not attempt to re-identify aggregated or de-identified data

These commitments help ensure that Lotlinx processes information responsibly, maintains Customer trust and remains aligned with applicable privacy laws.

3.6 Processing by Partners Acting Under Customer Instructions

Lotlinx may engage certain third-party partners to support services such as enrichment, identity resolution or technology integrations requested or authorized by a Customer. These activities occur solely under the Customer’s written agreement and documented instructions, and Lotlinx does not determine independent purposes for this processing.

All such partners act as service providers or Sub-Processors, and are bound by written agreements that:

  • Limit their use of data to the specific services requested by the Customer
  • Prohibit re-identification or combining Lotlinx-processed data with unrelated datasets or any attempt to reverse aggregation or de-identification  
  • Restrict any secondary use, sale or sharing of the information
  • Require appropriate security, confidentiality and compliance safeguards in accordance with applicable laws

Lotlinx exercises reasonable oversight to ensure that Sub-Processors process information only as permitted under their agreements and the applicable Customer instructions, and maintain safeguards consistent with applicable privacy laws.  

4. Data Disclosures – How We Share Data

Lotlinx discloses information only in the circumstances described in Section 4 below. How we disclose data differs depending on whether we are acting as a Controller or a Service Provider / Processor.  

4.1 Disclosures When Lotlinx Acts as a Controller

Lotlinx acts as a Controller only for information we collect directly through Lotlinx-owned websites and services, such as website usage data, demo inquiries, communications, job applications and platform security data. We may disclose this information to support the functions described below.

4.1.1 Sub-Processors or Service Providers Supporting Lotlinx Operations

We may disclose information to service providers who are under contract with Lotlinx to perform operations including website hosting, analytics, security, customer support, HR systems and cloud infrastructure. These partners are contractually restricted from using the information for their own purposes.

4.1.2 Marketing, Analytics and Measurement Partners

We may disclose Controller-collected data (such as website analytics or campaign performance signals) to partners that help us:

  • Analyze site performance
  • Understand marketing effectiveness
  • Improve user experience

 

4.1.3 Legal, Compliance and Security Disclosures

We may disclose data that we collect as a Controller to comply with law, protect our rights, investigate misuse, or respond to lawful requests.

4.1.4 Disclosures With Your Consent

We may disclose data that we collect as a Controller for additional purposes that you authorize.  

4.2 Disclosures When Lotlinx Acts as a Service Provider / Processor

This Section 4.2 describes how Lotlinx discloses data as a Service Provider.  Lotlinx acts as a Service Provider or Processor when handling Customer Data, CRM Data, DMS Data, Interaction Data or CRM Enrichment Data under the Customer’s instructions. In these cases, the Customer—not Lotlinx—determines the purposes of processing. This section applies only when a Customer directs Lotlinx, through a valid agreement and documented instruction, to process or disclose data on its behalf. 

Moreover, as described in further detail below, if a Customer authorizes it, Lotlinx may match website visitor activity to a record in that Customer’s CRM system to help the Customer confirm interest or update its records. This matching is performed solely for that Customer and is never used for cross-Customer purposes, profiling or to contribute identifiable information to Lotlinx’s datasets.

4.2.1 Disclosures to Sub-Processors Supporting Dealer or OEM Services

At the Customer’s direction, Lotlinx may disclose Customer Data or Interaction Data to partners who support:

  • Campaign activation and measurement
  • CRM Enrichment
  • Identity matching
  • Attribution and reporting
  • Fraud detection
  • Secure data storage and compute services

These partners act as Sub-Processors and are contractually required to:

  • Use data only as instructed by Lotlinx or the Customer
  • Maintain appropriate safeguards
  • Not re-identify, attempt to re-identify or otherwise link de-identified or aggregated information to an individual
  • Not sell, share or use the information for their own independent purposes
  • Restrict secondary use and prevent combining the data with unrelated sources
  • Comply with applicable privacy and data protection 

Lotlinx exercises reasonable oversight to ensure Sub-Processors follow these requirements.

