Rooftop
Back to Rooftop

Data Processing Agreement

Last updated: June 2026

Roles

The dealership ("Customer") is the Controller of consumer personal data submitted to Rooftop through any module. Rooftop, Inc. ("Processor") processes the data solely on documented instructions from the Customer to deliver the Service.

Categories of data processed

  • Consumer identifiers (name, address, email, phone)
  • Vehicle data (VIN, condition, photos, ownership documents)
  • Transaction data (offer amount, addendum line items, signatures, timestamps)
  • Communication data (SMS / email content sent through the platform under the dealership's brand)
  • Service data (MPI photos and videos, customer e-approvals — AutoFilm only)

Marketing newsletter data

Newsletter subscribers (the "operator brief" signup in our footer) are stored in a separate newsletter_signups table, isolated from customer / consumer records. Newsletter emails are never sold, never shared with sub-processors beyond our email sender (Resend), and can be deleted independently of any commercial relationship.

Sub-processors

Rooftop uses a small set of vetted sub-processors: hosting (Cloudflare), database (Supabase / Postgres), object storage (Cloudflare R2), email (Resend), SMS (Twilio), and AI inference (OpenAI for vehicle text extraction; AutoFrame's image processing runs on Rooftop's own GPU infrastructure). Current list maintained in the Customer dashboard. 30-day notice for additions.

Security measures

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Role-based access control with row-level enforcement at the database
  • SOC 2 Type II in progress (target Q2)
  • Audit logs for all customer-data reads and writes
  • Annual penetration test by independent third party
  • Background-checked employees with least-privilege production access

Data subject rights

Rooftop will assist the Customer in responding to consumer requests for access, deletion, correction, or portability under applicable laws (CCPA, state privacy acts). The Customer-facing dashboard exposes one-click export and deletion for any consumer record.

Breach notification

Rooftop will notify the Customer of any confirmed personal-data breach within 72 hours, including known scope, mitigations taken, and recommended Customer next steps.

Cross-border transfers

All Customer and consumer data is stored in US data centers. International transfers are not made without prior Customer consent.

Term & deletion

On termination, Rooftop will delete or return all Customer data within 90 days, except records required to be retained under FTC / state record-keeping rules (audit trails: 7 years).

Contact & signature

Email ken@ken.cc to receive a signed countersigned copy of this DPA on Rooftop letterhead for your dealership's compliance file.