Security
Your dealership data is our responsibility.
Carvio handles your inventory, customers, deals, and conversations. We take that seriously. Here's how we protect it.
The short version
- All data encrypted in transit (TLS 1.2+)
- Hosted on established cloud infrastructure
- Role-based access — your team only sees what they need
- Automated backups through our cloud database provider
- Your data belongs to you — request a copy anytime
- Breach notification promptly and as required by law
How we protect your data
Security built into every layer
Encryption everywhere
All data is encrypted in transit using TLS 1.2+. Your customer records, deal data, and messages are protected between your browser and our servers.
Access controls
Role-based permissions ensure your team only sees what they need. Managers see everything. Salespeople see their leads. No one sees what they shouldn't.
Infrastructure
Carvio runs on established cloud infrastructure — the same class of providers trusted by modern SaaS platforms — with managed, automatically backed-up databases.
Automatic backups
Your data is backed up automatically by our cloud database provider, so it can be restored if something goes wrong. No manual backups to manage.
Secure payments
All payment processing is handled by Stripe, a PCI DSS Level 1 certified provider. We never store your credit card information on our servers.
Monitoring and response
Automated monitoring and alerting watch for errors, anomalies, and performance issues, so we can respond quickly when something needs attention.
Our commitments
What we promise about your data
Your data belongs to you
We never sell, share, or use your dealership data for anything other than providing the service. If you leave, your data leaves with you.
No data lock-in
Your records — inventory, customers, deals, messages — are yours. Request a copy and we'll provide it. No export fees, no proprietary lock-in.
Breach notification
In the unlikely event of a security breach affecting your data, we will notify you promptly and as required by applicable law, with details of what happened and what we're doing about it.
Security-minded development
We keep our dependencies up to date and review our code and infrastructure for security issues as part of how we build, so problems get caught early.
Questions about security?
We'll give you a straight answer.
Ask about data handling, infrastructure, compliance — anything. We typically respond within one business day.