Additionally, when we create aggregated or de-identified analytics, we apply technical and administrative steps designed to prevent the information from identifying any person. These steps can include hashing, removing identifiers, combining information into larger groups and testing whether any dataset could reasonably be re-identified. 

4.2.2 Disclosures to Data Enrichment or Identity Resolution Partners

At a Customer’s instruction, Lotlinx may disclose CRM Data or Customer Data to enrichment or identity partners for:

  • Record matching
  • Contact verification
  • Appending attributes expressly authorized by the Customer and supported by the applicable Lotlinx product features
  • Returning enhanced data to the Customer’s CRM

Enhanced or enriched records — including appended attributes, corrected identifiers, match results or updated data elements derived from the Customer’s original Personal Information or CRM Data — are returned only to the same Customer that supplied the underlying information. These enhanced records, and any Personal Information contained in them, are never shared, disclosed, pooled or made available to any other Customer, partner or third party for their own use.

Under a Customer’s instructions, Lotlinx may determine when a website visitor corresponds to a lead or customer record in that Customer’s CRM Data. In these cases, Lotlinx may re-identify that visitor solely to return an updated or enriched record to the same Customer. Lotlinx does not use any re-identified information for cross-Customer purposes, marketing, profiling or to contribute identifiable information to Lotlinx’s anonymized dataset; only aggregated or de-identified outputs may be used for system-level improvement under strict safeguards. 

All enrichment and identity partners act as Sub-Processors and are contractually prohibited from:

  • Re-identifying or attempting to re-identify any information
  • Selling, sharing or using the information for their own purposes
  • Combining enriched information with unrelated datasets 
  • Or using the information for advertising, profiling or any secondary purpose

4.2.3 Disclosures to Advertising, Media and Analytics Platforms. 

At a Customer’s instruction, Lotlinx may disclose hashed identifiers, VIN-level engagement signals or Customer-authorized CRM Data to third-party advertising or analytics platforms to enable:

  • Audience matching or suppression
  • Look-alike modeling
  • Retargeting
  • Cross-platform campaign delivery
  • Attribution and performance measurement

Examples include Google, Meta, Amazon Ads, DSPs, CTV/OTT platforms and similar systems using APIs, pixel integrations or conversion APIs. 

At a Customer’s instruction, we may send hashed identifiers, VIN engagement signals or campaign-performance metrics to advertising or analytics partners such as Google, Meta or Amazon Ads to support campaign delivery, suppression or measurement. These partners receive only the limited information needed to provide the requested service. Customers are responsible, under both their agreements with Lotlinx and applicable privacy laws, for obtaining any required consents or providing the appropriate opt-outs to consumers. Lotlinx does not disclose Customer Data or CRM Data for Lotlinx marketing.  

4.2.4 Disclosures to AI Hosting and Cloud Compute Providers

Lotlinx may disclose the following to cloud infrastructure or machine-learning platforms that support Lotlinx Services:

  • Customer-authorized AI Inputs
  • De-identified information
  • Aggregated analytics or model outputs

These cloud and ML environments may be used to support:

  • Model hosting and evaluation
  • Predictive scoring
  • Syndication and optimization recommendations
  • Secure data storage and compute operations
  • Identity resolution logic authorized by the Customer

These partners act solely as Sub-Processors, not independent Controllers. They may process information only as instructed by Lotlinx and/or the Customer under a valid written agreement and instruction. They must maintain appropriate security safeguards and are contractually prohibited from re-identifying the information, selling or sharing it, combining it with unrelated datasets or using it for any purpose other than providing services to Lotlinx.

Unified Master-Dataset Use (applies to Sections 4.2.2–4.2.4)

Across these processing activities, Lotlinx may receive or generate aggregated, de-identified or pseudonymized analytics. Lotlinx uses only these non-identifiable outputs to maintain data quality, evaluate demand patterns, refine predictive models and strengthen Lotlinx’s aggregated, anonymized dataset. These analytics do not contain Personal Information, cannot reasonably be linked to any consumer or Customer and are protected by contractual, technical and organizational safeguards that prohibit re-identification.

4.2.5 Legal, Compliance and Safety Disclosures (Customer-Related Data)

We may disclose information when required by law, subject to informing the Customer when legally permissible.

4.2.6 No Independent Use

When Lotlinx acts as a Service Provider, Lotlinx does not:

  • Sell or share Customer Data
  • Use Customer Data for Lotlinx marketing
  • Build cross-Customer consumer profiles
  • Use Customer Data for any purpose not authorized by the Customer
  • Disclose precise geolocation without written Customer authorization
  • Allow re-identification of de-identified data

4.3 Summary of Roles

  • Controller Disclosures: Apply only to information Lotlinx collects for its own business purposes.
  • Service Provider Disclosures: Apply only to Customer Data processed under instructions.

5. Protection of Personal Data, Data Retention and Minimization

Lotlinx uses administrative, technical and organizational safeguards designed to protect Personal Information, Customer Data and CRM Data against unauthorized access, loss or misuse. These measures reflect the sensitivity of the data we process and the roles in which we process it.

Lotlinx limits access to Personal Information to personnel and service providers who require it to perform their job duties, and who are bound by contractual confidentiality obligations. Data transmitted between systems is protected using industry-standard encryption. Our platform and supporting infrastructure follow established security, change-management and risk-assessment practices appropriate to the nature of the Services.

We retain Personal Information only for as long as necessary to provide the Services, to meet legal obligations, to resolve disputes or as otherwise permitted under Customer agreements. Customer Data, CRM Data and Interaction Data processed as a Service Provider are retained, deleted or returned in accordance with the Customer’s instructions and applicable law. Aggregated or de-identified information that cannot reasonably be linked to an individual or Customer may be retained to support analytics, model improvement and system performance.

Lotlinx applies data-minimization principles across its Services and collects, processes and discloses only the information reasonably necessary to provide the Services or to meet legal or security requirements.

6. Consumer Rights Under State Privacy Laws

This Section 6 outlines data rights that may be available to you. Certain state privacy laws—such as those in California, Colorado, Connecticut, Virginia and other jurisdictions—give consumers specific rights regarding their Personal Information. Lotlinx extends these rights to all U.S. consumers, regardless of residency, in accordance with our role in processing the information.

Because Lotlinx processes different categories of information in different roles, the rights described in this section apply only to the data for which Lotlinx acts as a Controller. 

When Lotlinx processes Personal Information as a Service Provider or Processor—including CRM Data, Customer Data or Interaction Data collected through Customer-authorized integrations—Lotlinx acts solely under the Customer’s instructions. In those cases, consumer rights are governed by the dealer’s or OEM’s own privacy policy, and any requests relating to that information must be directed to the applicable Customer. Lotlinx will assist the Customer in fulfilling such requests when required by law but cannot modify or expand the rights that a Customer provides to its consumers under its own policies.  

6.1.1 Right to Access

You may request access to the Personal Information Lotlinx processes as a Controller.

6.1.2 Right to Deletion

You may request deletion of Personal Information Lotlinx processes as a Controller, subject to legal exceptions.

6.1.3 Right to Correction

You may request correction of inaccurate Personal Information Lotlinx maintains as a Controller.

6.1.4 Right to Data Portability

You may request a portable copy of certain Personal Information Lotlinx processes as a Controller. This right does not apply to aggregated or de-identified data.

6.1.5 Right to Opt-Out of Certain Processing

You may request that Lotlinx not use Controller-collected information for:

  • Targeted advertising
  • Profiling with significant effects
  • Sales or “sharing” as defined by applicable law

Lotlinx does not sell or share CRM Data or Customer Data and does not use such information for Lotlinx marketing.

6.1.6 Right to Limit Use of Sensitive Personal Information

If applicable, you may limit the use of Sensitive Personal Information. Lotlinx does not use Sensitive Personal Information for purposes beyond delivering and improving our Services.

6.2 How to Submit a Privacy Request

You may submit a privacy request by emailing us at privacy@lotlinx.com [MAIL-TO HYPERLINK] or by using our online request form at lotlinx.com/privacy-request.

To protect your information, we will verify your identity before completing a request. Verification may include confirming your email address, requesting additional details or matching limited information against what we maintain.

We will respond within the timeframes required by applicable privacy laws.  

6.3 Requests That Must Be Directed to a Dealer or OEM Customer

If your information was collected through a dealer website using Tags or Pixels, your request must be directed to that dealer. Lotlinx will help the dealer respond as required by law and will assist in locating and returning any relevant data associated with your request. 

Additionally, if your information was collected by a dealer, OEM or agency—including:

  • CRM entries
  • Lead or customer records
  • Data from visits to a Customer’s website collected through Lotlinx tags, pixels or integrations
  • Customer Data or Interaction Data processed under Customer instructions

Then your rights are governed by that Customer’s privacy policy, and the request must be submitted directly to the Customer. Lotlinx cannot independently access, modify or delete such information, but will assist the Customer when required by law.

6.4 De-Identified and Aggregated Data

The rights described in this section do not apply to:

  • De-identified information
  • Aggregated analytics
  • Data that cannot reasonably be linked to an identifiable consumer or household

Lotlinx maintains technical, contractual and administrative controls to prevent re-identification of such information.  

6.5 Appeals Process

If your request is denied, you may submit an appeal using the instructions included in our response. Lotlinx will review the appeal and respond within the timeframes required by applicable law.  

6.6 Authorized Agents

Where permitted by law, you may designate an authorized agent to submit certain requests on your behalf. Lotlinx may require verification of both your identity and the agent’s authorization before fulfilling such requests.

7. Vendor and Transfer Disclosures

Lotlinx works with a limited number of Sub-Processors to support the functionality, security and delivery of Lotlinx products. These partners assist with services such as cloud hosting, analytics, enrichment, identity resolution, campaign activation, secure data storage and platform operations.

All vendors that may process Personal Information on behalf of Lotlinx or a Customer are bound by written agreements that:

  • Limit their processing to the specific services Lotlinx or the Customer has authorized
  • Prohibit any secondary use, sale, sharing or re-identification of the information
  • Require appropriate administrative, technical and organizational safeguards
  • Restrict further disclosure unless permitted under contract and applicable law

Lotlinx conducts reasonable diligence and oversight of vendors supporting its Services. Vendors may process information only as instructed by Lotlinx and/or the applicable Customer.

Lotlinx does not transfer Personal Information outside the United States or Canada, and Lotlinx does not collect Personal Information from individuals located outside the United States or Canada.

This section applies in addition to the disclosure and processing details outlined in Section 4.  

8. Data Governance, Security and Oversight

This Section 8 describes the internal processes and safeguards that Lotlinx maintains to ensure that Personal Information is handled responsibly, securely and in accordance with applicable law.

8.1 Governance and Risk Management

Lotlinx maintains internal policies and procedures that govern how data is accessed, stored, processed and retained. These include controls for vendor management, access management, change management, risk assessment and incident response.

8.2 Security Safeguards

Lotlinx uses a combination of administrative, technical and physical safeguards appropriate to the nature and sensitivity of the information processed. These safeguards include encryption during transmission, access controls based on business need, monitoring for unauthorized activity and secure hosting environments managed by reputable cloud providers. We review and test our systems on a regular basis to help protect information.

8.3 Oversight of Sub-Processors

Partners who process information on Lotlinx’s behalf must agree to contractual restrictions requiring them to use information only as instructed, maintain appropriate safeguards and prohibit re-identification or secondary use. Lotlinx maintains reasonable oversight of these partners.

8.4 Product and Feature Review

New or materially updated features—including product or service updates or enhancements updates, machine-learning engines, CRM Enrichment capabilities, or any feature involving new data flows—undergo documented data-protection and privacy reviews prior to launch. These reviews evaluate whether the feature aligns with applicable privacy laws, Customer agreements and Lotlinx’s role as a Controller or Service Provider.

8.5 Access and Accountability

Access to Personal Information is limited to personnel with a legitimate business need. Lotlinx provides internal training on data protection requirements and maintains processes to oversee compliance with its policies and obligations.  

9. Cookies and Tracking Technologies

Lotlinx uses cookies, pixels and similar technologies to support the operation of our websites and to help our Customers measure the performance of their marketing activities. These technologies fall into two categories:

9.1 Tracking on Lotlinx Websites 

When you visit a Lotlinx-owned website, we may use cookies and similar tools to:

  • Maintain site functionality
  • Understand how visitors use our pages
  • Measure traffic and performance
  • Improve the relevance and effectiveness of our content

We may use analytics services to help us understand aggregate usage patterns. These technologies do not track activity across unrelated websites unless you have separately consented through your browser or platform settings. Lotlinx acts as a Controller for these tracking tools.

You may control cookies through your browser settings. Disabling certain cookies may affect the functionality of the site.  

9.2 Tracking on Customer Websites Through Customer-Authorized Tags

Customers may authorize Lotlinx to deploy, manage or support the installation of Tags or Pixels on their own websites. When this occurs, Lotlinx may collect Interaction Data described in Section 3.3 under the Customer’s documented instructions. This may include:

  • VIN-level engagement signals
  • Page views and browsing paths
  • Clicks on inventory units or referral links
  • Device and browser information
  • Hashed identifiers used for attribution

When Tags or Pixels are used on a Customer’s website, the Customer must disclose this in its own privacy notice or cookie banner. Lotlinx uses this information only to support services requested and authorized by the Customer such as campaign activation, measurement, optimization, syndicated inventory recommendations or CRM Enrichment. Lotlinx does not use this Customer-collected Interaction Data for Lotlinx marketing or to build profiles across Customers.

In this context, Lotlinx acts solely as a Service Provider.  

9.3 Third-Party Cookies and Integrations

Lotlinx websites and Customer-authorized integrations may use third-party technologies such as:

  • Analytics providers
  • Media platforms
  • Content delivery or hosting partners

These third parties may set their own cookies through their integrations. Their use of data is governed by their own privacy policies. Lotlinx does not control third-party technologies used by Customers on their independent websites.

9.4 Choices and Controls

You may manage cookies and tracking technologies through:

  • Your browser settings
  • Platform-specific opt-outs (Google, Meta, Amazon Ads and others)
  • Device-based privacy controls

For Customer websites, any choices regarding cookie banners, opt-outs or consent mechanisms are governed by the Customer’s own privacy policy, and Lotlinx will honor the Customer’s instructions regarding consent, opt-outs or preference signals. 

9.5 Do Not Sell or Share My Personal Information (All Users)

Lotlinx offers a “Do Not Sell or Share” option to all users.

When Lotlinx acts as a Controller, you may request that we limit the use of your information for activities that some laws define as selling or sharing. Lotlinx does not sell personal information in the ordinary sense.

When Lotlinx acts as a Service Provider / Processor, we process data only under the Customer’s instructions.

  • We do not sell or share Customer Data or CRM Data
  • Requests relating to Customer-collected information must be directed to the Customer
  • We support Customers in fulfilling such requests when required

How to Submit a “Do Not Sell or Share” Request:

If you wish to submit a request for the information Lotlinx controls directly, you may:

  • Complete our online request form: lotlinx.com/privacy-request
  • Email us at: privacy@lotlinx.com

Requests submitted to Lotlinx apply only to information Lotlinx controls directly. If a request involves information originally collected by a dealer, OEM or agency, we will direct you to the appropriate Customer.

10. Children’s Privacy

Our services are not intended for children under 16 and we do not knowingly collect their Personal Information. If we learn that information was collected from a child under 16 without required consent, we will delete it as required by law. If you believe a child has provided information to Lotlinx, please contact us using the information in Section 12.  

  1. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies or legal requirements. When we make material changes, we will post the updated policy on this page and adjust the “Last Updated” date at the top of the policy. We may also provide additional notice if required by law. Your continued use of the Lotlinx Services after changes are posted means you acknowledge the updated policy.  

  1. Contact Information

If you have questions about this Privacy Policy, our data practices or your privacy rights, you may contact us at:

Lotlinx, Inc.
Email: privacy@lotlinx.com [MAIL-TO HYPERLINK]
Address: 20 Grove Street, Suite 100, Peterborough, New Hampshire 03458, United States

For requests involving Customer Data, CRM Data or DMS Data, we may direct you to the applicable dealer, dealer group or OEM that originally collected the information, and we will support their response as required by law or contract.  

  1. Additional Disclosures for Residents of Certain States

Some state privacy laws, including those in California, Colorado, Connecticut, Virginia and other jurisdictions, require businesses to provide additional disclosures. Lotlinx extends these rights to all users as described in Sections 6 and 9.5. These disclosures clarify how Lotlinx processes data as a Controller and as a Service Provider, the types of information we collect and the rights available to consumers under state privacy laws.

Residents of states with specific statutory rights may contact us using the information in Section 12 to exercise their rights or submit a request through any web form that Lotlinx may make available for this purpose. Certain requests may require identity verification. Requests related to Customer Data must be directed to the applicable Customer.  

  1. Metrics, Reporting and Automated Decision-Making Disclosures (If Required by Law)

Where required by applicable state privacy laws, Lotlinx will provide information about:

  • The categories of Personal Information Lotlinx processed in the last 12 months
  • The categories of Personal Information Lotlinx disclosed for business purposes
  • High-level descriptions of automated decision-making or profiling logic used in Lotlinx recommendation engines

Lotlinx does not use automated decision-making to make legal, financial or similarly significant decisions about individuals. Predictive insights, inventory recommendations and marketing suggestions are intended to support dealer judgment and do not replace human decision-making. Additional information may be made available through compliance reports or documentation upon request where legally mandated.  

  1. Accessibility

Lotlinx is committed to making this Privacy Policy accessible. If you need this policy in an alternative format or require assistance to review the information, please contact us using the details in Section 12.   

  1. Summary of Personal Information Practices (California Disclosure)

The table below summarizes the Personal Information Lotlinx collects as a Controller, how we use it and whether it is disclosed, sold or shared under the CCPA/CPRA; information processed as a Service Provider is governed by each Customer’s own privacy policy.

Category of Personal Information Examples Purpose of Use Disclosure Sold or Shared?
Identifiers IP address, device identifiers, contact information you submit directly to Lotlinx Site functionality, analytics, responding to requests Service providers (analytics, hosting) No
Internet/Interaction Data Browsing paths, clicks, session data on Lotlinx owned websites Site operation, analytics, platform improvement Hosting and analytics providers No
Commercial Information Demos or service requests Responding to inquiries, requests and customer support Service providers supporting communications No
Geolocation (approximate) IP-derived region Fraud detection, localization Service providers No
Sensitive Personal Information Not intentionally collected by Lotlinx as a Controller N/A N/A No
Aggregated or De-Identified Data Analytics not reasonably linkable to an individual or Customer Improving model performance and product features May be shared in anonymized, de-identified or aggregated form N/A

Retention:

Lotlinx retains Personal Information only as long as needed to provide our Services, meet legal requirements or as otherwise permitted under Customer agreements. Customer Data and CRM Data are retained, returned or deleted in accordance with written Customer instructions.

Service Provider Processing:

When Lotlinx processes CRM Data, Customer Data or Interaction Data under a dealer, OEM or agency’s instructions, Lotlinx does not sell or share this data and acts solely as a Service Provider.

 

Youtube Linkedin X-twitter Facebook

Subscribe to our newsletter

Join the thousands of subscribers who receive guides and tips on improving dealership profitability

Copyright © Lotlinx Inc.

Login
Request a Demo